bazarloader | f95cdb0c9a4b9e5f5e27194ca8eb44d49641fec3f6a464736b30a2480752b78a

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 14:04

Target

becb0216cfd45e112799340ac0a76408.dll
Size

248KB
MD5

becb0216cfd45e112799340ac0a76408
SHA1

3fc22b1c2658644364e899f50f1d9225c438a934
SHA256

f95cdb0c9a4b9e5f5e27194ca8eb44d49641fec3f6a464736b30a2480752b78a
SHA512

ea244929af6a11da44a4a7fa1a43715094627879d167795b08dd96835604aa883cbb0babbf9173703534366176e30c06923ba015d6051e94b244935dc0488453
SSDEEP

3072:5VqfK66P8XNbzxYa0sJwoNp1e7Rdre5gTrnPlS6y1ZAn0Pe1k5c9azS+6IHEGABF:EVbzxYy7oDy5gQ6yMnKqJPoeGTY

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3572-0-0x0000000002E00000-0x0000000002F97000-memory.dmp	BazarLoaderVar6
behavioral2/memory/3484-1-0x000002660B3A0000-0x000002660B537000-memory.dmp	BazarLoaderVar6
behavioral2/memory/3484-2-0x000002660B3A0000-0x000002660B537000-memory.dmp	BazarLoaderVar6
behavioral2/memory/3572-3-0x0000000002E00000-0x0000000002F97000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\becb0216cfd45e112799340ac0a76408.dll
1⤵
PID:3572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\becb0216cfd45e112799340ac0a76408.dll,StartW 1086663750
1⤵
PID:3484

memory/3484-1-0x000002660B3A0000-0x000002660B537000-memory.dmp

Filesize
1.6MB

Download
memory/3484-2-0x000002660B3A0000-0x000002660B537000-memory.dmp

Filesize
1.6MB

Download
memory/3572-0-0x0000000002E00000-0x0000000002F97000-memory.dmp

Filesize
1.6MB

Download
memory/3572-3-0x0000000002E00000-0x0000000002F97000-memory.dmp

Filesize
1.6MB

Download