Analysis
-
max time kernel
11s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
21-09-2024 16:56
Behavioral task
behavioral1
Sample
S3M.exe
Resource
win10-20240404-en
windows10-1703-x64
3 signatures
150 seconds
General
-
Target
S3M.exe
-
Size
50.9MB
-
MD5
60343d91b173d06833f4b140e350402e
-
SHA1
f860fd75d740a6e5fb8d60da3dc16937e59367c5
-
SHA256
edc045eca80f0ca41c2e4efd0e45867dc6d502b6eae18bdffb4fba96dcab1626
-
SHA512
6af0679af6375214fedb36a030784aa3333265910b5cb7d2b466ee54f7442050d5ce572bbd85849627777bb7c5107280a6edbba29f4aea2f8578b88f6f52279f
-
SSDEEP
786432:vQQQQQQQQQQQQQQQbQQQQQQQQQQQQQQQqQQQQQQQ:vhhhhhhhehhhhhhhXhhh
Score
10/10
Malware Config
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 4700 S3M.exe 4700 S3M.exe 4700 S3M.exe 4700 S3M.exe 4700 S3M.exe 4700 S3M.exe 4700 S3M.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4700 S3M.exe