Overview

overview

10

Static

static

3

cbe21d2476...d5.dll

windows7-x64

10

cbe21d2476...d5.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2023 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbe21d2476581f644111521640d61ed5.dll

  • Size

    752KB

  • MD5

    cbe21d2476581f644111521640d61ed5

  • SHA1

    223a129329d34def069bad1647b296e566875dff

  • SHA256

    845eb9098b4a5b366d578fb665e6e14c24a1703fe7c6c3447def026acfac259d

  • SHA512

    72e495b911a62c5f9089f33e3a72dcabdfd3f89b6f0b77882a79cca2f897e306274596bf7548411b6eed373f9dd772bd8ff518d61f9f42989e47b61ae047a3aa

  • SSDEEP

    12288:KwjCELPU6Vfcjw92HrLC9CHx2UY6tML2rn65hYdJ7V:pLP1Zc7rmUoUY6t0Qn652j7V

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe21d2476581f644111521640d61ed5.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4396-0-0x000001BE1FE40000-0x000001BE1FE6A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4396-1-0x000001BE1FE40000-0x000001BE1FE6A000-memory.dmp

    Filesize

    168KB

    Download