Overview

overview

10

Static

static

3

98ed90d195...9a.dll

windows7-x64

10

98ed90d195...9a.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2024 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98ed90d195c526a149a4df51da593f9a.dll

  • Size

    338KB

  • MD5

    98ed90d195c526a149a4df51da593f9a

  • SHA1

    0dc8a9522b390770f5d46d50703e677cd1326a06

  • SHA256

    aecaf4d991c7932cdb64113ab26248a302171b91584ad20055217ce75ed41ae9

  • SHA512

    3de7e734b32702e7fe004ab2b8b7a9fd4e60e799b04912228fab16ab3edf16e6d5f080c8760f0621644649073344e1085e340076c29f3c53caddb54e11faea41

  • SSDEEP

    6144:uZwKn8bxurvfUCEs7I4V2PsqHMc/PZ6RguROla0CWecIdn9TCwC6d6:zTbxuLfUCR2kQMgZ6W4OIePA6

Score
10/10
bazarloaderdropperloader

Malware Config

Signatures

  • Bazar Loader

    Detected loader normally used to deploy BazarBackdoor malware.

    loaderdropperbazarloader
  • Bazar/Team9 Loader payload 2 IoCs
  • Blocklisted process makes network request 10 IoCs
  • Tries to connect to .bazar domain 1 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\98ed90d195c526a149a4df51da593f9a.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2944-0-0x0000000001EE0000-0x00000000020DA000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-1-0x0000000001EE0000-0x00000000020DA000-memory.dmp

    Filesize

    2.0MB

    Download