bazarloader | 29fc04ad420d5b64e7f420c6d9b4f86b9ee4e36483538d4e3b1835950baca760 | Triage

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 12:37

Sharing

Report Analysis Logs

General

Target

Documents.dll
Size

724KB
MD5

d7e7cf2ed643c84f35da54f6abbc8409
SHA1

4eaff70353abf1a9d1caf840d7a23c3f72fc5bb6
SHA256

4374f12287c158cc6e9421640b459455307e471711cc41f5666a1cbc553a3eb3
SHA512

cdf21fdcece645df88392bb9a0a865cb6ff5180d25bdeffab3a781c58612c84e0b2de1cbca8dacbfd307e3afcaf1fb5f60527f572c6b6098a43defc142799b21
SSDEEP

12288:eZ8/FEwPCrLWmPKaDkseX533dzRm1qZLCpCj8FhCJQ7hmEJMz:nWr9CMkT33d92iLCCaXh1JM

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 3 IoCs

resource	yara_rule
behavioral3/memory/2212-2-0x0000000180000000-0x000000018002A000-memory.dmp	BazarLoaderVar5
behavioral3/memory/2212-3-0x0000000180000000-0x000000018002A000-memory.dmp	BazarLoaderVar5
behavioral3/memory/2212-4-0x0000000180000000-0x000000018002A000-memory.dmp	BazarLoaderVar5

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Documents.dll,#1
1⤵
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2212-0-0x0000000000410000-0x0000000000433000-memory.dmp

Filesize
140KB

Download
memory/2212-2-0x0000000180000000-0x000000018002A000-memory.dmp

Filesize
168KB

Download
memory/2212-3-0x0000000180000000-0x000000018002A000-memory.dmp

Filesize
168KB

Download
memory/2212-4-0x0000000180000000-0x000000018002A000-memory.dmp

Filesize
168KB

Download