bazarloader | a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6 | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 00:27

Sharing

Report Analysis Logs

General

Target

4663bba7172a24a9a46a1e2b8d1ed0df.dll
Size

403KB
MD5

4663bba7172a24a9a46a1e2b8d1ed0df
SHA1

a8d683cca49ac28a89a30418b94818be0184a887
SHA256

a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6
SHA512

48fb556ecda308ab9fe42f18283acb39a2dd2f57a07635867e6a09a9c733414902baf75901f33c8a2d0b6ec8a3b865237612ef92f9a59de795fff54fbc33f2b4
SSDEEP

12288:ZinPGC8lXe1gwijX52yN7stYqaHVbBBRY:gnPAlOWwIX5ZNpFY

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000120000-0x000000000015C000-memory.dmp	BazarLoaderVar5
behavioral1/memory/2084-1-0x0000000000120000-0x000000000015C000-memory.dmp	BazarLoaderVar5

Blocklisted process makes network request 7 IoCs

Processes:

rundll32.exe

flow pid process

2 2084 rundll32.exe
5 2084 rundll32.exe
6 2084 rundll32.exe
9 2084 rundll32.exe
10 2084 rundll32.exe
11 2084 rundll32.exe
14 2084 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4663bba7172a24a9a46a1e2b8d1ed0df.dll,#1
1⤵
- Blocklisted process makes network request
PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2084-0-0x0000000000120000-0x000000000015C000-memory.dmp

Filesize
240KB

Download
memory/2084-1-0x0000000000120000-0x000000000015C000-memory.dmp

Filesize
240KB

Download