Resubmissions

01-02-2022 01:10

220201-bjlkcafba8 10

01-02-2022 00:22

220201-anxmqsefa6 10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 00:22

General

  • Target

    picture.dll

  • Size

    308KB

  • MD5

    21c62adba10a2f518357106947a3410c

  • SHA1

    607df191b24b5bc402bf4b37272c855c8ebb9dff

  • SHA256

    716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85

  • SHA512

    049c14038e81afa17759a27456207a39f18c08b2a65a56d786dcb458ae9544b1f061f408b07c1d614ddb9baf0fa0c20115e822095446c208016b9dfef243bdde

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 5 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\picture.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1368-55-0x0000000180000000-0x000000018003D000-memory.dmp

    Filesize

    244KB

  • memory/1368-60-0x0000000180000000-0x000000018003D000-memory.dmp

    Filesize

    244KB