Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 01:33
Static task
static1
Behavioral task
behavioral1
Sample
6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb.exe
Resource
win10v2004-20240426-en
General
-
Target
6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb.exe
-
Size
14.0MB
-
MD5
601cedc4e5ec2d83b8df1f2a9834528e
-
SHA1
f5e3b1a522bc4f705c87aa853384e53b7378de05
-
SHA256
6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb
-
SHA512
045757ccbc0c8f367c600ed94eff932cf753b5a793f274e681a31eb2f2b13b27ea8c1031841e319f0447ccdcf296e8ee77065050425fd85a380a90dea54b1101
-
SSDEEP
98304:Rhcqnt8zi8o5jX24Y/fmLaZv7x4iPdL0zKcKv9QZIaGSNLQKlgzmRXkWe:RHntxX24Y/Vd131LIbZIpSLQKiik
Malware Config
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
-
Loads dropped DLL 2 IoCs
pid Process 1252 6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb.exe 1252 6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1252 6eb3b2125a126862766307070afbd35b012850563523bdda2ce3cfe952af6fdb.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD511c5193e09abf51f6e73b7367cafb0be
SHA1940cd5ec5b0f777952f9375152ad4aa1cb88607f
SHA25661f37eb2d020a9953e34e248c75dc9edfa918441837fdee4f564fc1a12e6771e
SHA512907ef68b6c7b3fb857e963ea48904d8175fa01ed0912fccded677a88ab2787199a8c6e5771a4d08b0390f8fa98784e1ea464cb2a14b68107235c64ab5fa4b667