Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
20-07-2023 11:19
Behavioral task
behavioral1
Sample
DKCat 7.7.exe
Resource
win7-20230712-en
windows7-x64
6 signatures
150 seconds
General
-
Target
DKCat 7.7.exe
-
Size
17.4MB
-
MD5
e0a0b8edf30dcdfee7590ced1dd6e8b5
-
SHA1
f4ce8e489cbbff3f625d3976404c16a24ead8c4c
-
SHA256
93d97957ce5113fbda9dfdb10646e790df4b15f79ef5ff748131e48010f1c52a
-
SHA512
a077695fa283625f7a76f235b3a06cd630b635a4f62529415de741def39dbd61f7804ebb4251f4841ab149d98014675a56979a3b05d6459a2aac9b670216d1ca
-
SSDEEP
393216:Bo8bw8WlwxsQiasvvLNOmYg3r3d51AyzmkiF1XZETT:K8bwVwqhasvvLNfpbN5aYgvpUT
Malware Config
Signatures
-
Detect Blackmoon payload 7 IoCs
Processes:
resource yara_rule behavioral1/memory/2068-57-0x0000000000400000-0x00000000015C5000-memory.dmp family_blackmoon behavioral1/memory/2068-69-0x0000000000400000-0x00000000015C5000-memory.dmp family_blackmoon behavioral1/memory/2068-73-0x0000000000400000-0x00000000015C5000-memory.dmp family_blackmoon behavioral1/memory/2068-72-0x0000000003460000-0x0000000003484000-memory.dmp family_blackmoon behavioral1/memory/2068-74-0x0000000000400000-0x00000000015C5000-memory.dmp family_blackmoon behavioral1/memory/2068-75-0x0000000003460000-0x0000000003484000-memory.dmp family_blackmoon behavioral1/memory/2068-78-0x0000000000400000-0x00000000015C5000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral1/memory/2068-55-0x0000000010000000-0x0000000010019000-memory.dmp upx behavioral1/memory/2068-72-0x0000000003460000-0x0000000003484000-memory.dmp upx behavioral1/memory/2068-71-0x0000000003030000-0x0000000003056000-memory.dmp upx behavioral1/memory/2068-75-0x0000000003460000-0x0000000003484000-memory.dmp upx behavioral1/memory/2068-76-0x0000000003030000-0x0000000003056000-memory.dmp upx behavioral1/memory/2068-77-0x0000000010000000-0x0000000010019000-memory.dmp upx behavioral1/memory/2068-79-0x0000000003030000-0x0000000003056000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
Processes:
DKCat 7.7.exedescription ioc process File created C:\Windows\SysWOW64\Dult.dll DKCat 7.7.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
DKCat 7.7.exedescription pid process Token: SeDebugPrivilege 2068 DKCat 7.7.exe Token: SeDebugPrivilege 2068 DKCat 7.7.exe Token: SeDebugPrivilege 2068 DKCat 7.7.exe Token: 1 2068 DKCat 7.7.exe Token: SeDebugPrivilege 2068 DKCat 7.7.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
DKCat 7.7.exepid process 2068 DKCat 7.7.exe 2068 DKCat 7.7.exe