Overview

overview

10

Static

static

3

7878d90acc...88.dll

windows7-x64

10

7878d90acc...88.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7878d90accd6cc4fe959ad5b1936f088.dll

  • Size

    164KB

  • MD5

    7878d90accd6cc4fe959ad5b1936f088

  • SHA1

    82ec94f706762417831b9c26f8787862fdf59c65

  • SHA256

    eeb27e4f653a12fe328d33ea369769dc32f7e7bedca15da0dca4431f3ab1b4b3

  • SHA512

    3f74a38eea51bb455304e6671ec4038bc2a83fa0803ad45d48254526f049fa61a7d52c251c87bfa85c8aef7ec7d59dea1e00c0e07c25b98b4e18d2be882ec30d

  • SSDEEP

    3072:cTltpXTmRUD82PbjCb5lcUpLhUf05x97bsqWpaM0fB8U6xcBwVSuU1E7YbqnOuOX:CuC7jj05CUpLhUsj97hM28xmwUuUKkbr

Score
10/10
bazarloaderdropperloader

Malware Config

Extracted

Family

bazarloader

C2

167.99.240.197

207.154.236.187

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 4 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7878d90accd6cc4fe959ad5b1936f088.dll
    1⤵
      PID:2008
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\7878d90accd6cc4fe959ad5b1936f088.dll,DllRegisterServer {8BCE3489-DEAA-4A5C-BD65-BBD828D4DCB9}
      1⤵
        PID:388

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/388-1-0x000001E2D5890000-0x000001E2D5982000-memory.dmp

        Filesize

        968KB

        Download

      • memory/388-2-0x000001E2D5890000-0x000001E2D5982000-memory.dmp

        Filesize

        968KB

        Download

      • memory/2008-0-0x00000000028D0000-0x00000000029C2000-memory.dmp

        Filesize

        968KB

        Download

      • memory/2008-3-0x00000000028D0000-0x00000000029C2000-memory.dmp

        Filesize

        968KB

        Download