471f3fb1a953fab38be3081eb835574694bc72b94f239edc400d1ce3d7a8ecb0

Submit
Reports

Overview

overview

Static

static

757e3242f6...b4.exe

windows7-x64

76fe72e0ec...ss.exe

windows7-x64

78d4cf8df6...B3.exe

windows7-x64

78d4cf8df6...59.exe

windows7-x64

78db508226...69.exe

windows7-x64

7965f6adf3...ss.exe

windows7-x64

7B75B33BCF...B5.exe

windows7-x64

7E3903944E...72.exe

windows7-x64

7dd9312307...ca.dll

windows7-x64

7e4c9a7e39...1f.exe

windows7-x64

80eb72d781...B3.exe

windows7-x64

80eb72d781...9A.exe

windows7-x64

845263c869...c8.exe

windows7-x64

8524224187...8f.exe

windows7-x64

86be3831f5...39.exe

windows7-x64

8791931bac...DA.exe

windows7-x64

8791931bac...69.exe

windows7-x64

87a4f3f9f6...88.exe

windows7-x64

89fb6d7ff2...f6.exe

windows7-x64

8c59148535...21.exe

windows7-x64

8d372fcf8a...e0.exe

windows7-x64

900.exe

windows7-x64

911d5905cb...b9.exe

windows7-x64

91d24e0657...eb.zip

windows7-x64

92ac6be4d9...5b.exe

windows7-x64

97512f4617...7c.exe

windows7-x64

98aadc95c5...e7.exe

windows7-x64

9943256.exe

windows7-x64

9B9517FA15...DF.exe

windows7-x64

9b7eaffe4d...c8.exe

windows7-x64

a322da0be4...44.exe

windows7-x64

a42252e674...34.exe

windows7-x64

Analysis

max time kernel
838s
max time network
839s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 02:43

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx blackmoon

6 signatures

Behavioral task

behavioral1

Sample

757e3242f6a2685ed9957c9e66235af889a7accead5719514719106d0b3c6fb4.exe

Resource

win7-20240903-en

ransomware spyware stealer

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral2

Sample

76fe72e0ecdc389b5749df5fe406cb70110b1ef8b64e51cf0a96da2fa2ec5eb2_not_packed_maybe_useless.exe

Resource

win7-20241010-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral3

Sample

78d4cf8df6fe5717a0f4bad6cbfce6546fb59a45ee0ac3797b264b28e24ddc0b_Dumped_TDS=4F9911B3.exe

Resource

win7-20241010-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral4

Sample

78d4cf8df6fe5717a0f4bad6cbfce6546fb59a45ee0ac3797b264b28e24ddc0b_TDS=4FA04B59.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral5

Sample

78db508226ccacd363fc0f02b3ae326a2bdd0baed3ae51ddf59c3fc0fcf60669.exe

Resource

win7-20240903-en

discovery persistence ransomware spyware stealer

windows7-x64

12 signatures

1200 seconds

Behavioral task

behavioral6

Sample

7965f6adf3261e8820fe583e94dcb2d17dc665efa0442743e47d27c989fcb05f_not_packed_maybe_useless.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

1200 seconds

Behavioral task

behavioral7

Sample

7B75B33BCF4ECF013B93F84ED98B3FB5.exe

Resource

win7-20240708-en

windows7-x64

1 signatures

1200 seconds

Behavioral task

behavioral8

Sample

7E3903944EAB7B61B495572BAA60FB72.exe

Resource

win7-20240903-en

discovery

windows7-x64

4 signatures

1200 seconds

Behavioral task

behavioral9

Sample

7dd93123078b383ec179c4c381f9119f4eac4efb287fe8f538a82e7336dfa4ca.dll

Resource

win7-20240903-en

discovery

windows7-x64

2 signatures

1200 seconds

Behavioral task

behavioral10

Sample

7e4c9a7e391be4367d79bd1ab92b748d440e13fd5ca6c0820b30e6e9c670871f.exe

Resource

win7-20240903-en

defense_evasion discovery execution impact persistence ransomware

windows7-x64

11 signatures

1200 seconds

Behavioral task

behavioral11

Sample

80eb72d78175761e34378e06a5ca13b26edd6c47ee18e0d222fa068a249785f2_Dumped_TDS=4F9911B3.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral12

Sample

80eb72d78175761e34378e06a5ca13b26edd6c47ee18e0d222fa068a249785f2_TDS=4FAAF59A.exe

Resource

win7-20240729-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral13

Sample

845263c86931440e934cf40f4461dc14903a474f6f5eab4773482842855ba1c8.exe

Resource

win7-20241023-en

discovery persistence ransomware

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral14

Sample

85242241870190a81b55d0ea723c25391fff14140bac149a32630c5f892a3a8f.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral15

Sample

86be3831f5d8a975b0924168117fc7fcd1f5067ac5935c657efbb4798cb6a439.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

3 signatures

1200 seconds

Behavioral task

behavioral16

Sample

8791931bac7d8afbb30dc1d32a4dd54ee59a2160580a83d822a927039d8ca98f_Dumped_TDS=4F83FCDA.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral17

Sample

8791931bac7d8afbb30dc1d32a4dd54ee59a2160580a83d822a927039d8ca98f_TDS=4F84A969.exe

Resource

win7-20241010-en

discovery persistence

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral18

Sample

87a4f3f9f6dc263378f2f01db5f2c988.exe

Resource

win7-20240903-en

discovery ransomware spyware stealer

windows7-x64

11 signatures

1200 seconds

Behavioral task

behavioral19

Sample

89fb6d7ff29b0c349c19df2e81028a62a2758c33f2c72b87dc11af4f22d3c6f6.exe

Resource

win7-20240903-en

defense_evasion discovery evasion execution impact persistence ransomware trojan

windows7-x64

11 signatures

1200 seconds

Behavioral task

behavioral20

Sample

8c591485357e45a09dad3116496e6f686fa11f445a6bea5ef3cd5ed1ac078821.exe

Resource

win7-20240903-en

discovery persistence ransomware

windows7-x64

9 signatures

1200 seconds

Behavioral task

behavioral21

Sample

8d372fcf8a97223ebb86cdfe707d3035dfbfd4501c5688cfa82a9a4889e637e0.exe

Resource

win7-20241010-en

spyware stealer

windows7-x64

3 signatures

1200 seconds

Behavioral task

behavioral22

Sample

900.exe

Resource

win7-20241023-en

credential_access defense_evasion discovery execution impact ransomware spyware stealer

windows7-x64

13 signatures

1200 seconds

Behavioral task

behavioral23

Sample

911d5905cbe1dd462f171b7167cd15b9.exe

Resource

win7-20240903-en

windows7-x64

4 signatures

1200 seconds

Behavioral task

behavioral24

Sample

91d24e06572099ba0aa5c20be6b1021fa48e864913fe3676ed05323e6b68fceb.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

1200 seconds

Behavioral task

behavioral25

Sample

92ac6be4d9215b237d624177ca0543844d0dc8d071660ae4a4cf7c93cc11505b.exe

Resource

win7-20240708-en

discovery evasion persistence trojan

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral26

Sample

97512f4617019c907cd0f88193039e7c.exe

Resource

win7-20240708-en

defense_evasion discovery execution impact ransomware upx

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral27

Sample

98aadc95c589e064a542802bbf0ef01ef00595c34d195f1a1e6443909846d2e7.exe

Resource

win7-20240903-en

discovery persistence ransomware spyware stealer upx

windows7-x64

16 signatures

1200 seconds

Behavioral task

behavioral28

Sample

9943256.exe

Resource

win7-20240903-en

defense_evasion discovery evasion persistence trojan

windows7-x64

15 signatures

1200 seconds

Behavioral task

behavioral29

Sample

9B9517FA1515F47A502FE56536236A20BE5BBADF.exe

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

1200 seconds

Behavioral task

behavioral30

Sample

9b7eaffe4dffcbd06445d0b32785cdc8.exe

Resource

win7-20240903-en

xorist discovery persistence ransomware spyware stealer upx

windows7-x64

17 signatures

1200 seconds

Behavioral task

behavioral31

Sample

a322da0be4f0be8d85eab815ca708c8452b63f24d0e2d2d6d896a9f9331a6244.exe

Resource

win7-20240903-en

blackmoon banker credential_access defense_evasion discovery execution impact ransomware spyware stealer trojan

windows7-x64

25 signatures

1200 seconds

Behavioral task

behavioral32

Sample

a42252e674a09a0b689e71c88f59969f538a473da647cc4eb5457a5d5e03a234.exe

Resource

win7-20240903-en

discovery persistence ransomware

windows7-x64

9 signatures

1200 seconds

Report Analysis Logs

General

Target

91d24e06572099ba0aa5c20be6b1021fa48e864913fe3676ed05323e6b68fceb.zip
Size

282KB
MD5

f79b517d733de07ee82e5ac8cd9ee192
SHA1

050b21190591004cbee3a06019dcb34e766afe47
SHA256

91d24e06572099ba0aa5c20be6b1021fa48e864913fe3676ed05323e6b68fceb
SHA512

799e55b3a1e04c7c87c7fe6fcb807600975510a7f05fa57f83a9301731a378c1323486343ba880a575aef59faa6e1d1ccc9cea90173b7626228b24ff9d4e685c
SSDEEP

6144:QY4mV5gq4DBKkxa2RNJYw8coEdNqAniTw1sbLp7ByJ7NFPjsnH5+qPZOMbM+juE:OmVmb9Kkxa21Yw8QiJdAJTqNbM+/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2500 7zFM.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2500 7zFM.exe
Token: 35 2500 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2500 7zFM.exe

pid	process
2500	7zFM.exe

description	pid	process
Token: SeRestorePrivilege	2500	7zFM.exe
Token: 35	2500	7zFM.exe

pid	process
2500	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\91d24e06572099ba0aa5c20be6b1021fa48e864913fe3676ed05323e6b68fceb.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2500

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads