Analysis

  • max time kernel
    114s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    11-04-2022 02:28

General

  • Target

    38b50040db894ad42d4b708eb9b413d71ec2232bf770e5dcd2dc066bedfc92fe.dll

  • Size

    710KB

  • MD5

    b9317377f91cfb1aa38184868036886a

  • SHA1

    2fa0122caca56adc5d00395545cedb7ff7870326

  • SHA256

    38b50040db894ad42d4b708eb9b413d71ec2232bf770e5dcd2dc066bedfc92fe

  • SHA512

    02f4abacac498edb8b48083bb8741efe1bcc76a9402539f4b0ab7b5bc763ff92bc0370aed2abc268913bb7653f4c7126d47cc2139230c5e61f824f4fbe31ac52

Malware Config

Extracted

Family

bazarloader

C2

reddew28c.bazar

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b50040db894ad42d4b708eb9b413d71ec2232bf770e5dcd2dc066bedfc92fe.dll,#1
    1⤵
      PID:4672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4672-124-0x000001BCD67C0000-0x000001BCD67EB000-memory.dmp
      Filesize

      172KB