bazarloader | 52e31fe3a868e269990b40e21937791d8a68c5ed8eb1df03d698a6ae5b8aef5b | Triage

Analysis

max time kernel
128s
max time network
140s
platform
windows7_x64
resource
win7-en-20211014
submitted
25-11-2021 15:52

Sharing

Report Analysis Logs

General

Target

52.dll
Size

299KB
MD5

1ce2ad0607e90dd209178e53d193a58b
SHA1

b46d8155ef68f312bfc1d4ababb29cd1615bcfc9
SHA256

52e31fe3a868e269990b40e21937791d8a68c5ed8eb1df03d698a6ae5b8aef5b
SHA512

a0fd101e86b3c6fe50045665ecc04872eb93a0f51e116ea26346bb8f8985fea97392a811c1535fd7c1dcf77d8b000af765eef57f69c1f15e542421bd9ca56df0

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1584-56-0x0000000001E90000-0x0000000002064000-memory.dmp	BazarLoaderVar6
behavioral1/memory/796-57-0x0000000001D30000-0x0000000001F04000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\52.dll
1⤵
PID:1584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\52.dll,DllRegisterServer {5F923EFE-4B0A-4021-9B3A-7F4C681CD4DC}
1⤵
PID:796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/796-57-0x0000000001D30000-0x0000000001F04000-memory.dmp

Filesize
1.8MB

Download
memory/1584-55-0x000007FEFB561000-0x000007FEFB563000-memory.dmp

Filesize
8KB

Download
memory/1584-56-0x0000000001E90000-0x0000000002064000-memory.dmp

Filesize
1.8MB

Download