Analysis
-
max time kernel
119s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
31-03-2022 16:03
Static task
static1
Behavioral task
behavioral1
Sample
d2f181221ba9049c02ed7283c9144c7c.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d2f181221ba9049c02ed7283c9144c7c.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
d2f181221ba9049c02ed7283c9144c7c.exe
-
Size
1.7MB
-
MD5
d2f181221ba9049c02ed7283c9144c7c
-
SHA1
b4ed1b4714112d5fc3c7b4673e19ed26ae4c6e85
-
SHA256
f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b
-
SHA512
ab0b9a029489f6b3a091c7823b5523ea3cfd8677b32eddd48ba7e64694e4146c3292589d9d09bd0cc5908c9d86c830ee21e75f8712e6f3a2cba2cfd853f372a1
Score
10/10
Malware Config
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
-
Program crash 1 IoCs
pid pid_target Process procid_target 1676 3784 WerFault.exe 78 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3784 d2f181221ba9049c02ed7283c9144c7c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe"C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3784 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3784 -s 17282⤵
- Program crash
PID:1676
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 432 -p 3784 -ip 37841⤵PID:1480