Overview

overview

10

Static

static

3

527376b2e1...ef.dll

windows7-x64

10

527376b2e1...ef.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    527376b2e1d03f444e35c46a59ae68ef.dll

  • Size

    1.1MB

  • MD5

    527376b2e1d03f444e35c46a59ae68ef

  • SHA1

    1e25f70e97edd21d60c5d993e6bf05fc4dbf6245

  • SHA256

    d5d7767b6c920c1e691bfb9db24d313abd864f883c33780ab180a096f589f78a

  • SHA512

    dca75b0899f69297d6f79b0ccf2b9dfda09be09529f66dff63c1f96f95b24bc62f99a08ef0585dcfcf3aa984f97a053e2b6f519dc41f4bd8548f295141786df7

  • SSDEEP

    12288:FkcwMgrI3Nf+aQY5HAu+U2Brko9dHg4MtVXoKpma0S8dCaBSPZC1XZ1elHVG:Gcw02cARUUAgCoK2S8IyXfu1G

Score
10/10
bazarloaderdropperloader

Malware Config

Extracted

Family

bazarloader

C2

greencloud46a.bazar

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\527376b2e1d03f444e35c46a59ae68ef.dll
    1⤵
      PID:2904
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\527376b2e1d03f444e35c46a59ae68ef.dll,StartW 3919421229
      1⤵
        PID:1728

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1728-1-0x0000000000390000-0x00000000003A4000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1728-2-0x000007FEF64F0000-0x000007FEF664D000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/1728-3-0x0000000000390000-0x00000000003A4000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2904-0-0x0000000000260000-0x0000000000274000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2904-4-0x000007FEF64F0000-0x000007FEF664D000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/2904-6-0x0000000000260000-0x0000000000274000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2904-16-0x000007FEF64F0000-0x000007FEF664D000-memory.dmp

        Filesize

        1.4MB

        Download