Analysis
-
max time kernel
141s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29-12-2023 23:39
General
-
Target
0734500b39c49a7d1540a078cf764ae6.dll
-
Size
1.2MB
-
MD5
0734500b39c49a7d1540a078cf764ae6
-
SHA1
5b7ff496d9761d73cfd1bfa6bad26c0a752e3f9b
-
SHA256
282c8bb556eb3e2bf22836785ff04ebd1edab6cc36714f3b5a95dca9b9136767
-
SHA512
b155422f255acfc434db72ce3136a6c4089f9377d75811c5275a7a9ae3201bbdb0f817e15f5e215b5e6766d6161978707fcbd2d6909880a8203e992fc2905f36
-
SSDEEP
24576:rHvFVj8+YADTpPIeVCMaKoUo5/IyXZHa/K:/Y+YuTpPVPBwb
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
-
Tries to connect to .bazar domain 3 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 3 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0734500b39c49a7d1540a078cf764ae6.dll1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2180-0-0x0000000027AC0000-0x0000000027AFE000-memory.dmpFilesize
248KB
-
memory/2180-1-0x00007FF93FFC0000-0x00007FF940141000-memory.dmpFilesize
1.5MB
-
memory/2180-3-0x0000000027AC0000-0x0000000027AFE000-memory.dmpFilesize
248KB