Analysis
-
max time kernel
73s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-11-2024 11:29
Static task
static1
Behavioral task
behavioral1
Sample
a24bc6a75b3beba90c859953aa1296cd94fa5caca30249797e7cfe45033012a4.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a24bc6a75b3beba90c859953aa1296cd94fa5caca30249797e7cfe45033012a4.dll
Resource
win10v2004-20241007-en
General
-
Target
a24bc6a75b3beba90c859953aa1296cd94fa5caca30249797e7cfe45033012a4.dll
-
Size
840KB
-
MD5
076d8f035a076e08674382e6f5932009
-
SHA1
adfcd4d77b118468662f709e37dd44888360f95d
-
SHA256
a24bc6a75b3beba90c859953aa1296cd94fa5caca30249797e7cfe45033012a4
-
SHA512
9fd94e6845451dadadc17b9cb37e29d21c33fd09c7c6a1d64fee9b1dcac8fcdfbfde0cdf78fe3e60f6092ed13c85f0930462ba8aa6898297762dc2d70bc74c70
-
SSDEEP
12288:U0DgYq89aJyKXwAmliposlBT0sVxVTJU7RnVhGqYtZsUSdEPG5:U0DgRiUAzFsD35TJU7RnzS3sUc5
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazarloader family
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2848-2-0x0000000180000000-0x0000000180034000-memory.dmp BazarLoaderVar5 behavioral1/memory/2848-3-0x0000000180000000-0x0000000180034000-memory.dmp BazarLoaderVar5