bazarloader | 97b2ad04759e405abbde284e7b1e3d3169c013e54300af180a11bd5eb85170d7

Analysis

max time kernel
134s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-01-2024 19:16

Target

80a5d7cf0563d404b31cbe9ce0acc928.dll
Size

248KB
MD5

80a5d7cf0563d404b31cbe9ce0acc928
SHA1

58c3f8eef13ec9a783bed3173aa50eecf3cf6f86
SHA256

97b2ad04759e405abbde284e7b1e3d3169c013e54300af180a11bd5eb85170d7
SHA512

3ec6c8115c24b6be44e0488173ac6012db3feeba620444c2d7484ad8705f22aa0b0a9ba017643873830c31c64225a774cb3cbbb2990fbdd7ee914a167cb68a63
SSDEEP

3072:5VqfK66P8XNbzxYa0sJwoNp1e7Rdre5gTrnPlS6y1ZAn0Pe1k5c9azS+6IHEGABP:EVbzxYy7oDy5gQ6yMnKqJPoeGTq

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2964-0-0x0000000001ED0000-0x0000000002067000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2692-1-0x0000000001D10000-0x0000000001EA7000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2692-2-0x0000000001D10000-0x0000000001EA7000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2964-3-0x0000000001ED0000-0x0000000002067000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\80a5d7cf0563d404b31cbe9ce0acc928.dll
1⤵
PID:2964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\80a5d7cf0563d404b31cbe9ce0acc928.dll,StartW 1586707784
1⤵
PID:2692

memory/2692-1-0x0000000001D10000-0x0000000001EA7000-memory.dmp

Filesize
1.6MB

Download
memory/2692-2-0x0000000001D10000-0x0000000001EA7000-memory.dmp

Filesize
1.6MB

Download
memory/2964-0-0x0000000001ED0000-0x0000000002067000-memory.dmp

Filesize
1.6MB

Download
memory/2964-3-0x0000000001ED0000-0x0000000002067000-memory.dmp

Filesize
1.6MB

Download