blackmoon | d7de145c213d9fcce8fa3d72619d368ae6ce816ce1ee2ba48d0d85f889315677

Analysis

max time kernel
138s
max time network
146s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 18:48

Target

23642f69a3c6e20aa101598ee9f6831a_JaffaCakes118.dll
Size

80KB
MD5

23642f69a3c6e20aa101598ee9f6831a
SHA1

f95510b0a7ede76879bd3b397964fbeb87618aa8
SHA256

d7de145c213d9fcce8fa3d72619d368ae6ce816ce1ee2ba48d0d85f889315677
SHA512

10b5f9d114d67d25408d98cbf27dad66f84a67cc9c65ff3ffce81663ec401b2778ba5e0efabd67208bb8fd7d8fa9bfc76c8c0c3edfd84679ad51e30142678ed5
SSDEEP

768:UedoF/PjJaIm//39QqUHBNadria2edb9HmZELLsdbIWRWeFWxZ:U9Dm/P9xUH6drb2edb9G4iSxZ

Score

10^/10

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 2 IoCs

resource	yara_rule
behavioral1/memory/2220-0-0x0000000010000000-0x0000000010014000-memory.dmp	family_blackmoon
behavioral1/memory/2220-19-0x0000000010000000-0x0000000010014000-memory.dmp	family_blackmoon

Blocklisted process makes network request 3 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28
PID 2244 wrote to memory of 2220	2244	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23642f69a3c6e20aa101598ee9f6831a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\23642f69a3c6e20aa101598ee9f6831a_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2220

memory/2220-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2220-19-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download