Analysis Overview
SHA256
17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b
Threat Level: Known bad
The file 17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b was found to be: Known bad.
Malicious Activity Summary
Bazar Loader
Bazar/Team9 Loader payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-12-07 19:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-12-07 19:58
Reported
2021-12-07 20:01
Platform
win10-en-20211104
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Bazar Loader
Bazar/Team9 Loader payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b.dll
Network
| Country | Destination | Domain | Proto |
| IE | 52.109.76.31:443 | tcp | |
| US | 8.8.8.8:53 | time.windows.com | udp |
| NL | 40.119.148.38:123 | time.windows.com | udp |
| BG | 87.120.37.71:443 | tcp | |
| BG | 87.121.52.195:443 | tcp |
Files
memory/3064-119-0x0000000002A90000-0x0000000002A92000-memory.dmp
memory/3064-118-0x0000000002A90000-0x0000000002A92000-memory.dmp
memory/3064-120-0x0000000002A50000-0x0000000002A90000-memory.dmp