Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
18/10/2024, 20:17
Behavioral task
behavioral1
Sample
6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe
Resource
win7-20241010-en
General
-
Target
6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe
-
Size
12.1MB
-
MD5
e9b7c03bfec3b32e34104c9b0cefab54
-
SHA1
c10325c5ef3a114201babaccff6d2788ae8d5ade
-
SHA256
6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff
-
SHA512
ea310613136cd09ef8ba516f20afc98e6511b5be5112f59e6c4f1a4dd172ba90c6374425bb43448ca409cf150e5865ef52619b21fa2506fcab99ab4894158838
-
SSDEEP
196608:wJV4VrkilC9WefqlfIRM3LhKC7DHhN8bhCgmsrpW9kElNmj9G/eK:w5ilC9DfqlfIg77NGbprAvmj9Gm
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral1/memory/2324-7-0x0000000001260000-0x0000000001EB6000-memory.dmp family_blackmoon -
Loads dropped DLL 1 IoCs
pid Process 2324 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe -
resource yara_rule behavioral1/memory/2324-0-0x0000000010000000-0x000000001054E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2324 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe 2324 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe 2324 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe 2324 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe 2324 6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe"C:\Users\Admin\AppData\Local\Temp\6b2629190ebcdff38f2987131cb63209192271881a5e08c4e1a7ca48a951d3ff.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2324
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD558ce1611349d9c3fdbe84019439819b2
SHA1110b3ba2d99629aa1148daca6aa2a350356305a6
SHA25636c7d8f359926e61290ede70a426b863470adc47312c3e4b6039a9ab4b63c9f6
SHA5123f46fcd3fd83ae7c7d20b016f9a58be0090f2e8c9342ffa915ca7e9e68c5212e46df18ba40270dcb96a9732b38e2d9a5895198cf07929df6c1872afb72bbd190