bazarloader | 17bcc755df1b327d5f92b3d5989a6f83b7943faef3fdafba299c689aa571a709 | Triage

Analysis

max time kernel
31s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2023 17:47

Sharing

Report Analysis Logs

General

Target

45.dll
Size

1.1MB
MD5

6cd915e2bcd069e00a07f6a5972df3a6
SHA1

861de8c73281481250546d6e7ee2d1e6e4ec88eb
SHA256

17bcc755df1b327d5f92b3d5989a6f83b7943faef3fdafba299c689aa571a709
SHA512

957a9ad548574209eb359a7c96f688449b860e129b83da269e7f6d7eb5357e540d24ac6b2bffd1d04750583388644ac62335528a2ced18204c1af8cc7f8db9c9
SSDEEP

12288:/H5XOsLid1/rwf5H55U6tz7w3QXo2eaphdCaBSPZC1XZBTR:/5Xels55U6tz7woo2bIyXPTR

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2908-132-0x00000277F7B60000-0x00000277F7B74000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2936-133-0x000002476D6C0000-0x000002476D6D4000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2936-134-0x000002476D6C0000-0x000002476D6D4000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2908-135-0x00000277F7B60000-0x00000277F7B74000-memory.dmp	BazarLoaderVar6

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

16 2908 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45.dll,#1
1⤵
- Blocklisted process makes network request
PID:2908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\45.dll,#1 597843702
1⤵
PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2908-132-0x00000277F7B60000-0x00000277F7B74000-memory.dmp

Filesize
80KB

Download
memory/2908-135-0x00000277F7B60000-0x00000277F7B74000-memory.dmp

Filesize
80KB

Download
memory/2936-133-0x000002476D6C0000-0x000002476D6D4000-memory.dmp

Filesize
80KB

Download
memory/2936-134-0x000002476D6C0000-0x000002476D6D4000-memory.dmp

Filesize
80KB

Download