Overview

overview

10

Static

static

3

PO-2320.exe

windows7-x64

10

PO-2320.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2023, 09:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    PO-2320.exe

  • Size

    892KB

  • MD5

    45bdd49d71f18e1fbe45a0e4ab3e023d

  • SHA1

    9b614d6d1cdd98ec483014d767a4a15160313437

  • SHA256

    c05fbef6ef68934b1381cf48a956981ea7e1bc4969ca97c8d9851c0309e4538f

  • SHA512

    e336dedccaee99f7267f5b4bc4bb7df8bbf9917726a0ac3dc66e1eb675715868fa9c1b09f1cc9502f89e522594c58a4cc9c9dea9e12a783574320b76bba7bc0f

  • SSDEEP

    24576:OTdCjE5asQ59ZH4iKcxS1IQGMsclrxOc:O5CAIsQ59OMxS1vi8Q

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

Attributes

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO-2320.exe
    "C:\Users\Admin\AppData\Local\Temp\PO-2320.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Users\Admin\AppData\Local\Temp\PO-2320.exe
      "C:\Users\Admin\AppData\Local\Temp\PO-2320.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2876

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2792-75-0x0000000074850000-0x0000000074F3E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2792-55-0x0000000074850000-0x0000000074F3E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2792-56-0x0000000004E90000-0x0000000004ED0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2792-57-0x00000000006D0000-0x00000000006E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2792-58-0x0000000074850000-0x0000000074F3E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2792-59-0x0000000004E90000-0x0000000004ED0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2792-60-0x00000000006E0000-0x00000000006EA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2792-61-0x0000000005600000-0x00000000056AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2792-54-0x0000000000A70000-0x0000000000B56000-memory.dmp

          Filesize

          920KB

          Download

        • memory/2876-62-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/2876-66-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/2876-70-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2876-72-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/2876-64-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/2876-74-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/2876-78-0x0000000000400000-0x000000000046D000-memory.dmp

          Filesize

          436KB

          Download