Analysis
-
max time kernel
171s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 20:23
Static task
static1
Behavioral task
behavioral1
Sample
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll
-
Size
1.5MB
-
MD5
da9b94d6b5623d26a75121c3292439df
-
SHA1
fdc9f765bb454e26c1e542f787f62cd37ed7fe99
-
SHA256
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff
-
SHA512
f993d29051035465ccfd3c91bb329c5cb0cd496cdcfe1fab37f3ecefc2a300927e84d486746da5765f76207b4b8c70a57b61b328f8bd2c9fa3a50dd758b307cb
-
SSDEEP
24576:d7mGHd3AJapUt7yTD1BSDriDJJqDL3Q5qAQgtMl0DT5OsT5tiCfsK7QNR9qb0zXQ:d7vHNHyefuXSJJqDbRDgtM6ROsOCflK/
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2248-133-0x0000000010000000-0x00000000103FF000-memory.dmp family_blackmoon -
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 49 2248 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 2248 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1212 wrote to memory of 2248 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 2248 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 2248 1212 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of SetWindowsHookEx