Analysis
-
max time kernel
601s -
max time network
604s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-10-2022 21:56
Behavioral task
behavioral1
Sample
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe
Resource
win10v2004-20220812-en
General
-
Target
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe
-
Size
96KB
-
MD5
e44cfd6ecc1ea0015c28a75964d19799
-
SHA1
cb294c79b5d48840382a06c4021bc2772fdbcf63
-
SHA256
52e72513fe2a38707aa63fbc52dabd7c7d2c5809ed7e27f384315375426f57bf
-
SHA512
89ec1c96d90991fcc691a461e64631f5f9d970a90560cf5143685a2f2b6c3afeda84fe38500003f303dc1cb35876fda03aeac29745d30cc397509751d8a96835
-
SSDEEP
1536:7X4kTvTOqjai7Z/ZP1FOsXO4dvhvMdAX0pJ0P11XJ2H1:7X4kL5f/OgO4dZvMdO0pWP11XM1
Malware Config
Signatures
-
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
Processes:
flow ioc 63 ypcuelto.bazar 373 ypwyonud.bazar 201 vuqeudso.bazar 294 liewsoon.bazar 322 biekelib.bazar 891 biomudib.bazar 247 izcusoto.bazar 471 ucqeibso.bazar 251 izcusoto.bazar 268 izcusoto.bazar 351 liemonud.bazar 48 ypcuelto.bazar 491 vuwyibud.bazar 519 ydekudib.bazar 622 ypomonon.bazar 718 izidonud.bazar 459 ucqeibso.bazar 563 yptototo.bazar 609 ypomonon.bazar 632 ypomonon.bazar 658 liewelud.bazar 676 iqomibso.bazar 686 iqomibso.bazar 771 aqywtoon.bazar 779 aqywtoon.bazar 778 aqywtoon.bazar 843 agidelib.bazar 217 ufedtoib.bazar 309 biekelib.bazar 349 liemonud.bazar 755 aqywtoon.bazar 579 owemonto.bazar 834 agidelib.bazar 38 ypcuelto.bazar 102 izcuudto.bazar 407 extoudel.bazar 643 liewelud.bazar 826 agidelib.bazar 235 ufedtoib.bazar 414 extoudel.bazar 420 extoudel.bazar 793 bionudel.bazar 820 agidelib.bazar 890 biomudib.bazar 85 bionibso.bazar 815 agidelib.bazar 156 iqelibel.bazar 773 aqywtoon.bazar 846 iqacsoel.bazar 863 iqacsoel.bazar 36 ypcuelto.bazar 51 ypcuelto.bazar 54 ypcuelto.bazar 153 iqywibud.bazar 824 agidelib.bazar 871 iqacsoel.bazar 311 biekelib.bazar 345 liemonud.bazar 452 ufcatoib.bazar 502 vuwyibud.bazar 742 ypeludel.bazar 811 bionudel.bazar 346 liemonud.bazar 781 aqywtoon.bazar -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 185.121.177.177 Destination IP 185.121.177.177 Destination IP 77.73.68.161 Destination IP 169.239.202.202 Destination IP 185.121.177.177 Destination IP 82.141.39.32 Destination IP 51.255.211.146 Destination IP 147.135.185.78 Destination IP 142.4.204.111 Destination IP 94.177.171.127 Destination IP 89.35.39.64 Destination IP 208.67.222.222 Destination IP 5.135.183.146 Destination IP 208.67.220.220 Destination IP 51.255.211.146 Destination IP 217.12.210.54 Destination IP 45.32.160.206 Destination IP 35.196.105.24 Destination IP 147.135.185.78 Destination IP 82.141.39.32 Destination IP 217.12.210.54 Destination IP 192.99.85.244 Destination IP 96.47.228.108 Destination IP 77.73.68.161 Destination IP 51.255.211.146 Destination IP 35.196.105.24 Destination IP 162.248.241.94 Destination IP 35.196.105.24 Destination IP 208.67.220.220 Destination IP 45.63.124.65 Destination IP 142.4.204.111 Destination IP 5.135.183.146 Destination IP 5.45.97.127 Destination IP 5.45.97.127 Destination IP 69.164.196.21 Destination IP 5.45.97.127 Destination IP 51.255.211.146 Destination IP 5.135.183.146 Destination IP 217.12.210.54 Destination IP 35.196.105.24 Destination IP 172.104.136.243 Destination IP 142.4.205.47 Destination IP 82.141.39.32 Destination IP 208.67.222.222 Destination IP 162.248.241.94 Destination IP 162.248.241.94 Destination IP 5.45.97.127 Destination IP 147.135.185.78 Destination IP 139.59.23.241 Destination IP 176.126.70.119 Destination IP 142.4.205.47 Destination IP 217.12.210.54 Destination IP 142.4.205.47 Destination IP 89.35.39.64 Destination IP 69.164.196.21 Destination IP 142.4.205.47 Destination IP 69.164.196.21 Destination IP 63.231.92.27 Destination IP 185.164.136.225 Destination IP 139.59.23.241 Destination IP 51.255.211.146 Destination IP 63.231.92.27 Destination IP 35.196.105.24 Destination IP 5.135.183.146 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exepid process 1652 35683ac5bbcc63eb33d552878d02ff44582161d1ea1ff969b14ea326083ea780_unpacked.exe