Overview

overview

10

Static

static

3

dl2.exe

windows7-x64

1

dl2.exe

windows10-2004-x64

10

Resubmissions

01-11-2024 12:33

241101-pradyaypdv 10

27-10-2024 23:08

241027-24hmasskhj 10

20-10-2024 16:28

241020-tyzdvsxgqb 3

20-10-2024 16:26

241020-tx2gtszekk 3

02-10-2024 11:53

241002-n2j6fsycqb 3

13-09-2024 04:59

240913-fmwxpswcpb 3

11-09-2024 15:54

240911-tcmg6sygmm 3

11-09-2024 15:53

240911-tbsmsszbnh 10

25-08-2024 22:53

240825-2t6als1gll 10

Analysis

  • max time kernel
    1050s
  • max time network
    1051s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dl2.exe

  • Size

    849KB

  • MD5

    c2055b7fbaa041d9f68b9d5df9b45edd

  • SHA1

    e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06

  • SHA256

    342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3

  • SHA512

    18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc

  • SSDEEP

    12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2

Score
10/10
bazarbackdoorbackdoordiscovery

Malware Config

Signatures

  • BazarBackdoor 64 IoCs

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    backdoorbazarbackdoor
  • Tries to connect to .bazar domain 64 IoCs

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Unexpected DNS network traffic destination 64 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dl2.exe
    "C:\Users\Admin\AppData\Local\Temp\dl2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2216
  • C:\Users\Admin\AppData\Local\Temp\dl2.exe
    C:\Users\Admin\AppData\Local\Temp\dl2.exe {A2709884-C870-49AC-84C2-CA099705D5A0}
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3496
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4048,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
    1⤵
      PID:2308
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      1⤵
        PID:4728
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3664,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:1
        1⤵
          PID:3492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4428,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1
          1⤵
          • BazarBackdoor
          PID:3708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5172,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:1
          1⤵
            PID:2396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5744,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
            1⤵
              PID:1624
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6028,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:1
              1⤵
                PID:1052
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6212,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1
                1⤵
                  PID:4020
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5164,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:1
                  1⤵
                    PID:4728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6052,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
                    1⤵
                      PID:3408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5832,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8
                      1⤵
                        PID:2104
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6376,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:1
                        1⤵
                          PID:3744
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6760,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:1
                          1⤵
                            PID:3556
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6356,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
                            1⤵
                              PID:2544
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6264,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
                              1⤵
                                PID:2068
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6988,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:1
                                1⤵
                                  PID:1488
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7160,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:8
                                  1⤵
                                    PID:2364
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6940,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:1
                                    1⤵
                                      PID:3984
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7888,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=7908 /prefetch:8
                                      1⤵
                                        PID:4992
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6984,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:1
                                        1⤵
                                          PID:944
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6276,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
                                          1⤵
                                            PID:1184
                                          • C:\Windows\system32\AUDIODG.EXE
                                            C:\Windows\system32\AUDIODG.EXE 0x524 0x51c
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:4120
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=6332,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=7908 /prefetch:1
                                            1⤵
                                              PID:3968
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=7256,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:1
                                              1⤵
                                                PID:3788
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=7260,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:1
                                                1⤵
                                                  PID:4380
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=7896,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:8
                                                  1⤵
                                                    PID:2128

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • memory/2216-1-0x0000000002060000-0x0000000002090000-memory.dmp

                                                    Filesize

                                                    192KB

                                                    Download

                                                  • memory/2216-8-0x00000000004F0000-0x00000000005F0000-memory.dmp

                                                    Filesize

                                                    1024KB

                                                    Download

                                                  • memory/2216-18-0x00000000004F0000-0x00000000005F0000-memory.dmp

                                                    Filesize

                                                    1024KB

                                                    Download

                                                  • memory/3496-17-0x0000000000660000-0x0000000000760000-memory.dmp

                                                    Filesize

                                                    1024KB

                                                    Download

                                                  • memory/3496-10-0x0000000002100000-0x0000000002130000-memory.dmp

                                                    Filesize

                                                    192KB

                                                    Download