Analysis
-
max time kernel
106s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02-06-2023 14:40
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
General
-
Target
tmp.exe
-
Size
4.3MB
-
MD5
ab3ad25cdcf1f451563cf08b50f415a1
-
SHA1
e684008debaa280316ab4c35d47479a20d030057
-
SHA256
a53c8d5d80b788145c7903b7fac6515f4ec6064a78f175ef224ed6f8ef071e2d
-
SHA512
b8e9d1973162bdd18f53e3917d9ddb36eea25f78bd22be1b06c5e171b08292a7cd23c9c39e783394708c701e902c510a23f67219dafc479d1b7289219e7bf9e4
-
SSDEEP
98304:NS3PA2sI9rJZndrsPfACApodEiyaww2owkeIFNQTSSYTM9YKe9AYoDDN5xnr7GMj:NS/AtI9rOPIhU72o5Np7KMhoDh5xnI2Z
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral2/memory/4820-139-0x0000000000400000-0x0000000000A7A000-memory.dmp family_blackmoon -
Loads dropped DLL 1 IoCs
pid Process 4820 tmp.exe -
resource yara_rule behavioral2/memory/4820-133-0x0000000000400000-0x0000000000A7A000-memory.dmp upx behavioral2/memory/4820-139-0x0000000000400000-0x0000000000A7A000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4820 tmp.exe 4820 tmp.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.4MB
MD58b6c94bbdbfb213e94a5dcb4fac28ce3
SHA1b56102ca4f03556f387f8b30e2b404efabe0cb65
SHA256982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53
SHA5129d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a