Resubmissions

31-03-2022 16:03

220331-thnx7aedd2 10

03-02-2022 08:05

220203-jyw9dsedhp 3

Analysis

  • max time kernel
    119s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    31-03-2022 16:03

General

  • Target

    d2f181221ba9049c02ed7283c9144c7c.exe

  • Size

    1.7MB

  • MD5

    d2f181221ba9049c02ed7283c9144c7c

  • SHA1

    b4ed1b4714112d5fc3c7b4673e19ed26ae4c6e85

  • SHA256

    f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b

  • SHA512

    ab0b9a029489f6b3a091c7823b5523ea3cfd8677b32eddd48ba7e64694e4146c3292589d9d09bd0cc5908c9d86c830ee21e75f8712e6f3a2cba2cfd853f372a1

Score
10/10

Malware Config

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe
    "C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3784
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3784 -s 1728
      2⤵
      • Program crash
      PID:1676
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 432 -p 3784 -ip 3784
    1⤵
      PID:1480

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3784-130-0x0000024492170000-0x0000024492332000-memory.dmp

      Filesize

      1.8MB

    • memory/3784-131-0x00007FFC86940000-0x00007FFC87401000-memory.dmp

      Filesize

      10.8MB

    • memory/3784-132-0x00000244ADE30000-0x00000244ADE32000-memory.dmp

      Filesize

      8KB