diamondfox | 1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217

Analysis

Target

1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe
Size

184KB
MD5

f6c8046085b788ade44d121bf942929a
SHA1

0c1be990a397ea94c87849d41c690e19ba563071
SHA256

1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217
SHA512

2ed67079324c14b836d9ccbd741d70c9ae67ca65ff889cc73080ce7b362436f242d087a81341645c7eed74f0dc7d4983e3db685bca77b90d207fabb32ccf7c70

Score

10^/10

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox payload 2 IoCs

Detects DiamondFox payload in file/memory.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe	diamondfox
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe	diamondfox

Executes dropped EXE 1 IoCs

Processes:

MicrosoftEdgeCPS.exe

pid process

2832 MicrosoftEdgeCPS.exe

pid	process
2832	MicrosoftEdgeCPS.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe

description	pid	process	target process
PID 4680 wrote to memory of 2832	4680	1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe	MicrosoftEdgeCPS.exe
PID 4680 wrote to memory of 2832	4680	1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe	MicrosoftEdgeCPS.exe
PID 4680 wrote to memory of 2832	4680	1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe	MicrosoftEdgeCPS.exe

C:\Users\Admin\AppData\Local\Temp\1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe
"C:\Users\Admin\AppData\Local\Temp\1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4680

C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
"C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"
2⤵
- Executes dropped EXE
PID:2832

C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
MD5
f6c8046085b788ade44d121bf942929a

SHA1
0c1be990a397ea94c87849d41c690e19ba563071

SHA256
1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217

SHA512
2ed67079324c14b836d9ccbd741d70c9ae67ca65ff889cc73080ce7b362436f242d087a81341645c7eed74f0dc7d4983e3db685bca77b90d207fabb32ccf7c70

Download Submit
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
MD5
f6c8046085b788ade44d121bf942929a

SHA1
0c1be990a397ea94c87849d41c690e19ba563071

SHA256
1271947b681dcb5d62fde5ee9f6bc7f7928679ae62c616932b59c9e8b73c8217

SHA512
2ed67079324c14b836d9ccbd741d70c9ae67ca65ff889cc73080ce7b362436f242d087a81341645c7eed74f0dc7d4983e3db685bca77b90d207fabb32ccf7c70

Download Submit
memory/2832-2-0x0000000000000000-mapping.dmp

Download