Overview

overview

10

Static

static

a32ed4b36d...00.exe

windows7_x64

10

a32ed4b36d...00.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    177s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    20-03-2022 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600.exe

  • Size

    576KB

  • MD5

    5686d8ae3dbaf2898116583c91adf368

  • SHA1

    beac049079ab19cd2e783d90634d461ab4ebf567

  • SHA256

    a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600

  • SHA512

    ccef24fac9b7c4a2be0e4fa43d5187335e16e8be86051fb7f7dfc2c5dd9eb4e00a9ef8c6af9e88a4eca7b77ea859c3dd6ea495d5ed1eea407bbc26cbb49ad133

Score
10/10
bazarbackdoorbazarloaderbackdoordropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • BazarBackdoor

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    backdoorbazarbackdoor
  • Bazar/Team9 Backdoor payload 3 IoCs
  • Bazar/Team9 Loader payload 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600.exe
    "C:\Users\Admin\AppData\Local\Temp\a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600.exe"
    1⤵
      PID:4052

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4052-134-0x00000000025F0000-0x0000000002649000-memory.dmp
      Filesize

      356KB

      Download
    • memory/4052-138-0x0000000180000000-0x0000000180058000-memory.dmp
      Filesize

      352KB

      Download
    • memory/4052-143-0x0000000002590000-0x00000000025E7000-memory.dmp
      Filesize

      348KB

      Download