Analysis
-
max time kernel
134s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
26-03-2022 12:49
General
-
Target
new.exe
-
Size
204KB
-
MD5
83ad1aef29c044fc8a630711be34b420
-
SHA1
dda0ae0fe60b1322aa99151472d1d98518238be9
-
SHA256
d94747c37a0fc39c242375bb649d146a469ed3d49771048c024f96170ad5d85a
-
SHA512
e6951c48e00fb41cae729240c7829cad268627f141ba22178a8d2d6b717bb387d6b7723f03b575f0b596e77466ddd7ab83be284e78e2588edc8f1981cf543383
Score
10/10
Malware Config
Signatures
-
DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
-
suricata: ET MALWARE Generic gate .php GET with minimal headers
suricata: ET MALWARE Generic gate .php GET with minimal headers
-
DiamondFox payload 4 IoCs
Detects DiamondFox payload in file/memory.
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\new.exe"C:\Users\Admin\AppData\Local\Temp\new.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Set-MpPreference -DisableRealtimeMonitoring 13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB
-
Filesize
220KB
-
Filesize
408KB
-
Filesize
304KB
-
Filesize
6.2MB
-
Filesize
136KB
-
Filesize
408KB
-
Filesize
120KB
-
Filesize
8KB
-
Filesize
200KB
-
Filesize
216KB
-
Filesize
120KB
-
Filesize
6.5MB
-
Filesize
104KB
-
Filesize
40KB
-
Filesize
600KB
-
Filesize
56KB
-
Filesize
104KB
-
Filesize
32KB