Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-04-2022 13:57
Static task
static1
Behavioral task
behavioral1
Sample
b0855b74dd1090f19e75cc9346585d454f00b6cd0297cadb7abac37a4b3c9b3b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b0855b74dd1090f19e75cc9346585d454f00b6cd0297cadb7abac37a4b3c9b3b.exe
Resource
win10v2004-20220414-en
General
-
Target
b0855b74dd1090f19e75cc9346585d454f00b6cd0297cadb7abac37a4b3c9b3b.exe
-
Size
342KB
-
MD5
375f773ea70375dfeb8d3719d6acb991
-
SHA1
69e31fdad3bc71fe1d1c0e2aaa3b6e47afd79150
-
SHA256
b0855b74dd1090f19e75cc9346585d454f00b6cd0297cadb7abac37a4b3c9b3b
-
SHA512
503d4ba368a00f47b19ece553b09848c7b8a133fff279986f355b22cddef5af082694ef00672a1edfac55e8b03a905ff33a04850064678cbd18066a5cfd78931
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/1972-54-0x0000000000230000-0x000000000026A000-memory.dmp BazarLoaderVar4 behavioral1/memory/1972-58-0x0000000180000000-0x000000018003C000-memory.dmp BazarLoaderVar4 behavioral1/memory/1972-63-0x00000000001E0000-0x0000000000218000-memory.dmp BazarLoaderVar4 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
b0855b74dd1090f19e75cc9346585d454f00b6cd0297cadb7abac37a4b3c9b3b.exepid process 1972 b0855b74dd1090f19e75cc9346585d454f00b6cd0297cadb7abac37a4b3c9b3b.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1972-54-0x0000000000230000-0x000000000026A000-memory.dmpFilesize
232KB
-
memory/1972-58-0x0000000180000000-0x000000018003C000-memory.dmpFilesize
240KB
-
memory/1972-63-0x00000000001E0000-0x0000000000218000-memory.dmpFilesize
224KB
-
memory/1972-64-0x000007FEFC3A1000-0x000007FEFC3A3000-memory.dmpFilesize
8KB