Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
09-01-2024 09:59
General
-
Target
4e02ce310c2b7a1cebb58714781de17a.dll
-
Size
338KB
-
MD5
4e02ce310c2b7a1cebb58714781de17a
-
SHA1
48eb0eae7c68be446d6bdc9f44bd2ee2e286f2cf
-
SHA256
56772dca4331188918e3763a9e934e9c8e5994c06daf158f745419a4256dac91
-
SHA512
1e384b595802ac9a153a578ac617ef421aa6fd7cfd9bfc10f0ab4ddaffd2f2be7fac6bb377eebe3c60c6f97ca4b29617de2925520bde524c70ff03d896b3d99e
-
SSDEEP
6144:uZwKn8bxurvfUCEs7I4V2PsqHMc/PZ6RguROla0CWecIdn9TCwC6dU:zTbxuLfUCR2kQMgZ6W4OIePAU
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
-
Blocklisted process makes network request 11 IoCs
-
Tries to connect to .bazar domain 4 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4e02ce310c2b7a1cebb58714781de17a.dll,#11⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
-
Filesize
2.0MB