Overview

overview

10

Static

static

krerb.exe

windows7_x64

10

krerb.exe

windows10-2004_x64

10

Resubmissions

28-03-2022 12:32

220328-pqyedaeaej 10

18-01-2022 06:25

220118-g64mbsabcm 10

05-05-2021 04:52

210505-vc9dqnmbba 10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    18-01-2022 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    krerb.exe

  • Size

    199KB

  • MD5

    1c74d51a1d7177bf9b23f6a567adc047

  • SHA1

    ecb47205a047b173c4ecaf4f476204ef7154a7ad

  • SHA256

    a8f0170ad5e5cdb0533ea888b0dbc97bc4bd23c9a0531e5e4b7cd1f05fa0875d

  • SHA512

    0f2320ab1c60536cad706564a4ea739f2bac1b7cdd538ac1672542c9c02563292d95c2789845629ce696eca356876859a3efd57b305432d4d833fffd1b4cbef4

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\krerb.exe
    "C:\Users\Admin\AppData\Local\Temp\krerb.exe"
    1⤵
      PID:1184
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
      1⤵
        PID:3896
      • C:\Users\Admin\AppData\Local\Temp\krerb.exe
        C:\Users\Admin\AppData\Local\Temp\krerb.exe {838B2F12-D2F2-4D12-BC01-1C8C61D4DCFC}
        1⤵
          PID:2516

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1346565761-3498240568-4147300184-1000\3e952d0ddb6a308dcd44a8ee28102e55_e269d2c1-0edf-4391-ac7b-818b8e88b04f
          MD5

          9e2f3eab69ef628ddbf2ef9a4241a69c

          SHA1

          11ed46222307a9a2682b111aebd265cdba2ccf1f

          SHA256

          7ae40d85e89d69d1ebed581177a770bedcd8821aca387e2d81b3ba816b541bc9

          SHA512

          08494d29c86aa86ff74c8b66f8322804c46130b4aa476fc277454c13e863c721e825b3d7e17ed440e03deb7821b27a997e88bcd5e790898539cfc31d2bf26fd7

          Download Submit

        • memory/1184-133-0x0000026AFD120000-0x0000026AFD147000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2516-139-0x0000020E08AB0000-0x0000020E08AD7000-memory.dmp

          Filesize

          156KB

          Download