Overview

overview

10

Static

static

DialogGL.exe

windows7_x64

10

DialogGL.exe

windows10-2004_x64

10

Resubmissions

16-03-2022 10:58

220316-m219ascgd6 10

16-09-2021 14:03

210916-rc1npagdel 10

15-09-2021 23:08

210915-24mw1sbeb5 1

Analysis

  • max time kernel
    153s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    16-03-2022 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DialogGL.exe

  • Size

    224KB

  • MD5

    3e494cf9a64f6836638f8f99d4015d5b

  • SHA1

    de1d042453c77ba66bb9993c40245fd493fcb679

  • SHA256

    1625a3baefca74d244796f8ba85972350fda0994cf6752ac4d8ea8ff93052f42

  • SHA512

    e2db480175db189de53d35fe6a2318f9ccafec0ca709efa35d38444f52ab1a4db60a7ce9f4414131ee478dd262c50d904eec5eaf6fbd98b2ca2e95c590c89dee

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 5 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DialogGL.exe
    "C:\Users\Admin\AppData\Local\Temp\DialogGL.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4804
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Users\Admin\AppData\Local\Temp\DialogGL.exe
      C:\Users\Admin\AppData\Local\Temp\DialogGL.exe {83A6B6AD-FE39-416B-A38C-26563DFCF806}
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1208-144-0x0000013F89540000-0x0000013F89550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1208-145-0x0000013F8A120000-0x0000013F8A130000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1208-146-0x0000013F8C4C0000-0x0000013F8C4C4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2932-147-0x00000000025E0000-0x00000000025F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2932-151-0x0000000002600000-0x0000000002616000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4804-130-0x0000000002740000-0x0000000002754000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4804-134-0x0000000002760000-0x0000000002776000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4804-143-0x0000000002720000-0x0000000002731000-memory.dmp

    Filesize

    68KB

    Download