Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

purchase order.exe

windows7-x64

10

purchase order.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2023, 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    purchase order.exe

  • Size

    916KB

  • MD5

    3f626f64cf5f7196bc812ff1814d95f6

  • SHA1

    c7dcf05df40dc04d4f9af38ef7a887ffde68abb5

  • SHA256

    f6a82d751b2c63e135488686a43c60f35c2cda54a5599f450d4c123043e3c6b2

  • SHA512

    ecf5aca2cfc774557f1170d5ba73115a3240831b2b1bf2c7c43b8dd8b2965450efd7c25ed71b0bb0a7e28931ecb5cd614c1cf5c3fc318ca2c891813983856413

  • SSDEEP

    12288:KOCmzZBEP85QaC9JhmbdqSNhjwl+eZj17y1a3RplcyqKdxKHwhj5p5U61aNf:h9BEP83O6qSNhjwtIa2DyxKkf5UMM

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

Attributes

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\purchase order.exe
    "C:\Users\Admin\AppData\Local\Temp\purchase order.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4804

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3812-133-0x0000000000330000-0x000000000041C000-memory.dmp

    Filesize

    944KB

    Download

  • memory/3812-134-0x0000000005450000-0x00000000059F4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3812-135-0x0000000004DC0000-0x0000000004E52000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3812-136-0x0000000004E70000-0x0000000004E7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3812-137-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3812-138-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3812-139-0x0000000006FB0000-0x000000000704C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4804-140-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/4804-143-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/4804-146-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/4804-147-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download