bazarloader | bd1182eb3595956ac524dc8d13e1df4bc1d9a0f8e7f2e14d2331bb26750d1df9 | Triage

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 10:04

Sharing

Report Analysis Logs

General

Target

d7b8b4a606c8b2dfebfb882afa35bca7.dll
Size

1.2MB
MD5

d7b8b4a606c8b2dfebfb882afa35bca7
SHA1

e276135a072675aa65b37a0cfd576e1f3637604e
SHA256

bd1182eb3595956ac524dc8d13e1df4bc1d9a0f8e7f2e14d2331bb26750d1df9
SHA512

d0f3b5e8a8ab94c808929cfefdf33e5ba5e39f587a96ed5222222b618e2a1ed2b52e20ad3b49d0dc845f24800815572ddbe4df7ba4172c962625835136ed6960
SSDEEP

24576:rHvFVj8+YADTpPIeVCMaKoUo5/IyXZHa/L:/Y+YuTpPVPBwW

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2368-0-0x0000000001F00000-0x0000000001F3E000-memory.dmp	BazarLoaderVar5
behavioral1/memory/2368-1-0x000007FEF6330000-0x000007FEF64B1000-memory.dmp	BazarLoaderVar5
behavioral1/memory/2368-3-0x0000000001F00000-0x0000000001F3E000-memory.dmp	BazarLoaderVar5

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d7b8b4a606c8b2dfebfb882afa35bca7.dll
1⤵
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-0-0x0000000001F00000-0x0000000001F3E000-memory.dmp

Filesize
248KB

Download
memory/2368-1-0x000007FEF6330000-0x000007FEF64B1000-memory.dmp

Filesize
1.5MB

Download
memory/2368-3-0x0000000001F00000-0x0000000001F3E000-memory.dmp

Filesize
248KB

Download