Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 23:45
Static task
static1
Behavioral task
behavioral1
Sample
74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4.exe
Resource
win7-20240903-en
General
-
Target
74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4.exe
-
Size
189KB
-
MD5
073132a70ca8c313d3b03492b0f168bd
-
SHA1
c84b67cd83aa2c548c5ccc53c5d3f1508c7a5c2d
-
SHA256
74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4
-
SHA512
babb950898ce953692d0aacd180e9b9e7a3baea475f511bc5679b089010efad67f917d886fadb8369a610eadf740981ec292d3fbf6ef69a44a5b0f56caf1fdf4
-
SSDEEP
3072:V+L0ARFF1Tl/k+Aofs7HdHkxFbPveMUcPXkQiJBeIFw5TEXP+Dkm3V8sBb1out:V+YA91BmpHkxR+GqTeIFwijm3+0oS
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral1/memory/2636-1-0x0000000000400000-0x00000000004ED000-memory.dmp family_blackmoon -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2636 74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4.exe"C:\Users\Admin\AppData\Local\Temp\74ed2b43f9163f79bb57b2050b97ba85ed40b94c6015df322870bc24860e99a4.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2636