darkcloud | 5d410f76644a3f4db20b4a5eb5116f57c482d2ea09b5f8a506009702ed5da351

Analysis

max time kernel
136s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/01/2023, 19:03

Target

9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe
Size

1.1MB
MD5

9145885c6226cbd9f18c472e4ac0a4e3
SHA1

24fa80c373b83e0dffb87da409f1c312e0eaf5ff
SHA256

9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6
SHA512

c713028f419046dac9c1a85a39688f54a6f6692b475e29815617a8540340a304c1705138668880e6f0fa74c51debb278c33b0bb708a87798d4aa5a003cd66a5c
SSDEEP

24576:mPDJSb3ewHdqoXpDqDehBgLtQjC4qK3YDPIQSxFL:mPDJSb/qehyLy+4xIDPvSxFL

Score

10^/10

darkcloud stealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4572 set thread context of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2172	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2172	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87
PID 4572 wrote to memory of 2172	4572	9ef1c47ac7349f1f7c052ce54767a8fe0ff21f41b68e40261e41b351d3a1ddf6.exe	87

memory/2172-138-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2172-140-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2172-143-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/2172-144-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/4572-132-0x0000000000D20000-0x0000000000E4C000-memory.dmp

Filesize
1.2MB

Download
memory/4572-133-0x0000000005BC0000-0x0000000006164000-memory.dmp

Filesize
5.6MB

Download
memory/4572-134-0x00000000056B0000-0x0000000005742000-memory.dmp

Filesize
584KB

Download
memory/4572-135-0x0000000005760000-0x000000000576A000-memory.dmp

Filesize
40KB

Download
memory/4572-136-0x00000000059A0000-0x0000000005A3C000-memory.dmp

Filesize
624KB

Download