Analysis
-
max time kernel
177s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-05-2022 16:33
General
-
Target
412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29.exe
-
Size
5.7MB
-
MD5
4c41decf8b08f8d5bb5445cc37a7065b
-
SHA1
2c60eb30ac92c79746bf6cc75d718726031926b5
-
SHA256
412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29
-
SHA512
945860033f9909d54432e99b8376f6c723e9d4561db82b367bbd73171b06634011beb4539e8f83b91b6ffcd046e9b402aa7fc7fea7c22486746cb994f555a816
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
-
Tries to connect to .bazar domain 32 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29.exe"C:\Users\Admin\AppData\Local\Temp\412483d8630f27d160d9baf8f9d2b4deeb510d0f351ce684e7c0619d26f1cc29.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4216-130-0x00000000001A0000-0x00000000001B9000-memory.dmpFilesize
100KB
-
memory/4216-134-0x0000000180000000-0x0000000180017000-memory.dmpFilesize
92KB
-
memory/4216-138-0x0000000000180000-0x0000000000196000-memory.dmpFilesize
88KB