Overview

overview

10

Static

static

10

Loader.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    17s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-06-2024 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader.exe

  • Size

    273KB

  • MD5

    562f5962e62e7cffbd5b1994fee7eb61

  • SHA1

    993c90b0fb19a743b90ffd70b01076d8c2a1cada

  • SHA256

    cc4b161f7c063fcb3c13d1e4baa499072cbdaa34ec571bb57d0639caed4f8208

  • SHA512

    3f855a84560accc8c4834b6e0b918ff8f40b2bc96ebef0eec08609664dceae00085fe6f878cecef82be3b0122ffd825984dc9a4fac8ece8f52216b9bb9030209

  • SSDEEP

    6144:4f+BLCABPC+55PUgxHGozsuuI7xJbM3AMr/iyIme0wic:x5hhzsuh7zsXEmeIc

Score
10/10
blackguardpersistencestealer

Malware Config

Signatures

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4692-0-0x000001FC86140000-0x000001FC86188000-memory.dmp

    Filesize

    288KB

    Download

  • memory/4692-1-0x00007FFC1B913000-0x00007FFC1B915000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4692-2-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4692-4-0x00007FFC1B910000-0x00007FFC1C3D2000-memory.dmp

    Filesize

    10.8MB

    Download