bazarloader | 1a7ac36779e8df2854cd900ef836e9ba34ec63f7831ab3dc8862f75007841682

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 04:16

Target

987460a06683ea111a7ea34f7147d827.dll
Size

242KB
MD5

987460a06683ea111a7ea34f7147d827
SHA1

101fd95a1bf7e1a8ca8dd8b532c7cdca13f99ae6
SHA256

1a7ac36779e8df2854cd900ef836e9ba34ec63f7831ab3dc8862f75007841682
SHA512

2b3be76fea8c8a59359d58018566e1bf0cb771885bda232fff0966d9c8ccc6a3c2e3e1654bcd732c6177c057e03b8353c06eeefa021fd32b1b84a8d179c7383a
SSDEEP

3072:1yDxQe6tQD0u3EzAgdzF8iAYdDYR1GwrH+uZWHXkKvxl4msi9kDxw48K2XE:1uxQeEUp3wCAu1dDZeDsvxT8KiE

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4188-0-0x0000000002B20000-0x0000000002CAC000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2228-1-0x0000017521B20000-0x0000017521CAC000-memory.dmp	BazarLoaderVar6
behavioral2/memory/2228-2-0x0000017521B20000-0x0000017521CAC000-memory.dmp	BazarLoaderVar6
behavioral2/memory/4188-3-0x0000000002B20000-0x0000000002CAC000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\987460a06683ea111a7ea34f7147d827.dll
1⤵
PID:4188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\987460a06683ea111a7ea34f7147d827.dll,StartW 3855697912
1⤵
PID:2228

memory/2228-1-0x0000017521B20000-0x0000017521CAC000-memory.dmp

Filesize
1.5MB

Download
memory/2228-2-0x0000017521B20000-0x0000017521CAC000-memory.dmp

Filesize
1.5MB

Download
memory/4188-0-0x0000000002B20000-0x0000000002CAC000-memory.dmp

Filesize
1.5MB

Download
memory/4188-3-0x0000000002B20000-0x0000000002CAC000-memory.dmp

Filesize
1.5MB

Download