Analysis
-
max time kernel
74s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2023 15:34
Behavioral task
behavioral1
Sample
82414dead2dfee972e3943c9e26738bc.dll
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
82414dead2dfee972e3943c9e26738bc.dll
-
Size
113KB
-
MD5
82414dead2dfee972e3943c9e26738bc
-
SHA1
0a77ce21a5e3697e805630953b73911f562ff1b2
-
SHA256
3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9
-
SHA512
75dd77f3a123203196b968449316281518155d77a48ba26dd4d6fcdcfb358e40c102ec519b992db6e74343712cc361d87b0c7d6dac8ca9a761e47b0089ee8c67
-
SSDEEP
1536:DooBspOAAkGafox1bZoFcbxM+ebZz+x4X5IPFmSpvXkWfCxaIK7VDIc9Vb:DTB2AkvoiW++ebZcGcmgvXkcC7K7K6F
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4584-133-0x0000000000D50000-0x0000000000D67000-memory.dmp family_blackmoon -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4540 wrote to memory of 4584 4540 rundll32.exe rundll32.exe PID 4540 wrote to memory of 4584 4540 rundll32.exe rundll32.exe PID 4540 wrote to memory of 4584 4540 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\82414dead2dfee972e3943c9e26738bc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\82414dead2dfee972e3943c9e26738bc.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4584-133-0x0000000000D50000-0x0000000000D67000-memory.dmpFilesize
92KB