Analysis
-
max time kernel
12s -
max time network
17s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-06-2024 15:04
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win11-20240508-en
windows11-21h2-x64
4 signatures
300 seconds
General
-
Target
Loader.exe
-
Size
273KB
-
MD5
562f5962e62e7cffbd5b1994fee7eb61
-
SHA1
993c90b0fb19a743b90ffd70b01076d8c2a1cada
-
SHA256
cc4b161f7c063fcb3c13d1e4baa499072cbdaa34ec571bb57d0639caed4f8208
-
SHA512
3f855a84560accc8c4834b6e0b918ff8f40b2bc96ebef0eec08609664dceae00085fe6f878cecef82be3b0122ffd825984dc9a4fac8ece8f52216b9bb9030209
-
SSDEEP
6144:4f+BLCABPC+55PUgxHGozsuuI7xJbM3AMr/iyIme0wic:x5hhzsuh7zsXEmeIc
Score
10/10
Malware Config
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Software\Microsoft\Windows\CurrentVersion\Run\Loader.exe = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Loader.exe\"" Loader.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4692 Loader.exe 4692 Loader.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4692 Loader.exe