Analysis
-
max time kernel
124s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
30-06-2023 12:44
General
-
Target
youtube.dll
-
Size
214KB
-
MD5
9a4ef0169f86641aa99017049de272f5
-
SHA1
82e1a3868eff88753fe30abedf7c83620aaddd13
-
SHA256
d21d616f6052e8b62292fcc6d9fd9ee2a3b549c59ca76aa8ef5a96cd163512ac
-
SHA512
9b9bff3e64ee7f060679b3ff8704b8f89057748906198c674e7ebec7a51e33023af119997877790837389905090d57559eadc49811f53973b7ed91f3552c9e84
-
SSDEEP
6144:VW2ARP1XewB7c6waMtO507a3DXx3FqcZSV:VWdRcwNC1o58afqcZSV
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\youtube.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c timeout 6 > NUL & "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\youtube.dll", #1 ZF3bI6aD VI0rr2aG & exit2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout 63⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\youtube.dll", #1 ZF3bI6aD VI0rr2aG3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/768-133-0x000001C0F99A0000-0x000001C0F99C0000-memory.dmpFilesize
128KB
-
memory/768-134-0x000001C0F99A0000-0x000001C0F99C0000-memory.dmpFilesize
128KB
-
memory/3504-135-0x000001EF32F50000-0x000001EF32F70000-memory.dmpFilesize
128KB