Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 00:22
Static task
static1
Behavioral task
behavioral1
Sample
picture.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
picture.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
picture.dll
-
Size
308KB
-
MD5
21c62adba10a2f518357106947a3410c
-
SHA1
607df191b24b5bc402bf4b37272c855c8ebb9dff
-
SHA256
716f2ae73525362939d52104e809ea9da5e031f9d31f0b53d8de77df989c8b85
-
SHA512
049c14038e81afa17759a27456207a39f18c08b2a65a56d786dcb458ae9544b1f061f408b07c1d614ddb9baf0fa0c20115e822095446c208016b9dfef243bdde
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
resource yara_rule behavioral1/memory/1368-55-0x0000000180000000-0x000000018003D000-memory.dmp BazarLoaderVar5 behavioral1/memory/1368-60-0x0000000180000000-0x000000018003D000-memory.dmp BazarLoaderVar5 -
Blocklisted process makes network request 5 IoCs
flow pid Process 4 1368 rundll32.exe 5 1368 rundll32.exe 6 1368 rundll32.exe 7 1368 rundll32.exe 8 1368 rundll32.exe