Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2023, 01:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe
Resource
win7-20230712-en
2 signatures
150 seconds
General
-
Target
295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe
-
Size
907KB
-
MD5
1dc6a4dd8ac552c5bb6aa2f12d83926b
-
SHA1
3c06b68bc42bc79523815d47af13b6b69be6946a
-
SHA256
295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87
-
SHA512
d140fef3db69539e755366cd7ff94e8df5a475093012732ba243d886b664cdb726a726cb4c5e60f8c1e36f2829fddd193413b27b2ea8f2ef5a86b5b4ff346a04
-
SSDEEP
24576:2PYPgrtqyNZPoFJhdK/FtzVOCie84PPtU+e:2w2qyNZAgMH4PPtg
Malware Config
Extracted
Family
darkcloud
Attributes
- email_from
- email_to
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3452 set thread context of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2892 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96 PID 3452 wrote to memory of 2892 3452 295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe"C:\Users\Admin\AppData\Local\Temp\295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3452 -
C:\Users\Admin\AppData\Local\Temp\295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe"C:\Users\Admin\AppData\Local\Temp\295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:2892
-