Overview

overview

10

Static

static

7da4487d62...a4.exe

windows7_x64

10

7da4487d62...a4.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    09-03-2022 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4.exe

  • Size

    448KB

  • MD5

    7edf68b4698f46dd331b51df7d06949a

  • SHA1

    ca4705f939d2d6e8fa5c4fe73d064eb52cb00497

  • SHA256

    7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4

  • SHA512

    95bac4d8b791c726ee1d0299592cab69c35a1081ed4becf41cb7d80f699a2576fa798296219c578cc48ff14da9f847b075f5acb8aef2d554d0efeb0d757d450f

Score
10/10
diamondfoxbotnetinfostealerstealer

Malware Config

Signatures

  • DiamondFox

    DiamondFox is a multipurpose botnet with many capabilities.

    botnetstealerdiamondfox
  • DiamondFox payload 1 IoCs

    Detects DiamondFox payload in file/memory.

    infostealer
  • Executes dropped EXE 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4.exe
    "C:\Users\Admin\AppData\Local\Temp\7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Users\Admin\AppData\Local\Temp\7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4.exe
      "C:\Users\Admin\AppData\Local\Temp\7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3720
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell Copy-Item -Path 'C:\Users\Admin\AppData\Local\Temp\7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4.exe' -Destination 'C:\Users\Admin\AppData\Local\aslss\lsass.exe';Start-Sleep -s 60;Start-Process 'C:\Users\Admin\AppData\Local\aslss\lsass.exe'
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Users\Admin\AppData\Local\aslss\lsass.exe
          "C:\Users\Admin\AppData\Local\aslss\lsass.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3576
          • C:\Users\Admin\AppData\Local\aslss\lsass.exe
            "C:\Users\Admin\AppData\Local\aslss\lsass.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\aslss\lsass.exe
    MD5

    7edf68b4698f46dd331b51df7d06949a

    SHA1

    ca4705f939d2d6e8fa5c4fe73d064eb52cb00497

    SHA256

    7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4

    SHA512

    95bac4d8b791c726ee1d0299592cab69c35a1081ed4becf41cb7d80f699a2576fa798296219c578cc48ff14da9f847b075f5acb8aef2d554d0efeb0d757d450f

    Download Submit

  • C:\Users\Admin\AppData\Local\aslss\lsass.exe
    MD5

    7edf68b4698f46dd331b51df7d06949a

    SHA1

    ca4705f939d2d6e8fa5c4fe73d064eb52cb00497

    SHA256

    7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4

    SHA512

    95bac4d8b791c726ee1d0299592cab69c35a1081ed4becf41cb7d80f699a2576fa798296219c578cc48ff14da9f847b075f5acb8aef2d554d0efeb0d757d450f

    Download Submit

  • C:\Users\Admin\AppData\Local\aslss\lsass.exe
    MD5

    7edf68b4698f46dd331b51df7d06949a

    SHA1

    ca4705f939d2d6e8fa5c4fe73d064eb52cb00497

    SHA256

    7da4487d62a6800179765c4eebdbf764872a8325245bc5b77a9dcd318c22f7a4

    SHA512

    95bac4d8b791c726ee1d0299592cab69c35a1081ed4becf41cb7d80f699a2576fa798296219c578cc48ff14da9f847b075f5acb8aef2d554d0efeb0d757d450f

    Download Submit

  • memory/2324-148-0x00000000075F0000-0x0000000007656000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2324-150-0x0000000004345000-0x0000000004347000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2324-155-0x0000000009EC0000-0x000000000A53A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/2324-154-0x0000000009290000-0x0000000009834000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2324-141-0x0000000074500000-0x0000000074CB0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2324-142-0x00000000042A0000-0x00000000042D6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2324-143-0x0000000004340000-0x0000000004341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-144-0x0000000004342000-0x0000000004343000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2324-145-0x0000000006D60000-0x0000000007388000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/2324-146-0x0000000006C80000-0x0000000006CA2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2324-147-0x0000000007580000-0x00000000075E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2324-153-0x0000000008160000-0x0000000008182000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2324-149-0x0000000007BC0000-0x0000000007BDE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2324-152-0x0000000008110000-0x000000000812A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2324-151-0x0000000008C40000-0x0000000008CD6000-memory.dmp

    Filesize

    600KB

    Download

  • memory/3176-167-0x0000000077190000-0x0000000077333000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3576-159-0x00000000024B0000-0x00000000024B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-160-0x00000000024D0000-0x000000000254B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/3576-161-0x0000000077190000-0x0000000077333000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3576-164-0x0000000002800000-0x00000000029A3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3720-138-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3720-135-0x0000000077190000-0x0000000077333000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3720-131-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3844-134-0x0000000002540000-0x00000000026E3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3844-130-0x00000000022F0000-0x00000000022F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3844-133-0x0000000077190000-0x0000000077333000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3844-132-0x00000000024C0000-0x000000000253B000-memory.dmp

    Filesize

    492KB

    Download