Analysis
-
max time kernel
148s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04-09-2022 07:30
Static task
static1
Behavioral task
behavioral1
Sample
9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe
Resource
win10v2004-20220812-en
General
-
Target
9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe
-
Size
735KB
-
MD5
721230a3b332c1b6f3561a071362ebff
-
SHA1
ef29b2194f37cabcfd24a23a789d3076e1ff0894
-
SHA256
9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4
-
SHA512
dc5c7f75d876ec5a8a2c61160c664494f6d6ff5664f2d93bc0c610f97cf67bfbf8dd320b81cd9d74cd86085ae54cd4602351be896c39a7bea41caddbbf64db52
-
SSDEEP
12288:49JnF4m3eBBwI6oZD8+lCgsAsMvOjt2B7a7Tv6VULYmEi3mw:4LqmWwkbCgsAhv/p6v6Sx/J
Malware Config
Signatures
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload 2 IoCs
resource yara_rule behavioral1/memory/1652-55-0x0000000000400000-0x0000000000630000-memory.dmp BazarBackdoorVar3 behavioral1/memory/1652-56-0x0000000000400000-0x0000000000630000-memory.dmp BazarBackdoorVar3 -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1652 9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1652 9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1652 9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1652 9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe 1652 9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe"C:\Users\Admin\AppData\Local\Temp\9b12d8d3d1902b81c5366eaf296033cc73bb8f4b01119f0a21bcc86e0cd320b4.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1652