darkcloud | 55bb1002104a85a9dbaa1ae0853aff09783f37eab7f1e87a8ce7f40652673138

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 10:32

Target

NEW PO.exe
Size

907KB
MD5

1dc6a4dd8ac552c5bb6aa2f12d83926b
SHA1

3c06b68bc42bc79523815d47af13b6b69be6946a
SHA256

295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87
SHA512

d140fef3db69539e755366cd7ff94e8df5a475093012732ba243d886b664cdb726a726cb4c5e60f8c1e36f2829fddd193413b27b2ea8f2ef5a86b5b4ff346a04
SSDEEP

24576:2PYPgrtqyNZPoFJhdK/FtzVOCie84PPtU+e:2w2qyNZAgMH4PPtg

Score

10^/10

darkcloud stealer

Family

darkcloud

Attributes

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4968 set thread context of 992	4968	NEW PO.exe	96

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
992	NEW PO.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96
PID 4968 wrote to memory of 992	4968	NEW PO.exe	96

C:\Users\Admin\AppData\Local\Temp\NEW PO.exe
"C:\Users\Admin\AppData\Local\Temp\NEW PO.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Users\Admin\AppData\Local\Temp\NEW PO.exe
  "C:\Users\Admin\AppData\Local\Temp\NEW PO.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:992

memory/992-142-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/992-149-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/992-145-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4968-136-0x00000000052F0000-0x0000000005382000-memory.dmp

Filesize
584KB

Download
memory/4968-137-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download
memory/4968-138-0x00000000053D0000-0x00000000053DA000-memory.dmp

Filesize
40KB

Download
memory/4968-139-0x0000000074730000-0x0000000074EE0000-memory.dmp

Filesize
7.7MB

Download
memory/4968-140-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download
memory/4968-141-0x000000000AB20000-0x000000000ABBC000-memory.dmp

Filesize
624KB

Download
memory/4968-133-0x0000000000830000-0x000000000091A000-memory.dmp

Filesize
936KB

Download
memory/4968-135-0x0000000005980000-0x0000000005F24000-memory.dmp

Filesize
5.6MB

Download
memory/4968-147-0x0000000074730000-0x0000000074EE0000-memory.dmp

Filesize
7.7MB

Download
memory/4968-134-0x0000000074730000-0x0000000074EE0000-memory.dmp

Filesize
7.7MB

Download