bazarloader | 864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9

Analysis

Target

864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe
Size

506KB
MD5

532524ec1e7a51b51f948fdc79bd0f83
SHA1

ce1b6a7f420e277ff4f371b37f7ce9abc78c2929
SHA256

864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9
SHA512

d594d9866ff30428d958d4a54b10938f41c030f3ac6ecfd5a67155b82ee6913275f8ed6f3ee7c446c5d59a2fd04251b28e61b283cafbde71a1a61e01c09db33c

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3556-134-0x0000000002580000-0x00000000025C8000-memory.dmp	BazarLoaderVar3
behavioral2/memory/3556-138-0x00000000025D0000-0x0000000002619000-memory.dmp	BazarLoaderVar3
behavioral2/memory/3556-143-0x00000000008E0000-0x0000000000926000-memory.dmp	BazarLoaderVar3

Suspicious use of SetThreadContext 1 IoCs

Processes:

864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe

description	pid	process	target process
PID 3556 set thread context of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe

description	pid	process	target process
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe
PID 3556 wrote to memory of 4092	3556	864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" -sf "C:\Users\Admin\AppData\Local\Temp\864cf756fae7a3396d1028e9d8c2077df32ec207a0bf3222fcec6027a4a71fd9.exe"
2⤵
PID:4092

memory/3556-134-0x0000000002580000-0x00000000025C8000-memory.dmp

Filesize
288KB

Download
memory/3556-138-0x00000000025D0000-0x0000000002619000-memory.dmp

Filesize
292KB

Download
memory/3556-143-0x00000000008E0000-0x0000000000926000-memory.dmp

Filesize
280KB

Download