Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
25-11-2021 16:37
Static task
static1
Behavioral task
behavioral1
Sample
3bd.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3bd.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
3bd.dll
-
Size
451KB
-
MD5
25b53bbd30d0bfdf2d18f02b26ccf240
-
SHA1
c83b17ba53ed7a20779ddba6b7074406adb4ae25
-
SHA256
3bde6c38372122656048634c696a7036ca29fa62930853ef59e778f92b015bf2
-
SHA512
138ead30af34ced28e86318d8d5f78b846bd27ae4892fcac3fc3e69e72ea5f926d89c745525b763b3463c72c42173cf1d5fc58976be263a6349f92666603fee8
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1648-57-0x0000000180001000-0x0000000180019000-memory.dmp BazarLoaderVar6 behavioral1/memory/560-59-0x0000000180001000-0x0000000180019000-memory.dmp BazarLoaderVar6
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/560-59-0x0000000180001000-0x0000000180019000-memory.dmpFilesize
96KB
-
memory/1648-55-0x000007FEFB6F1000-0x000007FEFB6F3000-memory.dmpFilesize
8KB
-
memory/1648-56-0x00000000002B0000-0x00000000002C4000-memory.dmpFilesize
80KB
-
memory/1648-57-0x0000000180001000-0x0000000180019000-memory.dmpFilesize
96KB