bazarloader | ea86eb91e51b543811a134aabd94a04dc2ef2456338eaef5f4c57de4be09e059 | Triage

Analysis

max time kernel
4294183s
max time network
135s
platform
windows7_x64
resource
win7-20220310-en
submitted
15-03-2022 14:58

Sharing

Report Analysis Logs

General

Target

a4bb3e65ab8f6350868862fb71e29a1b92f11306400a2ce040b7c9d97bd466c6.dll
Size

712KB
MD5

0eac95acae7ebb02684fb3f41a3bf702
SHA1

d7a45630ecb8e33e49776c908c0e353f0efab934
SHA256

a4bb3e65ab8f6350868862fb71e29a1b92f11306400a2ce040b7c9d97bd466c6
SHA512

023764e7cb799ccfca4f4201037e0b6c655ccc2590769037e24a294624cc869caef22add52a09af86f580e4ec6dfad41823b12e8619516eb3ccef063371236ed

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1808-54-0x0000000000290000-0x00000000002BB000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4bb3e65ab8f6350868862fb71e29a1b92f11306400a2ce040b7c9d97bd466c6.dll,#1
1⤵
PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-54-0x0000000000290000-0x00000000002BB000-memory.dmp

Filesize
172KB

Download