bazarloader | 1a7ac36779e8df2854cd900ef836e9ba34ec63f7831ab3dc8862f75007841682

Analysis

max time kernel
134s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 04:16

Target

987460a06683ea111a7ea34f7147d827.dll
Size

242KB
MD5

987460a06683ea111a7ea34f7147d827
SHA1

101fd95a1bf7e1a8ca8dd8b532c7cdca13f99ae6
SHA256

1a7ac36779e8df2854cd900ef836e9ba34ec63f7831ab3dc8862f75007841682
SHA512

2b3be76fea8c8a59359d58018566e1bf0cb771885bda232fff0966d9c8ccc6a3c2e3e1654bcd732c6177c057e03b8353c06eeefa021fd32b1b84a8d179c7383a
SSDEEP

3072:1yDxQe6tQD0u3EzAgdzF8iAYdDYR1GwrH+uZWHXkKvxl4msi9kDxw48K2XE:1uxQeEUp3wCAu1dDZeDsvxT8KiE

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2060-0-0x0000000001E40000-0x0000000001FCC000-memory.dmp	BazarLoaderVar6
behavioral1/memory/3056-1-0x0000000001FA0000-0x000000000212C000-memory.dmp	BazarLoaderVar6
behavioral1/memory/3056-2-0x0000000001FA0000-0x000000000212C000-memory.dmp	BazarLoaderVar6
behavioral1/memory/2060-3-0x0000000001E40000-0x0000000001FCC000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\987460a06683ea111a7ea34f7147d827.dll
1⤵
PID:2060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\987460a06683ea111a7ea34f7147d827.dll,StartW 2676596187
1⤵
PID:3056

memory/2060-0-0x0000000001E40000-0x0000000001FCC000-memory.dmp

Filesize
1.5MB

Download
memory/2060-3-0x0000000001E40000-0x0000000001FCC000-memory.dmp

Filesize
1.5MB

Download
memory/3056-1-0x0000000001FA0000-0x000000000212C000-memory.dmp

Filesize
1.5MB

Download
memory/3056-2-0x0000000001FA0000-0x000000000212C000-memory.dmp

Filesize
1.5MB

Download