diamondfox | 51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344

Analysis

Target

51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe
Size

300KB
MD5

1956f436a6ec9ec3696d8373d36a1228
SHA1

13fde0365047802c39c0d5a29f43075d18823acd
SHA256

51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344
SHA512

c064d4d66757446e023fbfceb20f63c51398c41922fb85e64329b0c7f7fab2c4703a852e77dbf6903edb52f3b460f915e7c888037ebad68e80e1187347406120

Score

10^/10

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox payload 2 IoCs

Detects DiamondFox payload in file/memory.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe	diamondfox
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe	diamondfox

Executes dropped EXE 1 IoCs

Processes:

MicrosoftEdgeCPS.exe

pid process

4056 MicrosoftEdgeCPS.exe

pid	process
4056	MicrosoftEdgeCPS.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe

description	pid	process	target process
PID 728 wrote to memory of 4056	728	51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe	MicrosoftEdgeCPS.exe
PID 728 wrote to memory of 4056	728	51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe	MicrosoftEdgeCPS.exe
PID 728 wrote to memory of 4056	728	51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe	MicrosoftEdgeCPS.exe

C:\Users\Admin\AppData\Local\Temp\51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe
"C:\Users\Admin\AppData\Local\Temp\51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:728

C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
"C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"
2⤵
- Executes dropped EXE
PID:4056

C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
MD5
1956f436a6ec9ec3696d8373d36a1228

SHA1
13fde0365047802c39c0d5a29f43075d18823acd

SHA256
51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344

SHA512
c064d4d66757446e023fbfceb20f63c51398c41922fb85e64329b0c7f7fab2c4703a852e77dbf6903edb52f3b460f915e7c888037ebad68e80e1187347406120

Download Submit
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
MD5
1956f436a6ec9ec3696d8373d36a1228

SHA1
13fde0365047802c39c0d5a29f43075d18823acd

SHA256
51c2ff5ec011508a2071d7a4272d4391080143fedc2166474d51913753eb8344

SHA512
c064d4d66757446e023fbfceb20f63c51398c41922fb85e64329b0c7f7fab2c4703a852e77dbf6903edb52f3b460f915e7c888037ebad68e80e1187347406120

Download Submit
memory/4056-2-0x0000000000000000-mapping.dmp

Download