Overview

overview

10

Static

static

3

20e3b7d04d...38.dll

windows7-x64

10

20e3b7d04d...38.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20e3b7d04d121321733b6eb698a09138.dll

  • Size

    164KB

  • MD5

    20e3b7d04d121321733b6eb698a09138

  • SHA1

    5e1f1b0fb181c523db6d58ccc8eb91f43231457a

  • SHA256

    33578b9c002760c65df50edee28db75dab43e5e55019852cd63d77e5c870c06f

  • SHA512

    52282718088e24a82aad2f084a64629004737f8f0569ddcb1128b629f6fba13686b48d48fa886ff0c6fe10d3c9a1b70835f7d0ba939297ff1b432e41fe27518f

  • SSDEEP

    3072:iEBgM/gPzVNBoQxJbhzHZJ6uwNHNhqlHSSseyVIj42zCgwUzHLg:ij3PBoQRzHZr4hqVS6yVIU2X

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\20e3b7d04d121321733b6eb698a09138.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:4592
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\20e3b7d04d121321733b6eb698a09138.dll,#1 2885297151
    1⤵
      PID:3568

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3568-7-0x0000016838270000-0x0000016838284000-memory.dmp
      Filesize

      80KB

      Download
    • memory/4592-0-0x000001B0B7EE0000-0x000001B0B7EF4000-memory.dmp
      Filesize

      80KB

      Download