Overview

overview

10

Static

static

86d2aa0498...74.dll

windows7-x64

10

86d2aa0498...74.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    573s
  • max time network
    591s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2022 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74.dll

  • Size

    248KB

  • MD5

    5f11f2db1295fa419b190bd7478d9b23

  • SHA1

    96d6c37fa0046a8dc1c520249dc94122e0fb3f52

  • SHA256

    86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74

  • SHA512

    67ad34ae4b4e8296a749144b9d53c702aa96087485735c12f4b8608cfa40d62924d19f6727663fd5fc79aac543a5ee6ccf0588e7df96af74901d99979e2d90f6

  • SSDEEP

    3072:n1mD7Jo7475RoucVCqIYnqnLv9qIauz2eU1aoIt60z5W9XT25p:n4JQ475Ro5luv9qIauz2exeT2n

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 4 IoCs
  • Blocklisted process makes network request 8 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:2280
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\86d2aa04988befc74eccca5d99550f67093969b31aafa11cdce3476a4c59ba74.dll,#1 2010625686
    1⤵
      PID:3708

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2280-132-0x000001F795680000-0x000001F7957F6000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2280-133-0x000001F795680000-0x000001F7957F6000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/3708-134-0x0000022945080000-0x00000229451F6000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/3708-135-0x0000022945080000-0x00000229451F6000-memory.dmp
      Filesize

      1.5MB

      Download