Overview

overview

10

Static

static

f88bf1ef24...2a.dll

windows7_x64

10

f88bf1ef24...2a.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    29-03-2022 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f88bf1ef249096f75ccd9a58efbd6dc0759548b838d32c4fde3cb319c025952a.dll

  • Size

    711KB

  • MD5

    cd7bd3164fd2543597dde84e836f7f8d

  • SHA1

    ec4008c7bb63f60241f915205a9e9b99cdd47cb8

  • SHA256

    f88bf1ef249096f75ccd9a58efbd6dc0759548b838d32c4fde3cb319c025952a

  • SHA512

    f1a50125fcb1024a2596617ab8c54be7aa78cc79ca9c086b6523ca655c5d344138189b468016412d2056d08ee06bb9bd0b9f38a9728ece0fba8c8316f6552117

Score
10/10
bazarloaderdropperloader

Malware Config

Extracted

Family

bazarloader

C2

reddew28c.bazar

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f88bf1ef249096f75ccd9a58efbd6dc0759548b838d32c4fde3cb319c025952a.dll,#1
    1⤵
      PID:1392

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1392-130-0x000001FD30DA0000-0x000001FD30DCB000-memory.dmp
      Filesize

      172KB

      Download