Resubmissions

31-03-2022 16:03

220331-thnx7aedd2 10

03-02-2022 08:05

220203-jyw9dsedhp 3

Analysis

  • max time kernel
    4294183s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    31-03-2022 16:03

General

  • Target

    d2f181221ba9049c02ed7283c9144c7c.exe

  • Size

    1.7MB

  • MD5

    d2f181221ba9049c02ed7283c9144c7c

  • SHA1

    b4ed1b4714112d5fc3c7b4673e19ed26ae4c6e85

  • SHA256

    f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b

  • SHA512

    ab0b9a029489f6b3a091c7823b5523ea3cfd8677b32eddd48ba7e64694e4146c3292589d9d09bd0cc5908c9d86c830ee21e75f8712e6f3a2cba2cfd853f372a1

Score
10/10

Malware Config

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe
    "C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1628 -s 1268
      2⤵
      • Program crash
      PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1628-54-0x0000000000160000-0x0000000000322000-memory.dmp

    Filesize

    1.8MB

  • memory/1628-55-0x000000001B0A0000-0x000000001B0A2000-memory.dmp

    Filesize

    8KB