Overview

overview

10

Static

static

10

040.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-07-2022 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    040.exe

  • Size

    371KB

  • MD5

    011f82638e33b5c1df66dab43ec2fd18

  • SHA1

    1157a0186b8010d4d5ba99008b46df6798efdb82

  • SHA256

    d113f0b72805c9908272e053fcc5386b191254cbaf685ed66bca824d3d4a94dc

  • SHA512

    5b141b17858a1fdf821c25f8130d7a8f88c401ff56d46eca0037b03bfad8a5470ef8a07065da36d605747d897c1d288549959539cb0fa80d3b251084aa3bea54

Score
10/10
diamondfoxbotnetinfostealerstealer

Malware Config

Signatures

  • DiamondFox

    DiamondFox is a multipurpose botnet with many capabilities.

    botnetstealerdiamondfox
  • DiamondFox payload 2 IoCs

    Detects DiamondFox payload in file/memory.

    infostealer
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\040.exe
    "C:\Users\Admin\AppData\Local\Temp\040.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3284
    • C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
      "C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4204
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" Set-MpPreference -DisableRealtimeMonitoring 1
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
    Filesize

    371KB

    MD5

    011f82638e33b5c1df66dab43ec2fd18

    SHA1

    1157a0186b8010d4d5ba99008b46df6798efdb82

    SHA256

    d113f0b72805c9908272e053fcc5386b191254cbaf685ed66bca824d3d4a94dc

    SHA512

    5b141b17858a1fdf821c25f8130d7a8f88c401ff56d46eca0037b03bfad8a5470ef8a07065da36d605747d897c1d288549959539cb0fa80d3b251084aa3bea54

    Download Submit
  • C:\Users\Admin\AppData\Roaming\EdgeCP\MicrosoftEdgeCPS.exe
    Filesize

    371KB

    MD5

    011f82638e33b5c1df66dab43ec2fd18

    SHA1

    1157a0186b8010d4d5ba99008b46df6798efdb82

    SHA256

    d113f0b72805c9908272e053fcc5386b191254cbaf685ed66bca824d3d4a94dc

    SHA512

    5b141b17858a1fdf821c25f8130d7a8f88c401ff56d46eca0037b03bfad8a5470ef8a07065da36d605747d897c1d288549959539cb0fa80d3b251084aa3bea54

    Download Submit
  • memory/4204-130-0x0000000000000000-mapping.dmp
    Download
  • memory/4372-140-0x0000000006B60000-0x0000000006B92000-memory.dmp
    Filesize

    200KB

    Download
  • memory/4372-142-0x0000000006B40000-0x0000000006B5E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4372-135-0x00000000058C0000-0x0000000005EE8000-memory.dmp
    Filesize

    6.2MB

    Download
  • memory/4372-136-0x00000000056E0000-0x0000000005702000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4372-137-0x0000000005EF0000-0x0000000005F56000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4372-138-0x0000000005F60000-0x0000000005FC6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4372-139-0x0000000006580000-0x000000000659E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4372-133-0x0000000000000000-mapping.dmp
    Download
  • memory/4372-141-0x000000006FD60000-0x000000006FDAC000-memory.dmp
    Filesize

    304KB

    Download
  • memory/4372-134-0x0000000002C90000-0x0000000002CC6000-memory.dmp
    Filesize

    216KB

    Download
  • memory/4372-143-0x0000000007ED0000-0x000000000854A000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4372-144-0x0000000007890000-0x00000000078AA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4372-145-0x0000000007900000-0x000000000790A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4372-146-0x0000000007B10000-0x0000000007BA6000-memory.dmp
    Filesize

    600KB

    Download
  • memory/4372-147-0x0000000007AC0000-0x0000000007ACE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/4372-148-0x0000000007BD0000-0x0000000007BEA000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4372-149-0x0000000007BB0000-0x0000000007BB8000-memory.dmp
    Filesize

    32KB

    Download