Analysis
-
max time kernel
140s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 14:44
Static task
static1
Behavioral task
behavioral1
Sample
f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993.exe
Resource
win7-20241010-en
General
-
Target
f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993.exe
-
Size
189KB
-
MD5
795951d3d068106ab0ee3c629b811934
-
SHA1
5d3592207c163d6571b9e5997713b3f6f6b2d511
-
SHA256
f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993
-
SHA512
9ad808d0888fba81bfd051d08666d0a5e8a4f0abc6e88ec5b25f5b48001e8e81b1a96e89d4db778375d3b1bb3b7c4aae87c9214605c65626626a669630943a96
-
SSDEEP
3072:I+L0ARFF1Tl/kbuMLYVS2GyfJfcyfA4hRzdpkmTw7tKIS7Z3VXl/bo2EnBtdhC4J:I+YA91BG3mLRvJvkmTy8IS75V1/boxnH
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral1/memory/2248-1-0x0000000000400000-0x00000000004ED000-memory.dmp family_blackmoon -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2248 f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993.exe"C:\Users\Admin\AppData\Local\Temp\f26632eb1ee891dd8697f7667792a749258d26ad4800472579a81c7ee9172993.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2248