Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-12-2023 00:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4663bba7172a24a9a46a1e2b8d1ed0df.dll
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4663bba7172a24a9a46a1e2b8d1ed0df.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
4663bba7172a24a9a46a1e2b8d1ed0df.dll
-
Size
403KB
-
MD5
4663bba7172a24a9a46a1e2b8d1ed0df
-
SHA1
a8d683cca49ac28a89a30418b94818be0184a887
-
SHA256
a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6
-
SHA512
48fb556ecda308ab9fe42f18283acb39a2dd2f57a07635867e6a09a9c733414902baf75901f33c8a2d0b6ec8a3b865237612ef92f9a59de795fff54fbc33f2b4
-
SSDEEP
12288:ZinPGC8lXe1gwijX52yN7stYqaHVbBBRY:gnPAlOWwIX5ZNpFY
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2084-0-0x0000000000120000-0x000000000015C000-memory.dmp BazarLoaderVar5 behavioral1/memory/2084-1-0x0000000000120000-0x000000000015C000-memory.dmp BazarLoaderVar5 -
Blocklisted process makes network request 7 IoCs
Processes:
rundll32.exeflow pid process 2 2084 rundll32.exe 5 2084 rundll32.exe 6 2084 rundll32.exe 9 2084 rundll32.exe 10 2084 rundll32.exe 11 2084 rundll32.exe 14 2084 rundll32.exe