darkcloud | e1156b2e6b8500afa5e8a45d46a3420a33be357d5af362a224dc39e253fc720f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/07/2023, 09:32

Target

PURCHASE ORDER.exe
Size

934KB
MD5

687acf4479fbd86277fdf370e9535e85
SHA1

87411fc5d13aef29b17d5a54cadb4dbb0245d78e
SHA256

e1156b2e6b8500afa5e8a45d46a3420a33be357d5af362a224dc39e253fc720f
SHA512

203804252fd845ee662f191e6961869f9aada361d4b1ad4ab493eb616221babbab5a17f58bc1b6f5dd22ef557b3f90cd491006b26730dd1996d7002a0b7320ac
SSDEEP

24576:RN6GEf3tyqvbEtsJElhBstN+YDFt9/FGm72BZcHuE:b6hfgOQtMB/Hl8hZcHuE

Score

10^/10

darkcloud stealer

Family

darkcloud

https://api.telegram.org/bot6267068129:AAE4AO_gQGAeEakYl26r7KthrUjdWAdy5c0/sendMessage?chat_id=1909112828

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2476 set thread context of 2164	2476	PURCHASE ORDER.exe	30

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2164	PURCHASE ORDER.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2164	PURCHASE ORDER.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30
PID 2476 wrote to memory of 2164	2476	PURCHASE ORDER.exe	30

memory/2164-69-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-65-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-75-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-71-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-67-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2164-61-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-63-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2476-54-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2476-58-0x0000000004D00000-0x0000000004D40000-memory.dmp

Filesize
256KB

Download
memory/2476-60-0x0000000005770000-0x000000000582A000-memory.dmp

Filesize
744KB

Download
memory/2476-59-0x0000000001EA0000-0x0000000001EAA000-memory.dmp

Filesize
40KB

Download
memory/2476-57-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2476-53-0x0000000000930000-0x0000000000A20000-memory.dmp

Filesize
960KB

Download
memory/2476-72-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2476-56-0x0000000000830000-0x000000000083E000-memory.dmp

Filesize
56KB

Download
memory/2476-55-0x0000000004D00000-0x0000000004D40000-memory.dmp

Filesize
256KB

Download