73d.dll

General
Target

73d.dll

Filesize

192KB

Completed

25-11-2021 16:51

Score
10/10
MD5

22772708f29d1d82688957f1ee572f40

SHA1

cbba8f327d481e64327a05f5b58398c9eb17ceda

SHA256

73df9097a26595ae9455d866a9bcc9c703700b62946baadbe1d431805f7e2e2d

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/3620-118-0x0000000002BA0000-0x0000000002C9C000-memory.dmpBazarLoaderVar6
    behavioral2/memory/648-119-0x0000016A8CE80000-0x0000016A8CF7C000-memory.dmpBazarLoaderVar6
Processes 2
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73d.dll
    PID:3620
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\73d.dll,DllRegisterServer {13743023-C86C-41CE-995A-C1440D95FD07}
    PID:648
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/648-119-0x0000016A8CE80000-0x0000016A8CF7C000-memory.dmp

                          • memory/3620-118-0x0000000002BA0000-0x0000000002C9C000-memory.dmp