Resubmissions
13-05-2022 11:39
220513-nsgc7sfaf9 10Analysis
-
max time kernel
131s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
13-05-2022 11:39
Static task
static1
Behavioral task
behavioral1
Sample
24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll
-
Size
285KB
-
MD5
215e0accdf538d48a8a7bf79009e8f9b
-
SHA1
4ff45fb8003ab1075bdbbc9d044b7c31374f3cdb
-
SHA256
24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9
-
SHA512
39139d9ae3149eae6185878eb1943f233b7c7c503fd66a4c1f58deab46b451adaec3c939521dc7d6b2d4e3e6456a429c4591430943ac6bfd3381654d68c27443
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1836-54-0x0000000001B50000-0x0000000001B6B000-memory.dmp BazarLoaderVar6 behavioral1/memory/828-55-0x0000000000120000-0x000000000013B000-memory.dmp BazarLoaderVar6 -
Blocklisted process makes network request 4 IoCs
Processes:
rundll32.exeflow pid process 2 1836 rundll32.exe 7 1836 rundll32.exe 9 1836 rundll32.exe 10 1836 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll,#11⤵
- Blocklisted process makes network request
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll,StartW 11120723121⤵