Overview

overview

10

Static

static

83c8074504...59.exe

windows7_x64

10

83c8074504...59.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-06-2022 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59.exe

  • Size

    185KB

  • MD5

    98fb3b4baacd9008282ba0e6028ce604

  • SHA1

    beac13ccac2ac620c31dcc5b2882b28df4f444f9

  • SHA256

    83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59

  • SHA512

    c363f38222cc29a75ead651768822c9edf18ae654fbbe3422fbf6a89a237ffc85311f19653b181f2329cbd4ed73be9a7c2a087ce329923a0fb92a359ab192d86

Score
10/10
diamondfoxbotnetinfostealerstealer

Malware Config

Signatures

  • DiamondFox

    DiamondFox is a multipurpose botnet with many capabilities.

    botnetstealerdiamondfox
  • DiamondFox payload 5 IoCs

    Detects DiamondFox payload in file/memory.

    infostealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59.exe
    "C:\Users\Admin\AppData\Local\Temp\83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell Copy-Item -Path 'C:\Users\Admin\AppData\Local\Temp\83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59.exe' -Destination 'C:\Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe';Start-Sleep -s 60;Start-Process 'C:\Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe'
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe
        "C:\Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe
    Filesize

    185KB

    MD5

    98fb3b4baacd9008282ba0e6028ce604

    SHA1

    beac13ccac2ac620c31dcc5b2882b28df4f444f9

    SHA256

    83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59

    SHA512

    c363f38222cc29a75ead651768822c9edf18ae654fbbe3422fbf6a89a237ffc85311f19653b181f2329cbd4ed73be9a7c2a087ce329923a0fb92a359ab192d86

    Download Submit

  • \Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe
    Filesize

    185KB

    MD5

    98fb3b4baacd9008282ba0e6028ce604

    SHA1

    beac13ccac2ac620c31dcc5b2882b28df4f444f9

    SHA256

    83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59

    SHA512

    c363f38222cc29a75ead651768822c9edf18ae654fbbe3422fbf6a89a237ffc85311f19653b181f2329cbd4ed73be9a7c2a087ce329923a0fb92a359ab192d86

    Download Submit

  • \Users\Admin\AppData\Local\rexednIhcraeS\SearchIndexer.exe
    Filesize

    185KB

    MD5

    98fb3b4baacd9008282ba0e6028ce604

    SHA1

    beac13ccac2ac620c31dcc5b2882b28df4f444f9

    SHA256

    83c80745049df08a9ce97ede3ce47531f88b5796b30290aa0e31b074c403fc59

    SHA512

    c363f38222cc29a75ead651768822c9edf18ae654fbbe3422fbf6a89a237ffc85311f19653b181f2329cbd4ed73be9a7c2a087ce329923a0fb92a359ab192d86

    Download Submit

  • memory/888-77-0x0000000000400000-0x0000000002DE4000-memory.dmp

    Filesize

    41.9MB

    Download

  • memory/888-76-0x0000000003248000-0x0000000003254000-memory.dmp

    Filesize

    48KB

    Download

  • memory/888-72-0x0000000003248000-0x0000000003254000-memory.dmp

    Filesize

    48KB

    Download

  • memory/888-70-0x0000000000000000-mapping.dmp

    Download

  • memory/1900-61-0x0000000000400000-0x0000000002DE4000-memory.dmp

    Filesize

    41.9MB

    Download

  • memory/1900-65-0x0000000002ED8000-0x0000000002EE4000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1900-66-0x0000000000400000-0x0000000002DE4000-memory.dmp

    Filesize

    41.9MB

    Download

  • memory/1900-54-0x0000000002ED8000-0x0000000002EE4000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1900-60-0x0000000002ED8000-0x0000000002EE4000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1900-59-0x0000000000400000-0x0000000002DE4000-memory.dmp

    Filesize

    41.9MB

    Download

  • memory/1900-56-0x0000000002ED8000-0x0000000002EE4000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1900-57-0x0000000000020000-0x0000000000038000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2044-64-0x0000000074140000-0x00000000746EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2044-67-0x0000000074140000-0x00000000746EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2044-63-0x0000000076011000-0x0000000076013000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-62-0x0000000000000000-mapping.dmp

    Download

  • memory/2044-75-0x0000000074140000-0x00000000746EB000-memory.dmp

    Filesize

    5.7MB

    Download