Analysis Overview
SHA256
4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545
Threat Level: Known bad
The file 4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545 was found to be: Known bad.
Malicious Activity Summary
Detect Blackmoon payload
Blackmoon family
Reads user/profile data of web browsers
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 23:15
Signatures
Blackmoon family
Detect Blackmoon payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 23:15
Reported
2024-06-14 23:18
Platform
win7-20231129-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Reads user/profile data of web browsers
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe
"C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 23:15
Reported
2024-06-14 23:18
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
157s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe
"C:\Users\Admin\AppData\Local\Temp\4d56dc1fa7df270ada5d6d10bacb35e84bcf9799fa295bf9128315ef2f014545.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |