Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 09:19
Behavioral task
behavioral1
Sample
a42cb44a4c5ed9bff32ec46b21de9cfe88d1d9625cac95842229d8cde7e76318.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
a42cb44a4c5ed9bff32ec46b21de9cfe88d1d9625cac95842229d8cde7e76318.exe
-
Size
4.8MB
-
MD5
244722b3da49ca5f504d997b545a6c93
-
SHA1
4cdda78d442463d96cef9e1e7a98537a81fffb40
-
SHA256
a42cb44a4c5ed9bff32ec46b21de9cfe88d1d9625cac95842229d8cde7e76318
-
SHA512
d16336aba2ed9c9e8912b276f6eed8cc1fa26a34265bcea061d0f5c66af9ddc1d121610974ee7ee07e1520d0bef28f5ae88f840065abb5ad32f57f1a501b42cf
-
SSDEEP
98304:BnTQ1u4sWhmKH0j+wFyra4m5Yzy57pG6fTjRjz/gehMN+dzjvi:BnTh4skmKHU+Za1H57zp/ghEzjvi
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2356-1-0x0000000000400000-0x00000000018B7000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral2/memory/2356-0-0x0000000000400000-0x00000000018B7000-memory.dmp upx behavioral2/memory/2356-1-0x0000000000400000-0x00000000018B7000-memory.dmp upx -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
a42cb44a4c5ed9bff32ec46b21de9cfe88d1d9625cac95842229d8cde7e76318.exepid process 2356 a42cb44a4c5ed9bff32ec46b21de9cfe88d1d9625cac95842229d8cde7e76318.exe