Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11-01-2024 03:48
General
-
Target
527376b2e1d03f444e35c46a59ae68ef.dll
-
Size
1.1MB
-
MD5
527376b2e1d03f444e35c46a59ae68ef
-
SHA1
1e25f70e97edd21d60c5d993e6bf05fc4dbf6245
-
SHA256
d5d7767b6c920c1e691bfb9db24d313abd864f883c33780ab180a096f589f78a
-
SHA512
dca75b0899f69297d6f79b0ccf2b9dfda09be09529f66dff63c1f96f95b24bc62f99a08ef0585dcfcf3aa984f97a053e2b6f519dc41f4bd8548f295141786df7
-
SSDEEP
12288:FkcwMgrI3Nf+aQY5HAu+U2Brko9dHg4MtVXoKpma0S8dCaBSPZC1XZ1elHVG:Gcw02cARUUAgCoK2S8IyXfu1G
Score
10/10
Malware Config
Extracted
Family
bazarloader
C2
greencloud46a.bazar
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 6 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\527376b2e1d03f444e35c46a59ae68ef.dll1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\527376b2e1d03f444e35c46a59ae68ef.dll,StartW 2612449431⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1440-0-0x00000000282F0000-0x0000000028304000-memory.dmpFilesize
80KB
-
memory/1440-4-0x00007FFECD360000-0x00007FFECD4BD000-memory.dmpFilesize
1.4MB
-
memory/1440-6-0x00000000282F0000-0x0000000028304000-memory.dmpFilesize
80KB
-
memory/4428-1-0x0000020F03800000-0x0000020F03814000-memory.dmpFilesize
80KB
-
memory/4428-2-0x00007FFECD360000-0x00007FFECD4BD000-memory.dmpFilesize
1.4MB
-
memory/4428-3-0x0000020F03800000-0x0000020F03814000-memory.dmpFilesize
80KB