Analysis
-
max time kernel
150s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
11-05-2023 03:49
Behavioral task
behavioral1
Sample
c7ceba999ae1987059509ac4eaec21b32800e501005fffeead566bf2f9d5c29c.exe
Resource
win7-20230220-en
windows7-x64
4 signatures
150 seconds
General
-
Target
c7ceba999ae1987059509ac4eaec21b32800e501005fffeead566bf2f9d5c29c.exe
-
Size
2.2MB
-
MD5
f772f257f10db544eae72c462f21878c
-
SHA1
0104c7d4942a552504f7e287b06b8dbb43d2874b
-
SHA256
c7ceba999ae1987059509ac4eaec21b32800e501005fffeead566bf2f9d5c29c
-
SHA512
fe9bf66e6ab072c4c79e82a3bd5d33f0478d93d8bfcb52ce2c3b1a2f49e346591c8adf4a00ebd143584b703ee2ef97d5014101b56d3104e90a560382e09483a5
-
SSDEEP
49152:brZlHdYb+Z434XQsJ7WOwzcLtC6L1Rm3tWXm+K+WqCsm:b9rS+nQALw8tVBR8tWXrVWBsm
Malware Config
Signatures
-
Detect Blackmoon payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/2024-54-0x0000000000400000-0x0000000000877000-memory.dmp family_blackmoon behavioral1/memory/2024-65-0x0000000000400000-0x0000000000877000-memory.dmp family_blackmoon behavioral1/memory/2024-67-0x0000000000400000-0x0000000000877000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral1/memory/2024-54-0x0000000000400000-0x0000000000877000-memory.dmp upx behavioral1/memory/2024-61-0x00000000008C0000-0x00000000008F6000-memory.dmp upx behavioral1/memory/2024-62-0x00000000008C0000-0x00000000008F6000-memory.dmp upx behavioral1/memory/2024-65-0x0000000000400000-0x0000000000877000-memory.dmp upx behavioral1/memory/2024-66-0x00000000008C0000-0x00000000008F6000-memory.dmp upx behavioral1/memory/2024-67-0x0000000000400000-0x0000000000877000-memory.dmp upx -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
c7ceba999ae1987059509ac4eaec21b32800e501005fffeead566bf2f9d5c29c.exepid process 2024 c7ceba999ae1987059509ac4eaec21b32800e501005fffeead566bf2f9d5c29c.exe