blackmoon | 99f11de265b93fb5ea9178319536a6b9c2330319055dfde4c3ff00290e1bc6a8

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06d9d8cedde716878e768d521aa87a90_NeikiAnalytics.dll
Size

2.0MB
MD5

06d9d8cedde716878e768d521aa87a90
SHA1

dea82eab5371e5d2bedef30eaa8fab7e06cb0288
SHA256

99f11de265b93fb5ea9178319536a6b9c2330319055dfde4c3ff00290e1bc6a8
SHA512

7e895140f041c05ea167545a3786ce32ef2f4a9315160d8407a694cb54b5caf5b2353fe1eadcbca4159f38bc1afbd2658248b62b98f78a2d7aed0e7155617c84
SSDEEP

49152:WqnwXmwq3aDqKoq1axl+h2Y8L0CPvdvs3P2mY8f2IGgi:SmwZDqKoq1ao78L0CPvdgumLBTi

Score

10^/10

blackmoon banker trojan

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 3 IoCs

resource	yara_rule
behavioral1/memory/640-12-0x0000000010000000-0x00000000104DC000-memory.dmp	family_blackmoon
behavioral1/memory/640-15-0x0000000010000000-0x00000000104DC000-memory.dmp	family_blackmoon
behavioral1/memory/640-14-0x0000000010000000-0x00000000104DC000-memory.dmp	family_blackmoon

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28
PID 1932 wrote to memory of 640	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06d9d8cedde716878e768d521aa87a90_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06d9d8cedde716878e768d521aa87a90_NeikiAnalytics.dll,#1
  2⤵
  PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-0-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-1-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-4-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-3-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-11-0x0000000002080000-0x0000000002200000-memory.dmp

Filesize
1.5MB

Download
memory/640-13-0x0000000010001000-0x0000000010009000-memory.dmp

Filesize
32KB

Download
memory/640-12-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-15-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-14-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-10-0x0000000000190000-0x00000000001DA000-memory.dmp

Filesize
296KB

Download
memory/640-9-0x0000000001E70000-0x0000000001F80000-memory.dmp

Filesize
1.1MB

Download
memory/640-8-0x00000000001F0000-0x00000000001FC000-memory.dmp

Filesize
48KB

Download
memory/640-7-0x00000000001E0000-0x00000000001F0000-memory.dmp

Filesize
64KB

Download
memory/640-6-0x0000000000140000-0x0000000000144000-memory.dmp

Filesize
16KB

Download
memory/640-5-0x0000000010000000-0x00000000104DC000-memory.dmp

Filesize
4.9MB

Download
memory/640-2-0x0000000000190000-0x00000000001DA000-memory.dmp

Filesize
296KB

Download
memory/640-17-0x0000000000190000-0x00000000001DA000-memory.dmp

Filesize
296KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads