Analysis
-
max time kernel
135s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2023 16:33
Behavioral task
behavioral1
Sample
01178199.dll
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
01178199.dll
-
Size
113KB
-
MD5
82414dead2dfee972e3943c9e26738bc
-
SHA1
0a77ce21a5e3697e805630953b73911f562ff1b2
-
SHA256
3dd7f8db8a449765b1e0932394a1b310229ad492ca943ab396fa8d709446dfa9
-
SHA512
75dd77f3a123203196b968449316281518155d77a48ba26dd4d6fcdcfb358e40c102ec519b992db6e74343712cc361d87b0c7d6dac8ca9a761e47b0089ee8c67
-
SSDEEP
1536:DooBspOAAkGafox1bZoFcbxM+ebZz+x4X5IPFmSpvXkWfCxaIK7VDIc9Vb:DTB2AkvoiW++ebZcGcmgvXkcC7K7K6F
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2840-134-0x0000000002830000-0x0000000002847000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral2/memory/2840-133-0x0000000010000000-0x0000000010062000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 748 wrote to memory of 2840 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2840 748 rundll32.exe rundll32.exe PID 748 wrote to memory of 2840 748 rundll32.exe rundll32.exe