Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-04-2024 09:59
General
-
Target
26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23.dll
-
Size
342KB
-
MD5
ff28c8c7a68cca3b06e78e5397d66721
-
SHA1
bbb8eef4bbc0a8296963039682cbc4e3be3364f8
-
SHA256
26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23
-
SHA512
5d0fdb3858abccf2b54e642e17cc1f504cd70d2028cceede82cf55399671e550850dd5bfaf91fc794fa441a7d6a6e63ec0d51e68122cb6f3e221e16f81451bee
-
SSDEEP
6144:r7bqnqgeK6XkQA+wGVSZRujeFUwdaZ5weTqKKv6:rnqqgeK6xp3gZMjeBTKAv6
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 5 IoCs
-
Blocklisted process makes network request 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23.dll,#11⤵
- Blocklisted process makes network request
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\26cac671e215d88b5070af7d94200588d2b7c414a6e8debf7370b993fcfffb23.dll,#1 {D2FD3686-378E-4BAB-B310-6D581BBEFE2F}1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1564-1-0x00000235F4450000-0x00000235F461E000-memory.dmpFilesize
1.8MB
-
memory/1564-2-0x00000235F4450000-0x00000235F461E000-memory.dmpFilesize
1.8MB
-
memory/3096-0-0x0000017E39C80000-0x0000017E39E4E000-memory.dmpFilesize
1.8MB
-
memory/3096-3-0x0000017E39C80000-0x0000017E39E4E000-memory.dmpFilesize
1.8MB
-
memory/3096-4-0x0000017E39C80000-0x0000017E39E4E000-memory.dmpFilesize
1.8MB