Analysis
-
max time kernel
9s -
max time network
11s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10-01-2023 17:43
Static task
static1
Behavioral task
behavioral1
Sample
45.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
45.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
45.dll
-
Size
1.1MB
-
MD5
6cd915e2bcd069e00a07f6a5972df3a6
-
SHA1
861de8c73281481250546d6e7ee2d1e6e4ec88eb
-
SHA256
17bcc755df1b327d5f92b3d5989a6f83b7943faef3fdafba299c689aa571a709
-
SHA512
957a9ad548574209eb359a7c96f688449b860e129b83da269e7f6d7eb5357e540d24ac6b2bffd1d04750583388644ac62335528a2ced18204c1af8cc7f8db9c9
-
SSDEEP
12288:/H5XOsLid1/rwf5H55U6tz7w3QXo2eaphdCaBSPZC1XZBTR:/5Xels55U6tz7woo2bIyXPTR
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/1676-54-0x0000000001DB0000-0x0000000001DC4000-memory.dmp BazarLoaderVar6 behavioral1/memory/2028-55-0x0000000001BB0000-0x0000000001BC4000-memory.dmp BazarLoaderVar6 behavioral1/memory/2028-56-0x0000000001BB0000-0x0000000001BC4000-memory.dmp BazarLoaderVar6 -
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 2 1676 rundll32.exe 4 1676 rundll32.exe