Malware Analysis Report

2025-06-16 05:30

Sample ID 211207-yp2vvacfeq
Target 17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b
SHA256 17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b
Tags
bazarloader dropper loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b

Threat Level: Known bad

The file 17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b was found to be: Known bad.

Malicious Activity Summary

bazarloader dropper loader

Bazar Loader

Bazar/Team9 Loader payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-12-07 19:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-12-07 19:58

Reported

2021-12-07 20:01

Platform

win10-en-20211104

Max time kernel

146s

Max time network

152s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b.dll

Signatures

Bazar Loader

loader dropper bazarloader

Bazar/Team9 Loader payload

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17b8dbb794a05333446fc5eddff69ef061fea63ff3a7aeb1a7b5e1d87337584b.dll

Network

Country Destination Domain Proto
IE 52.109.76.31:443 tcp
US 8.8.8.8:53 time.windows.com udp
NL 40.119.148.38:123 time.windows.com udp
BG 87.120.37.71:443 tcp
BG 87.121.52.195:443 tcp

Files

memory/3064-119-0x0000000002A90000-0x0000000002A92000-memory.dmp

memory/3064-118-0x0000000002A90000-0x0000000002A92000-memory.dmp

memory/3064-120-0x0000000002A50000-0x0000000002A90000-memory.dmp