Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 11:47
Static task
static1
Behavioral task
behavioral1
Sample
3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe
Resource
win7-20240708-en
General
-
Target
3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe
-
Size
686KB
-
MD5
1c3549129700ad7baadf8bbf9bde2772
-
SHA1
78c081226fd93bda88a153c0dffafb1546bf1127
-
SHA256
3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b
-
SHA512
751b8c65019d185c6236fe86e435da7c3c22aedbe3b3708d3cc30e7ee95835fcf0aac19267f45b2473f1dacf924eb4f86ff747e6db2a4571f585667487cdeb44
-
SSDEEP
12288:XQn/9f9uJlapMQ7jvLx3GXhNHdf9usVpzhW2b7+UHOTRRbSJB8NoyoS:oFf9uJEpMCjV4T3jhln+I4u
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral1/memory/1920-1-0x0000000000400000-0x00000000006E8000-memory.dmp family_blackmoon -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1920 3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe"C:\Users\Admin\AppData\Local\Temp\3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1920