bazarloader | 14a459aaee0a8ef5851953fcef309cfa5a762e9bf001c758d46fed97d285ded0 | Triage

Analysis

max time kernel
124s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 00:21

Sharing

Report Analysis Logs

General

Target

8570b97f7ac895f85418d612433e7cf4.dll
Size

254KB
MD5

8570b97f7ac895f85418d612433e7cf4
SHA1

90f95f4b37f802188b9ecb37133904b28405d16a
SHA256

14a459aaee0a8ef5851953fcef309cfa5a762e9bf001c758d46fed97d285ded0
SHA512

9527a8bb982941125f8787bb65a1de0788a7f503e8f1ae5f50b1cafb66ff8fd46c2fa2f18e408bcc79424a9807a50bfed4ebc3b0dcfa41690eb6dec7328cc10b
SSDEEP

6144:gUwf3gO7PJhR6SaDxROwF7GmHPWJRQjWRvB:glBL65caimOJ0WX

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1684-0-0x0000000001F40000-0x00000000020CC000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2012-1-0x0000000001BB0000-0x0000000001D3C000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2012-2-0x0000000001BB0000-0x0000000001D3C000-memory.dmp	BazarLoaderVar6
behavioral1/memory/1684-3-0x0000000001F40000-0x00000000020CC000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8570b97f7ac895f85418d612433e7cf4.dll
1⤵
PID:1684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\8570b97f7ac895f85418d612433e7cf4.dll,StartW 661827679
1⤵
PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1684-0-0x0000000001F40000-0x00000000020CC000-memory.dmp

Filesize
1.5MB

Download
memory/1684-3-0x0000000001F40000-0x00000000020CC000-memory.dmp

Filesize
1.5MB

Download
memory/2012-1-0x0000000001BB0000-0x0000000001D3C000-memory.dmp

Filesize
1.5MB

Download
memory/2012-2-0x0000000001BB0000-0x0000000001D3C000-memory.dmp

Filesize
1.5MB

Download