Analysis
-
max time kernel
152s -
max time network
164s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
02/12/2021, 12:07
Static task
static1
Behavioral task
behavioral1
Sample
bb62610dd76178bbcf45eb21d8f644977c23d0391f5f3d89b406b2caca619d2a.dll
Resource
win7-en-20211104
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bb62610dd76178bbcf45eb21d8f644977c23d0391f5f3d89b406b2caca619d2a.dll
Resource
win10-en-20211014
0 signatures
0 seconds
General
-
Target
bb62610dd76178bbcf45eb21d8f644977c23d0391f5f3d89b406b2caca619d2a.dll
-
Size
393KB
-
MD5
eb2338c71a210835401162d1e1ed9174
-
SHA1
7451b3eeb0efad68d4c4347267369847b169bf9c
-
SHA256
bb62610dd76178bbcf45eb21d8f644977c23d0391f5f3d89b406b2caca619d2a
-
SHA512
325925ce022a08fd0df481eb0b9427188743c02edd4739ad935a9b8b6dd1e0453b02f37453c09cdde6ee8fdf70c1219c32228e341cdf9b4a2130b9bfc0ee9ade
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
resource yara_rule behavioral2/memory/3492-119-0x0000000000E50000-0x0000000000E67000-memory.dmp BazarLoaderVar6 behavioral2/memory/908-122-0x0000026A1E1F0000-0x0000026A1E207000-memory.dmp BazarLoaderVar6
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bb62610dd76178bbcf45eb21d8f644977c23d0391f5f3d89b406b2caca619d2a.dll1⤵PID:3492
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb62610dd76178bbcf45eb21d8f644977c23d0391f5f3d89b406b2caca619d2a.dll,DllRegisterServer {DD3DAEF9-1B7B-42D8-B492-55FF0701037C}1⤵PID:908