Analysis
-
max time kernel
11s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 06:43
Behavioral task
behavioral1
Sample
d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe
Resource
win7-20240220-en
General
-
Target
d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe
-
Size
452KB
-
MD5
ea792852c9779df6b985f30006d2874b
-
SHA1
acc1403b0049670216ff392d9b0d75af8f989773
-
SHA256
d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f
-
SHA512
b437d7e06e973f29cdc63ea3adc4615de431631a7ff70ef4a7f13fc26ed5fab7cc539f67f623acd19dd4ef5d97191ded3a72129eb52bf68e27dba5667e9a7cbd
-
SSDEEP
6144:/vPBvEQR6H3Udg2FuHRfepwqHpA7b2+yO2COKCZj:/vpv/R6H3U25fehHpAW+yOBOKCZj
Malware Config
Signatures
-
Detect Blackmoon payload 6 IoCs
Processes:
resource yara_rule behavioral1/memory/2080-0-0x0000000000400000-0x0000000000473000-memory.dmp family_blackmoon C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe family_blackmoon behavioral1/memory/2684-21-0x0000000000400000-0x0000000000473000-memory.dmp family_blackmoon C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe family_blackmoon behavioral1/memory/2080-25-0x0000000000400000-0x0000000000473000-memory.dmp family_blackmoon behavioral1/memory/2684-44-0x0000000000400000-0x0000000000473000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 6 IoCs
Processes:
resource yara_rule behavioral1/memory/2080-0-0x0000000000400000-0x0000000000473000-memory.dmp UPX C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe UPX behavioral1/memory/2684-21-0x0000000000400000-0x0000000000473000-memory.dmp UPX C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe UPX behavioral1/memory/2080-25-0x0000000000400000-0x0000000000473000-memory.dmp UPX behavioral1/memory/2684-44-0x0000000000400000-0x0000000000473000-memory.dmp UPX -
Processes:
resource yara_rule behavioral1/memory/2080-0-0x0000000000400000-0x0000000000473000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe upx behavioral1/memory/2684-21-0x0000000000400000-0x0000000000473000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe upx behavioral1/memory/2080-25-0x0000000000400000-0x0000000000473000-memory.dmp upx behavioral1/memory/2684-44-0x0000000000400000-0x0000000000473000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe"C:\Users\Admin\AppData\Local\Temp\d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe"1⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe"C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe"2⤵PID:2684
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
452KB
MD5d536441acbd266db6c8a893b52084b26
SHA1990fbbec0ca4b25f18da8cc313ac96485668e02a
SHA256269b1ab0b598d2ae5bbefd8a86a2ebd0bb83abe17d36edc08ffd621afdf98f14
SHA5128864770837a3004ab44123e6637057ef64b6fbeb926d3064ef5b1a9c29796c4bce64ffa07304e0dec152adc54c194260edc51f3c475a84c94bae5f84d83ca0ef
-
Filesize
448KB
MD52d8b2f1e79fbd9bb922649afe2fd91e4
SHA1ed2593c5497a844787525d20aeb08206fac7cf71
SHA256173cad168d1e4064098a002c523030f3cc4bb997c8e5a743fce87d9a0cb60dd0
SHA512dd40e9e79e0e1eccf4265c47bc06dcfc812199fcc333d046aed67a716df1dc779b4638a31f61001a275f944da58d43eee84e82b99fd6518f5e5d2387e53dd24e
-
Filesize
102B
MD56fa22cbe209fe66f58fae365dc1394a1
SHA164782510384216673e2ab2f4261bca5ca2aaa3e7
SHA256ea4c428dd784b4e57a40cbe966153fde96f577ca17ee6ad36e608a5c387287af
SHA5128a2858cf6c06a7d1a5834a20337f4fbe3297e1db57b6fcbbc0a04bc4321742d344253bb55102df64a8b291e0eede67c4114d5da2feb9eba470f3e6c2a7adfff2