Overview

overview

10

Static

static

3

SecuriteIn...52.exe

windows7-x64

10

SecuriteIn...52.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Zum.Androm.1.24234.31952.exe

  • Size

    452KB

  • MD5

    29e2c66bc44a433d6da95086cae40800

  • SHA1

    e41e56533dad36409b8f9d30e2bae8c22bba11c4

  • SHA256

    d4dacbc0546a45d26b7b9d58836b7905a919155b4063825988500e70c739d1f3

  • SHA512

    ec5a3913fd95f20d04b72d2eac55f71d0d54d63a21ccaece8768790833c48bdb78fd0120271c3fb59e0b335e50863dabb37d33cfd416b24a64def69238816685

  • SSDEEP

    12288:PYSahmsDnOhqRKHrJUovhWmtQNdVPfUgB1X3oNtHZyLHr:PYSahFDnOkRKLJUK6d9UgGALL

Score
10/10
darkcloudpersistencestealer

Malware Config

Extracted

Family

darkcloud

Attributes

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Zum.Androm.1.24234.31952.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Zum.Androm.1.24234.31952.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3808
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Zum.Androm.1.24234.31952.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Zum.Androm.1.24234.31952.exe"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1152

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsa932A.tmp\voojhtxofh.dll
    Filesize

    53KB

    MD5

    6a6c24b2e138a86e07ece17dd5aa1ba2

    SHA1

    707e1d8d57b97891969e927765abf981af96089c

    SHA256

    45549f7b795c8a725bb375501fb1fdd6582309c7f9a4d8778f93942615e0fc5e

    SHA512

    404dd58df830d9db584edfcb5e27b8452ca06b6ac432f05015d5f9c40688dfa214e1f76c968ae91b40aa3a1500a811d34d81c04bfc220e84b33f78573cf094db

    Download Submit

  • memory/1152-152-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-161-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-151-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-160-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-147-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-148-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-149-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-150-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-143-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-141-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-154-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-153-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-155-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-156-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-157-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-158-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1152-159-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3808-144-0x00000000750E0000-0x00000000750F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3808-139-0x00000000750E0000-0x00000000750F2000-memory.dmp

    Filesize

    72KB

    Download