Malware Analysis Report

2024-08-06 01:45

Sample ID 240410-rhapfsae95
Target cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b
SHA256 cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b
Tags
bazarloader dropper loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b

Threat Level: Known bad

The file cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b was found to be: Known bad.

Malicious Activity Summary

bazarloader dropper loader

Bazar Loader

Bazar/Team9 Loader payload

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-10 14:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-10 14:11

Reported

2024-04-10 14:14

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

158s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b.dll

Signatures

Bazar Loader

loader dropper bazarloader

Bazar/Team9 Loader payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b.dll

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b.dll,DllRegisterServer {5ED4E003-0045-45C0-90D5-99594AF5FB4F}

Network

Country Destination Domain Proto
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 microsoft.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 20.112.250.133:443 microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 72.246.173.187:443 www.microsoft.com tcp
US 8.8.8.8:53 133.250.112.20.in-addr.arpa udp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 162.33.179.245:443 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

memory/336-0-0x0000000002780000-0x00000000027AA000-memory.dmp

memory/4608-1-0x000001BE8CE90000-0x000001BE8CEBA000-memory.dmp

memory/4608-2-0x000001BE8CE90000-0x000001BE8CEBA000-memory.dmp

memory/336-3-0x0000000002780000-0x00000000027AA000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-10 14:11

Reported

2024-04-10 14:13

Platform

win7-20240220-en

Max time kernel

132s

Max time network

144s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b.dll

Signatures

Bazar Loader

loader dropper bazarloader

Bazar/Team9 Loader payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b.dll

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbd830c745bbec26733214798fe144c61ef4bac342c853f8a08b682077b2178b.dll,DllRegisterServer {ED7A28AA-40DB-489F-B628-EFC6E83BD53D}

Network

Country Destination Domain Proto
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:443 microsoft.com tcp
US 20.112.250.133:443 microsoft.com tcp
US 162.33.179.245:443 tcp
US 162.33.179.245:443 tcp

Files

memory/2860-0-0x0000000001C90000-0x0000000001CBA000-memory.dmp

memory/2484-1-0x0000000001DA0000-0x0000000001DCA000-memory.dmp

memory/2484-2-0x0000000001DA0000-0x0000000001DCA000-memory.dmp

memory/2860-3-0x0000000001C90000-0x0000000001CBA000-memory.dmp