Analysis
-
max time kernel
224s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 08:37
Behavioral task
behavioral1
Sample
614b12c79ce95271bf3a0cefd9cae72fada16284541df85559bcf831540866fd.dll
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
General
-
Target
614b12c79ce95271bf3a0cefd9cae72fada16284541df85559bcf831540866fd.dll
-
Size
369KB
-
MD5
4e3afe2ed0f0f3ba785d38ab11c41840
-
SHA1
c9b6fd7f5d66e0b2a1615e6dd9115ebf8d54de5d
-
SHA256
614b12c79ce95271bf3a0cefd9cae72fada16284541df85559bcf831540866fd
-
SHA512
2999a716d871a730ff18472b4b06bd7e881d6a1b0460cb33bda694fac326b39de754d8b896fc304c2c35fa8236f5c4ed4a51a5d28a9bf76e1a58679745799569
-
SSDEEP
6144:tHWao/MtE0rOcx0J1ypTuNBpXgi2QDh0ICLy8NoH1vszYDbuRLpqluWnXCW+mhsJ:1Wao/vU41ybE90dLGEzwSRQbQmhz2s2y
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1100-56-0x0000000010000000-0x00000000100C1000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral1/memory/1100-56-0x0000000010000000-0x00000000100C1000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe PID 1484 wrote to memory of 1100 1484 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\614b12c79ce95271bf3a0cefd9cae72fada16284541df85559bcf831540866fd.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\614b12c79ce95271bf3a0cefd9cae72fada16284541df85559bcf831540866fd.dll,#12⤵