bazarloader | d5d7767b6c920c1e691bfb9db24d313abd864f883c33780ab180a096f589f78a

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 03:48

Target

527376b2e1d03f444e35c46a59ae68ef.dll
Size

1.1MB
MD5

527376b2e1d03f444e35c46a59ae68ef
SHA1

1e25f70e97edd21d60c5d993e6bf05fc4dbf6245
SHA256

d5d7767b6c920c1e691bfb9db24d313abd864f883c33780ab180a096f589f78a
SHA512

dca75b0899f69297d6f79b0ccf2b9dfda09be09529f66dff63c1f96f95b24bc62f99a08ef0585dcfcf3aa984f97a053e2b6f519dc41f4bd8548f295141786df7
SSDEEP

12288:FkcwMgrI3Nf+aQY5HAu+U2Brko9dHg4MtVXoKpma0S8dCaBSPZC1XZ1elHVG:Gcw02cARUUAgCoK2S8IyXfu1G

Score

10^/10

Family

bazarloader

greencloud46a.bazar

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 6 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1440-0-0x00000000282F0000-0x0000000028304000-memory.dmp	BazarLoaderVar6
behavioral2/memory/4428-1-0x0000020F03800000-0x0000020F03814000-memory.dmp	BazarLoaderVar6
behavioral2/memory/4428-2-0x00007FFECD360000-0x00007FFECD4BD000-memory.dmp	BazarLoaderVar6
behavioral2/memory/4428-3-0x0000020F03800000-0x0000020F03814000-memory.dmp	BazarLoaderVar6
behavioral2/memory/1440-4-0x00007FFECD360000-0x00007FFECD4BD000-memory.dmp	BazarLoaderVar6
behavioral2/memory/1440-6-0x00000000282F0000-0x0000000028304000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\527376b2e1d03f444e35c46a59ae68ef.dll
1⤵
PID:1440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\527376b2e1d03f444e35c46a59ae68ef.dll,StartW 261244943
1⤵
PID:4428

memory/1440-0-0x00000000282F0000-0x0000000028304000-memory.dmp

Filesize
80KB

Download
memory/1440-4-0x00007FFECD360000-0x00007FFECD4BD000-memory.dmp

Filesize
1.4MB

Download
memory/1440-6-0x00000000282F0000-0x0000000028304000-memory.dmp

Filesize
80KB

Download
memory/4428-1-0x0000020F03800000-0x0000020F03814000-memory.dmp

Filesize
80KB

Download
memory/4428-2-0x00007FFECD360000-0x00007FFECD4BD000-memory.dmp

Filesize
1.4MB

Download
memory/4428-3-0x0000020F03800000-0x0000020F03814000-memory.dmp

Filesize
80KB

Download