Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    30/11/2021, 20:25

General

  • Target

    data.dll

  • Size

    429KB

  • MD5

    3d2c80e6849edf4c6bea0e83fc086534

  • SHA1

    cf233e96f1d4b54720de1fa425ab30bbea6c4278

  • SHA256

    078968cfc9af97a102a362ad87cb30e8d3d33d28d0dd7c97fc31e85ff3950611

  • SHA512

    a2c218a63cab2a98220ae1da44a1e9fceb7918ddb586112b31f772794e5fe4e2dbcda5557cae2191ae63cc536c637cca784a829a906ada93478ef510f29689f2

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\data.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\system32\regsvr32.exe
      regsvr32 /s C:\Users\Admin\AppData\Local\Temp\data.dll
      2⤵
        PID:2724
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\data.dll,DllRegisterServer {C56AC8DB-4742-4122-BBAC-CC43C05A9354}
      1⤵
        PID:3612

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2724-116-0x00000002F77D1000-0x00000002F77EE000-memory.dmp

              Filesize

              116KB