Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 09:49
Static task
static1
Behavioral task
behavioral1
Sample
ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd.exe
Resource
win7-20240903-en
General
-
Target
ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd.exe
-
Size
722KB
-
MD5
317abe3e8b397a23cb31e703547fb71b
-
SHA1
d1dc78438e31a2377f5179a317bdd9b1ee7b30c6
-
SHA256
ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd
-
SHA512
00541a37b88b19461bfc9c65b28667dbce7b411649abef78c6bb764bb9d70066f2be43f70fb149282322a6ccb74a55805a80616568fc6276873df25d8ca4359f
-
SSDEEP
12288:C77yqSzyp8Z+sjPW4h4abLD9SPIX3cjgARu8DT45ZkK46efHa2/aZADEIaI03UCt:IdpxaXh4lPIDADP4YK1462awaI0k3/L
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral1/memory/3048-1-0x0000000000400000-0x00000000006FF000-memory.dmp family_blackmoon -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3048 ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd.exe"C:\Users\Admin\AppData\Local\Temp\ac0640cc256721cbd1c5741d8b32c6272d48b3969459bd1ee4d132ff1101b0cd.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3048