Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-06-2023 16:33
Behavioral task
behavioral1
Sample
01178199.dll
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
01178199.dll
-
Size
113KB
-
MD5
82414dead2dfee972e3943c9e26738bc
-
SHA1
0a77ce21a5e3697e805630953b73911f562ff1b2
-
SHA256
3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9
-
SHA512
75dd77f3a123203196b968449316281518155d77a48ba26dd4d6fcdcfb358e40c102ec519b992db6e74343712cc361d87b0c7d6dac8ca9a761e47b0089ee8c67
-
SSDEEP
1536:DooBspOAAkGafox1bZoFcbxM+ebZz+x4X5IPFmSpvXkWfCxaIK7VDIc9Vb:DTB2AkvoiW++ebZcGcmgvXkcC7K7K6F
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1440-54-0x00000000001B0000-0x00000000001C7000-memory.dmp family_blackmoon -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe PID 1408 wrote to memory of 1440 1408 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1440-54-0x00000000001B0000-0x00000000001C7000-memory.dmpFilesize
92KB