Analysis
-
max time kernel
132s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-12-2023 04:08
Static task
static1
Behavioral task
behavioral1
Sample
52f7a51c10ed1af473b8e49753b1a776.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
52f7a51c10ed1af473b8e49753b1a776.dll
Resource
win10v2004-20231215-en
General
-
Target
52f7a51c10ed1af473b8e49753b1a776.dll
-
Size
338KB
-
MD5
52f7a51c10ed1af473b8e49753b1a776
-
SHA1
3810802f7f9291f4c8a3a9c2b0adf2359b33cd92
-
SHA256
2bc93ff34de7019410fb251d7dcfeb731795e8375402eca5a526dbe1ffbb6f04
-
SHA512
63dda9738f7e178c70e5ab9974268c48453ba358be65e169594a77e36f82e5787914488c0c09967f43a39446ec5ec6fd4fe4ba1c4ec834c2c6d3f25c96bd268f
-
SSDEEP
6144:uZwKn8bxurvfUCEs7I4V2PsqHMc/PZ6RguROla0CWecIdn9TCwC6dT:zTbxuLfUCR2kQMgZ6W4OIePAT
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2024-0-0x0000000001C30000-0x0000000001E2A000-memory.dmp BazarLoaderVar5 behavioral1/memory/2024-1-0x0000000001C30000-0x0000000001E2A000-memory.dmp BazarLoaderVar5 -
Blocklisted process makes network request 8 IoCs
Processes:
rundll32.exeflow pid process 2 2024 rundll32.exe 5 2024 rundll32.exe 6 2024 rundll32.exe 7 2024 rundll32.exe 8 2024 rundll32.exe 9 2024 rundll32.exe 10 2024 rundll32.exe 11 2024 rundll32.exe