Overview

overview

10

Static

static

10

aaff618214...96.exe

windows7-x64

10

aaff618214...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-03-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aaff618214c53f9a6ca07eeff4354d5a1c468e19a9b574a9a547dddec5fba096.exe

  • Size

    1.4MB

  • MD5

    76f5bd1d6e9cf49824b4127501883452

  • SHA1

    f17cc4cd301b12a93d2ed14d171278b7c9bb19fc

  • SHA256

    aaff618214c53f9a6ca07eeff4354d5a1c468e19a9b574a9a547dddec5fba096

  • SHA512

    ff9a2232bb949be52c11b8272bf5e868d1f4bf156b08ff30f78adf9398a5ea916e66134f3124bc93b538eea64b51df6c2d073f4468265c7eee6964e092707c40

  • SSDEEP

    24576:CZ8xfXUsJTXptUG0/zPWu1PJwLlb0307V:C2RXUHGlbJp

Score
10/10
blackguardstealer

Malware Config

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aaff618214c53f9a6ca07eeff4354d5a1c468e19a9b574a9a547dddec5fba096.exe
    "C:\Users\Admin\AppData\Local\Temp\aaff618214c53f9a6ca07eeff4354d5a1c468e19a9b574a9a547dddec5fba096.exe"
    1⤵
      PID:2052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 744
        2⤵
        • Program crash
        PID:1056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2052 -ip 2052
      1⤵
        PID:3932

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2052-1-0x00000000746D0000-0x0000000074E80000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2052-0-0x00000000002B0000-0x0000000000426000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2052-2-0x00000000746D0000-0x0000000074E80000-memory.dmp

        Filesize

        7.7MB

        Download