Overview

overview

10

Static

static

86d2aa0498...74.dll

windows7-x64

10

86d2aa0498...74.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    558s
  • max time network
    574s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2022 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74.dll

  • Size

    248KB

  • MD5

    5f11f2db1295fa419b190bd7478d9b23

  • SHA1

    96d6c37fa0046a8dc1c520249dc94122e0fb3f52

  • SHA256

    86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74

  • SHA512

    67ad34ae4b4e8296a749144b9d53c702aa96087485735c12f4b8608cfa40d62924d19f6727663fd5fc79aac543a5ee6ccf0588e7df96af74901d99979e2d90f6

  • SSDEEP

    3072:n1mD7Jo7475RoucVCqIYnqnLv9qIauz2eU1aoIt60z5W9XT25p:n4JQ475Ro5luv9qIauz2exeT2n

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 12 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:1600
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74.dll,#1 2297601789
    1⤵
      PID:452

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/452-55-0x0000000001CF0000-0x0000000001E66000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/1600-54-0x0000000001C70000-0x0000000001DE6000-memory.dmp
      Filesize

      1.5MB

      Download