Analysis
-
max time kernel
600s -
max time network
602s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
26-10-2022 21:56
General
-
Target
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780.exe
-
Size
336KB
-
MD5
c6502d4dd27a434167686bfa4d183e89
-
SHA1
bddbceefe4185693ef9015d0a535eb7e034b9ec3
-
SHA256
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780
-
SHA512
e7958bbb238f6e484683e876d42e15ebea04ce00cedb7d377aec77eb008e4389f7e91454d9503ed5558c59c2bfbaf71530c8970e1e3a7ebe032ca8ba699c3ed9
-
SSDEEP
6144:xgITgAwvbsnWEwqVCA1jxlK11wdkWyloi/DyO:xgr/EwSCA1jXK1im/DyO
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
-
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780.exe"C:\Users\Admin\AppData\Local\Temp\35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2020-54-0x000007FEFB581000-0x000007FEFB583000-memory.dmpFilesize
8KB
-
memory/2020-55-0x00000000005E0000-0x00000000005FF000-memory.dmpFilesize
124KB
-
memory/2020-59-0x0000000001BB0000-0x0000000001BCC000-memory.dmpFilesize
112KB
-
memory/2020-63-0x0000000000320000-0x000000000033C000-memory.dmpFilesize
112KB