Overview

overview

10

Static

static

3

aa5883c317...15.dll

windows7-x64

10

aa5883c317...15.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa5883c31754f3eeeb53daddf700ce15.dll

  • Size

    520KB

  • MD5

    aa5883c31754f3eeeb53daddf700ce15

  • SHA1

    c19347448014afa8133b33d3d7f96509273de17c

  • SHA256

    f52beed1ca842d704ac58e08a1e7daab0f528174fc37e56daf2ca3d76b8728e3

  • SHA512

    59839fe2d39f63b347b548fa98ff10fa0f5b78bb48b51676001603130623e1624348b00e8b3a8a5b28c2488e86be49bf2a13a05fecde4d573b16348de1c4cd65

  • SSDEEP

    12288:O8KYOYtWKnEWooxIixB7u/3gDIXUzsd4:N6YtWKnEWo4Hu/3g8Xld

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 10 IoCs
  • Tries to connect to .bazar domain 3 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination 3 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa5883c31754f3eeeb53daddf700ce15.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:3420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3420-0-0x00000245EE750000-0x00000245EE77A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3420-1-0x00000245EE750000-0x00000245EE77A000-memory.dmp

    Filesize

    168KB

    Download