Analysis

  • max time kernel
    131s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    04-05-2021 10:06

General

  • Target

    ED7251FADEB9BD2A8836828F2E1B6F83.exe

  • Size

    992KB

  • MD5

    ed7251fadeb9bd2a8836828f2e1b6f83

  • SHA1

    ab41a68d76147bfdb3d5ff36ae0e992e4e5b7c84

  • SHA256

    dab16f86762edfad407ad17ff640eeaf0b92ef8da877d81e07c90690d142df88

  • SHA512

    afd69b80a2dc68bd4b2aac2850504c6dde1e43fe19f0cfc16283814ce362aaccfe9a2023357bcd55d5f3ea2da013b80309d223fe0235788b3a1265d8f4e637d0

Malware Config

Signatures

  • DarkTrack

    DarkTrack is a remote administration tool written in delphi.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ED7251FADEB9BD2A8836828F2E1B6F83.exe
    "C:\Users\Admin\AppData\Local\Temp\ED7251FADEB9BD2A8836828F2E1B6F83.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Users\Admin\AppData\Local\Temp\ED7251FADEB9BD2A8836828F2E1B6F83.exe
      C:\Users\Admin\AppData\Local\Temp\ED7251FADEB9BD2A8836828F2E1B6F83.exe
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1448-62-0x0000000000400000-0x00000000004A8000-memory.dmp
    Filesize

    672KB

  • memory/1448-63-0x00000000004A6880-mapping.dmp
  • memory/1448-65-0x0000000000400000-0x00000000004A8000-memory.dmp
    Filesize

    672KB

  • memory/1944-60-0x00000000760B1000-0x00000000760B3000-memory.dmp
    Filesize

    8KB

  • memory/1944-61-0x0000000000300000-0x0000000000301000-memory.dmp
    Filesize

    4KB