Analysis
-
max time kernel
95s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 00:07
Behavioral task
behavioral1
Sample
45d01f0e18b574b2657d92b02228b37dcc8f27c37002b52b066910ed63117850.dll
Resource
win7-20241010-en
3 signatures
150 seconds
General
-
Target
45d01f0e18b574b2657d92b02228b37dcc8f27c37002b52b066910ed63117850.dll
-
Size
543KB
-
MD5
0b87823d63a22fdd16954f8860c00f04
-
SHA1
ff00554a24a64333797f34b3d8c1671cd2bc4934
-
SHA256
45d01f0e18b574b2657d92b02228b37dcc8f27c37002b52b066910ed63117850
-
SHA512
3fbea94432ea35a017d81a23a356295428ec3da6b4f2c8ae31e5003404d30a12a473e0684407e2c126207426ec6cb6d77b4897a48a92bae46005acbcf93f7b7f
-
SSDEEP
12288:1ZZmPPNkJyNkiJWGvGVnXpb+U2R3uo98pAONg:1ZZuPN/NwymnXpb+UEeo9InW
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2112-0-0x0000000010000000-0x000000001008B000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral2/memory/2112-0-0x0000000010000000-0x000000001008B000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3512 wrote to memory of 2112 3512 rundll32.exe rundll32.exe PID 3512 wrote to memory of 2112 3512 rundll32.exe rundll32.exe PID 3512 wrote to memory of 2112 3512 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\45d01f0e18b574b2657d92b02228b37dcc8f27c37002b52b066910ed63117850.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\45d01f0e18b574b2657d92b02228b37dcc8f27c37002b52b066910ed63117850.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2112