Overview

overview

10

Static

static

10

bbc8ac47d3...ce.exe

windows7_x64

10

bbc8ac47d3...ce.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    44s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    01-04-2022 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbc8ac47d3051fbab328d4a8a4c1c8819707ac045ab6ac94b1997dac59be2ece.exe

  • Size

    100KB

  • MD5

    79a61e4b2b9c84436ce2010aa04e718f

  • SHA1

    4b676837ce4520277ad05c0657c147c9f161d3c7

  • SHA256

    bbc8ac47d3051fbab328d4a8a4c1c8819707ac045ab6ac94b1997dac59be2ece

  • SHA512

    8878ec221e9851f49f65e1436689df26a585bcabc8b7be33c99b58243a8eb5e0682901086fd99b3e4923ca6f71b523cf0e4d0a557648325c1ae3b2b25af8bfc4

Score
10/10
blackguardstealer

Malware Config

Extracted

Family

blackguard

C2

https://blguard.shop/

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbc8ac47d3051fbab328d4a8a4c1c8819707ac045ab6ac94b1997dac59be2ece.exe
    "C:\Users\Admin\AppData\Local\Temp\bbc8ac47d3051fbab328d4a8a4c1c8819707ac045ab6ac94b1997dac59be2ece.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:528
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 528 -s 700
      2⤵
      • Program crash
      PID:752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/528-54-0x0000000000380000-0x00000000003A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/528-55-0x000000001BB70000-0x000000001BB72000-memory.dmp

    Filesize

    8KB

    Download