Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 02:26
Behavioral task
behavioral1
Sample
0a3be07da6d17bbf32cfe693563f1be4e83a0e2e6fe5c739ea58d51fbcc5fd0f.exe
Resource
win7-20240508-en
4 signatures
150 seconds
General
-
Target
0a3be07da6d17bbf32cfe693563f1be4e83a0e2e6fe5c739ea58d51fbcc5fd0f.exe
-
Size
10.0MB
-
MD5
5ac2195af11c4528c3077fdc417493ac
-
SHA1
28e54ed02e9c22f2ca2d3f17b959b18fe4f6bcf4
-
SHA256
0a3be07da6d17bbf32cfe693563f1be4e83a0e2e6fe5c739ea58d51fbcc5fd0f
-
SHA512
ce0fa05af9dbcccd8a8dca6e54c490c472291045ce41282cd6da71d3eab3299b1ecff9af42a19970034b40cef5550aacc6686c7af60b1daa5dfe48ea07d8fb27
-
SSDEEP
196608:BnTh4skmKHU+Za1H57zp/ghEzjvCG56IqS5641kvhKJtOQRq0wY2rVIUMwrf:BqbviH57fvxqY64eYJtXt/2FhL
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1136-1-0x0000000000400000-0x00000000018B7000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral2/memory/1136-0-0x0000000000400000-0x00000000018B7000-memory.dmp upx behavioral2/memory/1136-1-0x0000000000400000-0x00000000018B7000-memory.dmp upx -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
0a3be07da6d17bbf32cfe693563f1be4e83a0e2e6fe5c739ea58d51fbcc5fd0f.exepid process 1136 0a3be07da6d17bbf32cfe693563f1be4e83a0e2e6fe5c739ea58d51fbcc5fd0f.exe