Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 01:42

General

  • Target

    09c9dde84008686794dc373b47dc21b0bb5cd170ad526ab58c3e07e358d27056.exe

  • Size

    14.9MB

  • MD5

    9f058d1bb573fca63065bf1db24101fd

  • SHA1

    5296af94a887f14eeb744a2d50d2eec124a91a46

  • SHA256

    09c9dde84008686794dc373b47dc21b0bb5cd170ad526ab58c3e07e358d27056

  • SHA512

    ecf850e2975a1a10d5d596c6862c91aa87554b5fa0b16bea95c8dfbac346d43df02bee21d60ca0767efbb11a14c51ce19c92dde48de12b0dfe1fe62813333548

  • SSDEEP

    393216:cbSTuPHSky0WyNUHKoc8tQsvcsM+o4YkSbOTByWRK:KSTGbyx9Hpc8astK7OIU

Score
10/10

Malware Config

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09c9dde84008686794dc373b47dc21b0bb5cd170ad526ab58c3e07e358d27056.exe
    "C:\Users\Admin\AppData\Local\Temp\09c9dde84008686794dc373b47dc21b0bb5cd170ad526ab58c3e07e358d27056.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 748
      2⤵
      • Program crash
      PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1928-0-0x0000000073FF0000-0x00000000746DE000-memory.dmp

    Filesize

    6.9MB

  • memory/1928-1-0x0000000000130000-0x0000000001024000-memory.dmp

    Filesize

    15.0MB

  • memory/1928-2-0x0000000005830000-0x0000000005870000-memory.dmp

    Filesize

    256KB

  • memory/1928-3-0x0000000008820000-0x0000000008AFA000-memory.dmp

    Filesize

    2.9MB

  • memory/1928-4-0x0000000073FF0000-0x00000000746DE000-memory.dmp

    Filesize

    6.9MB