Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-10-2024 08:59
Behavioral task
behavioral1
Sample
LDvar.exe
Resource
win7-20240903-en
windows7-x64
6 signatures
150 seconds
General
-
Target
LDvar.exe
-
Size
8.4MB
-
MD5
2d7b09cd5f12fb6a3fc07e269a639051
-
SHA1
d06feae2a5289e717ce173398754fa1a9b96e874
-
SHA256
ccc9f3d84c2251de94f54d03c62257b21ec7eeef29c16931fae4e06ef367c3fe
-
SHA512
fc36080c9cfe80948d048b027f365d76f93c186e12d359bb6768b8e91563c26790db9ca14b09c0c5d8d0575bef0f39992ac2a1bb06af367ee4a06dfd0b4cebc0
-
SSDEEP
196608:uRUxISBSxiw0pACjs/V7Uu8qGZRErzqCBa/8bJ225iStHg3:uuhBZyVP8PZREr7azIFt2
Malware Config
Signatures
-
Detect Blackmoon payload 3 IoCs
Processes:
resource yara_rule behavioral1/memory/2784-39-0x0000000000400000-0x0000000001815000-memory.dmp family_blackmoon behavioral1/memory/2784-40-0x0000000000400000-0x0000000001815000-memory.dmp family_blackmoon behavioral1/memory/2784-42-0x0000000000400000-0x0000000001815000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral1/memory/2784-39-0x0000000000400000-0x0000000001815000-memory.dmp vmprotect behavioral1/memory/2784-40-0x0000000000400000-0x0000000001815000-memory.dmp vmprotect behavioral1/memory/2784-42-0x0000000000400000-0x0000000001815000-memory.dmp vmprotect -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
LDvar.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language LDvar.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
LDvar.exepid process 2784 LDvar.exe 2784 LDvar.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
LDvar.exepid process 2784 LDvar.exe 2784 LDvar.exe