blackmoon | 3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9

Analysis

max time kernel
130s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2023 15:36

Target

3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9.dll
Size

113KB
MD5

82414dead2dfee972e3943c9e26738bc
SHA1

0a77ce21a5e3697e805630953b73911f562ff1b2
SHA256

3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9
SHA512

75dd77f3a123203196b968449316281518155d77a48ba26dd4d6fcdcfb358e40c102ec519b992db6e74343712cc361d87b0c7d6dac8ca9a761e47b0089ee8c67
SSDEEP

1536:DooBspOAAkGafox1bZoFcbxM+ebZz+x4X5IPFmSpvXkWfCxaIK7VDIc9Vb:DTB2AkvoiW++ebZcGcmgvXkcC7K7K6F

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1400-133-0x0000000001070000-0x0000000001087000-memory.dmp	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1400-136-0x0000000002AE0000-0x0000000002B69000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1252 wrote to memory of 1400	1252	rundll32.exe	rundll32.exe
PID 1252 wrote to memory of 1400	1252	rundll32.exe	rundll32.exe
PID 1252 wrote to memory of 1400	1252	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9.dll,#1
2⤵
PID:1400

memory/1400-133-0x0000000001070000-0x0000000001087000-memory.dmp

Filesize
92KB

Download
memory/1400-136-0x0000000002AE0000-0x0000000002B69000-memory.dmp

Filesize
548KB

Download