Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 16:44
Static task
static1
Behavioral task
behavioral1
Sample
c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe
Resource
win7-20240903-en
General
-
Target
c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe
-
Size
4.7MB
-
MD5
94e7602230543d6e5cc6d122f01ae611
-
SHA1
ffe70dff33c5d45a61e86ada32abe2ac604b2f85
-
SHA256
c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2
-
SHA512
5dd1a9e2aa9e853ce1eefcf994cbba6735fbe95e4b13be8164484bf9586b62f840205c923cea2c2cec154714524e6bd2d5bb861ccad94ca83fda78d3d884ebe6
-
SSDEEP
98304:lBoyZysARdeyijY9UKDfms5guIiIkCrVq+MQZeSFemTWZbQZbWuFzr:l+uRADerY9xDmsaoel3ZeSgnZ6bzzr
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral1/memory/2452-1-0x0000000000400000-0x0000000000A3E000-memory.dmp family_blackmoon -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2452 c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe"C:\Users\Admin\AppData\Local\Temp\c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2452