Analysis
-
max time kernel
141s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
20-03-2024 03:03
General
-
Target
d7b8b4a606c8b2dfebfb882afa35bca7.dll
-
Size
1.2MB
-
MD5
d7b8b4a606c8b2dfebfb882afa35bca7
-
SHA1
e276135a072675aa65b37a0cfd576e1f3637604e
-
SHA256
bd1182eb3595956ac524dc8d13e1df4bc1d9a0f8e7f2e14d2331bb26750d1df9
-
SHA512
d0f3b5e8a8ab94c808929cfefdf33e5ba5e39f587a96ed5222222b618e2a1ed2b52e20ad3b49d0dc845f24800815572ddbe4df7ba4172c962625835136ed6960
-
SSDEEP
24576:rHvFVj8+YADTpPIeVCMaKoUo5/IyXZHa/L:/Y+YuTpPVPBwW
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 3 IoCs
-
Tries to connect to .bazar domain 4 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\d7b8b4a606c8b2dfebfb882afa35bca7.dll1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2908-0-0x00000000276A0000-0x00000000276DE000-memory.dmpFilesize
248KB
-
memory/2908-1-0x00007FFEF6C00000-0x00007FFEF6D81000-memory.dmpFilesize
1.5MB
-
memory/2908-3-0x00000000276A0000-0x00000000276DE000-memory.dmpFilesize
248KB