Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    07/12/2021, 19:58

General

  • Target

    17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b.dll

  • Size

    1.6MB

  • MD5

    a49d28798147cc039e3ac341044fe612

  • SHA1

    b950324092db34ad2940560d85f07744dd9e5b0c

  • SHA256

    17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b

  • SHA512

    6ba8410d56bd64115da7cee0afd70a5e88699fccacbb42fcbd9990575a132828ecab630bdbf2349bbb4f7db97b9900eb765781e3654af3beadb884aba565723a

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b.dll
    1⤵
      PID:3064

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3064-119-0x0000000002A90000-0x0000000002A92000-memory.dmp

            Filesize

            8KB

          • memory/3064-118-0x0000000002A90000-0x0000000002A92000-memory.dmp

            Filesize

            8KB

          • memory/3064-120-0x0000000002A50000-0x0000000002A90000-memory.dmp

            Filesize

            256KB