Analysis
-
max time kernel
142s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 18:35
Behavioral task
behavioral1
Sample
Trainer.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
150 seconds
General
-
Target
Trainer.exe
-
Size
566KB
-
MD5
e37bf3eed1c3bbb23271d1ca91ccfa5e
-
SHA1
a22860c22e04b788a5e5060ab0ac55569ea9c9cb
-
SHA256
bc73fe503dfded3413f4afbdca39dbcf1b3d96d325292e828772a35d6f3fa097
-
SHA512
af08cad7fc1903c7f7192e951d8ebf89c6c277ef64cf989e7242fe621e889142dfdb64d48bab72484a582431dadb8ead1aa9e44c84aadb45d649fec766524e16
-
SSDEEP
12288:kmzFRuXZvJuVdMQOAQjgJr4EjWYp8E5quiDS8zLKVwM3tTyHUerR:xzFk1J0daATrTL8Eo3DSOL6wM3Vf
Malware Config
Signatures
-
Detect Blackmoon payload 4 IoCs
Processes:
resource yara_rule behavioral1/memory/3000-2-0x0000000011110000-0x00000000113BF000-memory.dmp family_blackmoon behavioral1/memory/3000-1-0x0000000011110000-0x00000000113BF000-memory.dmp family_blackmoon behavioral1/memory/3000-11-0x0000000011110000-0x00000000113BF000-memory.dmp family_blackmoon behavioral1/memory/3000-26-0x0000000011110000-0x00000000113BF000-memory.dmp family_blackmoon -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Trainer.exedescription pid process Token: SeDebugPrivilege 3000 Trainer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
Trainer.exepid process 3000 Trainer.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
Trainer.exepid process 3000 Trainer.exe