Analysis
-
max time kernel
140s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11-01-2024 07:57
General
-
Target
52f7a51c10ed1af473b8e49753b1a776.dll
-
Size
338KB
-
MD5
52f7a51c10ed1af473b8e49753b1a776
-
SHA1
3810802f7f9291f4c8a3a9c2b0adf2359b33cd92
-
SHA256
2bc93ff34de7019410fb251d7dcfeb731795e8375402eca5a526dbe1ffbb6f04
-
SHA512
63dda9738f7e178c70e5ab9974268c48453ba358be65e169594a77e36f82e5787914488c0c09967f43a39446ec5ec6fd4fe4ba1c4ec834c2c6d3f25c96bd268f
-
SSDEEP
6144:uZwKn8bxurvfUCEs7I4V2PsqHMc/PZ6RguROla0CWecIdn9TCwC6dT:zTbxuLfUCR2kQMgZ6W4OIePAT
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
-
Blocklisted process makes network request 11 IoCs
-
Tries to connect to .bazar domain 4 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\52f7a51c10ed1af473b8e49753b1a776.dll,#11⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
-
Filesize
2.0MB