Overview

overview

10

Static

static

3

7878d90acc...88.dll

windows7-x64

10

7878d90acc...88.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7878d90accd6cc4fe959ad5b1936f088.dll

  • Size

    164KB

  • MD5

    7878d90accd6cc4fe959ad5b1936f088

  • SHA1

    82ec94f706762417831b9c26f8787862fdf59c65

  • SHA256

    eeb27e4f653a12fe328d33ea369769dc32f7e7bedca15da0dca4431f3ab1b4b3

  • SHA512

    3f74a38eea51bb455304e6671ec4038bc2a83fa0803ad45d48254526f049fa61a7d52c251c87bfa85c8aef7ec7d59dea1e00c0e07c25b98b4e18d2be882ec30d

  • SSDEEP

    3072:cTltpXTmRUD82PbjCb5lcUpLhUf05x97bsqWpaM0fB8U6xcBwVSuU1E7YbqnOuOX:CuC7jj05CUpLhUsj97hM28xmwUuUKkbr

Score
10/10
bazarloaderdropperloader

Malware Config

Extracted

Family

bazarloader

C2

167.99.240.197

207.154.236.187

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 4 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7878d90accd6cc4fe959ad5b1936f088.dll
    1⤵
      PID:2276
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\7878d90accd6cc4fe959ad5b1936f088.dll,DllRegisterServer {67CD75B2-1271-4D35-976D-C4A4B1FAD695}
      1⤵
        PID:1428

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1428-1-0x0000000001C30000-0x0000000001D22000-memory.dmp
        Filesize

        968KB

        Download
      • memory/1428-2-0x0000000001C30000-0x0000000001D22000-memory.dmp
        Filesize

        968KB

        Download
      • memory/2276-0-0x0000000001EF0000-0x0000000001FE2000-memory.dmp
        Filesize

        968KB

        Download
      • memory/2276-3-0x0000000001EF0000-0x0000000001FE2000-memory.dmp
        Filesize

        968KB

        Download