Analysis
-
max time kernel
150s -
max time network
178s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
27-03-2022 01:41
General
-
Target
f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe
-
Size
231KB
-
MD5
ebba0a18ecb946c45f60a14be223c7d4
-
SHA1
cfbb5280e97aa589c3fa46ae2bc77c9523eba46a
-
SHA256
f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e
-
SHA512
71dea8c205883df79b154c1586e4be0fa9b784ae6d47a8718f9b09cc4b803e26b20f5ebc396376dfc1848a2e261e805b84c2d70ee1a8ccd5a234141715850f4a
Score
8/10
Malware Config
Signatures
-
Tries to connect to .bazar domain 62 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes
-
C:\Users\Admin\AppData\Local\Temp\f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe"C:\Users\Admin\AppData\Local\Temp\f351b6bef91b600954f23402eddc68deb0e2e2d3b6099a7250bc54ba3a2aff3e.exe"1⤵