Analysis
-
max time kernel
151s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
27-12-2023 14:21
General
-
Target
b2ecd207b38890a16653912d8003844c.dll
-
Size
426KB
-
MD5
b2ecd207b38890a16653912d8003844c
-
SHA1
e164c354fc691aa34ad400a772c994d3292f07b9
-
SHA256
fadb58b40ce2cbf2af1ded0c0b3c91354b761796ef8d9d8d48a4e64e4a543dba
-
SHA512
6487ad80e5a5cb276b3576d585ba277b41fa36868f642b88efab70c381cac45255f18f6b445cf473a0378fd5a7e9e5d4f748e2b08a50058728d71b98a69bcafd
-
SSDEEP
6144:ubT9YZt0qelf5iAWHqwbV8nr4Sjeom/ewvE4qHMi3NqvAC60qqU3PW6EF0is21jB:jY+x8nry1tvE4K0qY6Euu1jaiuo
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
-
Blocklisted process makes network request 13 IoCs
-
Tries to connect to .bazar domain 4 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ecd207b38890a16653912d8003844c.dll,#11⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/804-0-0x00000210F9830000-0x00000210F9AB9000-memory.dmpFilesize
2.5MB
-
memory/804-1-0x00000210F9830000-0x00000210F9AB9000-memory.dmpFilesize
2.5MB