bazarloader | f76e7cd06b55791776d60e67d51fceabcd25894f250ea51033ad1c0fcaeda0c1

Analysis

max time kernel
135s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-02-2024 10:45

Target

91c9d040bdf83cc355811ba465a21d10.dll
Size

248KB
MD5

91c9d040bdf83cc355811ba465a21d10
SHA1

06c403686dae975ef72c6ac60437a0e2cdfee320
SHA256

f76e7cd06b55791776d60e67d51fceabcd25894f250ea51033ad1c0fcaeda0c1
SHA512

7846f90d0165de673eba77e9927d1a5300a023e3fc2d6a02af2ebb5d98bee03de35e5dc503f1050e10c63dca537a3be969ce4f75971e673feef3456551e42406
SSDEEP

3072:5VqfK66P8XNbzxYa0sJwoNp1e7Rdre5gTrnPlS6y1ZAn0Pe1k5c9azS+6IHEGABg:EVbzxYy7oDy5gQ6yMnKqJPoeGTF

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2000-0-0x0000000001E60000-0x0000000001FF7000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2436-1-0x0000000001D10000-0x0000000001EA7000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2436-2-0x0000000001D10000-0x0000000001EA7000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2000-3-0x0000000001E60000-0x0000000001FF7000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\91c9d040bdf83cc355811ba465a21d10.dll
1⤵
PID:2000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\91c9d040bdf83cc355811ba465a21d10.dll,StartW 2942181318
1⤵
PID:2436

memory/2000-0-0x0000000001E60000-0x0000000001FF7000-memory.dmp

Filesize
1.6MB

Download
memory/2000-3-0x0000000001E60000-0x0000000001FF7000-memory.dmp

Filesize
1.6MB

Download
memory/2436-1-0x0000000001D10000-0x0000000001EA7000-memory.dmp

Filesize
1.6MB

Download
memory/2436-2-0x0000000001D10000-0x0000000001EA7000-memory.dmp

Filesize
1.6MB

Download