Analysis
-
max time kernel
130s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
22-05-2022 05:54
General
-
Target
youtube.dll
-
Size
214KB
-
MD5
9a4ef0169f86641aa99017049de272f5
-
SHA1
82e1a3868eff88753fe30abedf7c83620aaddd13
-
SHA256
d21d616f6052e8b62292fcc6d9fd9ee2a3b549c59ca76aa8ef5a96cd163512ac
-
SHA512
9b9bff3e64ee7f060679b3ff8704b8f89057748906198c674e7ebec7a51e33023af119997877790837389905090d57559eadc49811f53973b7ed91f3552c9e84
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\youtube.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c timeout 8 > NUL & "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\youtube.dll", #1 ZF3bI6aD VI0rr2aG & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout 83⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\youtube.dll", #1 ZF3bI6aD VI0rr2aG3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/396-133-0x0000000000000000-mapping.dmp
-
memory/396-134-0x000002AB55A70000-0x000002AB55A90000-memory.dmpFilesize
128KB
-
memory/1168-132-0x0000000000000000-mapping.dmp
-
memory/2292-131-0x0000000000000000-mapping.dmp
-
memory/3144-130-0x0000028D7F720000-0x0000028D7F740000-memory.dmpFilesize
128KB