General
Target

73d.dll

Filesize

192KB

Completed

25-11-2021 16:51

Task

behavioral1

Score
10/10
MD5

22772708f29d1d82688957f1ee572f40

SHA1

cbba8f327d481e64327a05f5b58398c9eb17ceda

SHA256

73df9097a26595ae9455d866a9bcc9c703700b62946baadbe1d431805f7e2e2d

SHA256

48c1b78843e322d5fe9784ea861721211abd0a4d5b982b2f152e7e14f159ee103712224ca6ce9c788a659983fc84eb3eea04ca71e1e925c3a1e02b10a616e2db

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1532-56-0x0000000001EC0000-0x0000000001FBC000-memory.dmpBazarLoaderVar6
    behavioral1/memory/384-57-0x0000000001AC0000-0x0000000001BBC000-memory.dmpBazarLoaderVar6
Processes 2
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73d.dll
    PID:1532
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\73d.dll,DllRegisterServer {4B039148-2F9B-4B67-AD2F-E27D8D543FD1}
    PID:384
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/384-57-0x0000000001AC0000-0x0000000001BBC000-memory.dmp

                          • memory/1532-55-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp

                          • memory/1532-56-0x0000000001EC0000-0x0000000001FBC000-memory.dmp