Overview

overview

10

Static

static

10

51c2ff5ec0...in.exe

windows7_x64

10

51c2ff5ec0...in.exe

windows10_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    06-04-2021 13:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe

  • Size

    300KB

  • MD5

    1956f436a6ec9ec3696d8373d36a1228

  • SHA1

    13fde0365047802c39c0d5a29f43075d18823acd

  • SHA256

    51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344

  • SHA512

    c064d4d66757446e023fbfceb20f63c51398c41922fb85e64329b0c7f7fab2c4703a852e77dbf6903edb52f3b460f915e7c888037ebad68e80e1187347406120

Score
10/10
diamondfoxbotnetstealer

Malware Config

Signatures

  • DiamondFox

    DiamondFox is a multipurpose botnet with many capabilities.

    botnetstealerdiamondfox
  • DiamondFox payload 2 IoCs

    Detects DiamondFox payload in file/memory.

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:728
    • C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
      "C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"
      2⤵
      • Executes dropped EXE
      PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads