blackmoon | 23175922758d8cf9cdd2a44759251ef148c7594b23fcd17de93bba8a660661fd | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 06:26

Sharing

Report Analysis Logs

General

Target

967d0941159c9983c56a9223e2eec543.dll
Size

27KB
MD5

967d0941159c9983c56a9223e2eec543
SHA1

0f2cbe86cf6fd3c798054711a3f109f3bac71af1
SHA256

23175922758d8cf9cdd2a44759251ef148c7594b23fcd17de93bba8a660661fd
SHA512

039b6823379dedb1615944fae7aa691d5f660cf9afb91550dc9f90fc0254aa438143bbe70b912607b23d7400024d2221622751670daf72a4264f5dd86b1797d2
SSDEEP

768:rFDAYMNBrQFJzbuZOIbAnaUjW9+A+Ynfz:JLsdYbgOTn9FA+07

Score

10^/10

blackmoon banker trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
behavioral1/memory/2204-1-0x0000000010000000-0x000000001002E000-memory.dmp	family_blackmoon

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2204-0-0x0000000010000000-0x000000001002E000-memory.dmp	upx
behavioral1/memory/2204-1-0x0000000010000000-0x000000001002E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28
PID 1340 wrote to memory of 2204	1340	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\967d0941159c9983c56a9223e2eec543.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\967d0941159c9983c56a9223e2eec543.dll,#1
  2⤵
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-0-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/2204-1-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download