Analysis

  • max time kernel
    4294210s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    19-03-2022 23:10

General

  • Target

    898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9.exe

  • Size

    576KB

  • MD5

    2946562b29462362faf215bf7a2fcaa6

  • SHA1

    3d4894ad006420523bfec3996774ece6090e4e15

  • SHA256

    898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9

  • SHA512

    a6ef18c693ca2d13174e745f96e80b5b81227ab55596713da1410a245aa9d261df36dd442fc27112b24baaee5bd45b44c95425da41b05ebc21e73ad33477fde4

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • BazarBackdoor

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

  • Bazar/Team9 Backdoor payload 3 IoCs
  • Bazar/Team9 Loader payload 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9.exe
    "C:\Users\Admin\AppData\Local\Temp\898f6e91c82bf23b5b95e0560292b1c610970b3062eeeb9980c75f954e5024a9.exe"
    1⤵
      PID:1944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1944-54-0x000007FEF5D31000-0x000007FEF5D33000-memory.dmp

      Filesize

      8KB

    • memory/1944-55-0x0000000001E50000-0x0000000001EA9000-memory.dmp

      Filesize

      356KB

    • memory/1944-59-0x0000000180000000-0x0000000180058000-memory.dmp

      Filesize

      352KB

    • memory/1944-64-0x0000000000240000-0x0000000000297000-memory.dmp

      Filesize

      348KB