Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
06-01-2024 13:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4663bba7172a24a9a46a1e2b8d1ed0df.dll
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4663bba7172a24a9a46a1e2b8d1ed0df.dll
Resource
win10v2004-20231215-en
6 signatures
150 seconds
General
-
Target
4663bba7172a24a9a46a1e2b8d1ed0df.dll
-
Size
403KB
-
MD5
4663bba7172a24a9a46a1e2b8d1ed0df
-
SHA1
a8d683cca49ac28a89a30418b94818be0184a887
-
SHA256
a314401b8e12130bea249a3734022a8ebd46b8e65b18535db60944a00e84e6f6
-
SHA512
48fb556ecda308ab9fe42f18283acb39a2dd2f57a07635867e6a09a9c733414902baf75901f33c8a2d0b6ec8a3b865237612ef92f9a59de795fff54fbc33f2b4
-
SSDEEP
12288:ZinPGC8lXe1gwijX52yN7stYqaHVbBBRY:gnPAlOWwIX5ZNpFY
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2868-0-0x0000000000170000-0x00000000001AC000-memory.dmp BazarLoaderVar5 behavioral1/memory/2868-1-0x0000000000170000-0x00000000001AC000-memory.dmp BazarLoaderVar5 -
Blocklisted process makes network request 9 IoCs
Processes:
rundll32.exeflow pid process 2 2868 rundll32.exe 3 2868 rundll32.exe 4 2868 rundll32.exe 5 2868 rundll32.exe 6 2868 rundll32.exe 7 2868 rundll32.exe 8 2868 rundll32.exe 10 2868 rundll32.exe 12 2868 rundll32.exe