Overview

overview

10

Static

static

a32ed4b36d...00.exe

windows7_x64

10

a32ed4b36d...00.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294214s
  • max time network
    171s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    20-03-2022 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600.exe

  • Size

    576KB

  • MD5

    5686d8ae3dbaf2898116583c91adf368

  • SHA1

    beac049079ab19cd2e783d90634d461ab4ebf567

  • SHA256

    a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600

  • SHA512

    ccef24fac9b7c4a2be0e4fa43d5187335e16e8be86051fb7f7dfc2c5dd9eb4e00a9ef8c6af9e88a4eca7b77ea859c3dd6ea495d5ed1eea407bbc26cbb49ad133

Score
10/10
bazarbackdoorbazarloaderbackdoordropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • BazarBackdoor

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    backdoorbazarbackdoor
  • Bazar/Team9 Backdoor payload 3 IoCs
  • Bazar/Team9 Loader payload 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600.exe
    "C:\Users\Admin\AppData\Local\Temp\a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600.exe"
    1⤵
      PID:792

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/792-54-0x000007FEF6B91000-0x000007FEF6B93000-memory.dmp

      Filesize

      8KB

      Download

    • memory/792-55-0x0000000002170000-0x00000000021C9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/792-59-0x0000000180000000-0x0000000180058000-memory.dmp

      Filesize

      352KB

      Download

    • memory/792-64-0x0000000001CE0000-0x0000000001D37000-memory.dmp

      Filesize

      348KB

      Download