Analysis
-
max time kernel
171s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
29-11-2022 20:23
General
-
Target
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll
-
Size
1.5MB
-
MD5
da9b94d6b5623d26a75121c3292439df
-
SHA1
fdc9f765bb454e26c1e542f787f62cd37ed7fe99
-
SHA256
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff
-
SHA512
f993d29051035465ccfd3c91bb329c5cb0cd496cdcfe1fab37f3ecefc2a300927e84d486746da5765f76207b4b8c70a57b61b328f8bd2c9fa3a50dd758b307cb
-
SSDEEP
24576:d7mGHd3AJapUt7yTD1BSDriDJJqDL3Q5qAQgtMl0DT5OsT5tiCfsK7QNR9qb0zXQ:d7vHNHyefuXSJJqDbRDgtM6ROsOCflK/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 1 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2248-132-0x0000000000000000-mapping.dmp
-
memory/2248-133-0x0000000010000000-0x00000000103FF000-memory.dmpFilesize
4.0MB
-
memory/2248-134-0x00000000005C0000-0x00000000005C3000-memory.dmpFilesize
12KB