bazarloader | 73df9097a26595ae9455d866a9bcc9c703700b62946baadbe1d431805f7e2e2d | Triage

Analysis

max time kernel
119s
max time network
131s
platform
windows10_x64
resource
win10-en-20211104
submitted
25-11-2021 16:48

Sharing

Report Analysis Logs

General

Target

73d.dll
Size

192KB
MD5

22772708f29d1d82688957f1ee572f40
SHA1

cbba8f327d481e64327a05f5b58398c9eb17ceda
SHA256

73df9097a26595ae9455d866a9bcc9c703700b62946baadbe1d431805f7e2e2d
SHA512

48c1b78843e322d5fe9784ea861721211abd0a4d5b982b2f152e7e14f159ee103712224ca6ce9c788a659983fc84eb3eea04ca71e1e925c3a1e02b10a616e2db

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3620-118-0x0000000002BA0000-0x0000000002C9C000-memory.dmp	BazarLoaderVar6
behavioral2/memory/648-119-0x0000016A8CE80000-0x0000016A8CF7C000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73d.dll
1⤵
PID:3620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\73d.dll,DllRegisterServer {13743023-C86C-41CE-995A-C1440D95FD07}
1⤵
PID:648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/648-119-0x0000016A8CE80000-0x0000016A8CF7C000-memory.dmp

Filesize
1008KB

Download
memory/3620-118-0x0000000002BA0000-0x0000000002C9C000-memory.dmp

Filesize
1008KB

Download