Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 13:13
Static task
static1
Behavioral task
behavioral1
Sample
20e3b7d04d121321733b6eb698a09138.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
20e3b7d04d121321733b6eb698a09138.dll
Resource
win10v2004-20231215-en
General
-
Target
20e3b7d04d121321733b6eb698a09138.dll
-
Size
164KB
-
MD5
20e3b7d04d121321733b6eb698a09138
-
SHA1
5e1f1b0fb181c523db6d58ccc8eb91f43231457a
-
SHA256
33578b9c002760c65df50edee28db75dab43e5e55019852cd63d77e5c870c06f
-
SHA512
52282718088e24a82aad2f084a64629004737f8f0569ddcb1128b629f6fba13686b48d48fa886ff0c6fe10d3c9a1b70835f7d0ba939297ff1b432e41fe27518f
-
SSDEEP
3072:iEBgM/gPzVNBoQxJbhzHZJ6uwNHNhqlHSSseyVIj42zCgwUzHLg:ij3PBoQRzHZr4hqVS6yVIU2X
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4592-0-0x000001B0B7EE0000-0x000001B0B7EF4000-memory.dmp BazarLoaderVar6 behavioral2/memory/3568-7-0x0000016838270000-0x0000016838284000-memory.dmp BazarLoaderVar6 -
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 34 4592 rundll32.exe 110 4592 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20e3b7d04d121321733b6eb698a09138.dll,#11⤵
- Blocklisted process makes network request
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\20e3b7d04d121321733b6eb698a09138.dll,#1 28852971511⤵