Analysis
-
max time kernel
147s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
24/07/2023, 06:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
DHL invoice.exe
Resource
win7-20230712-en
4 signatures
150 seconds
General
-
Target
DHL invoice.exe
-
Size
1005KB
-
MD5
cb042c7e4846ae4285bbd1d700bd2c11
-
SHA1
6059f7265731d3d797397804889beb5bfb7a48ff
-
SHA256
0802c13f11828457c8cd914c34d00517fc2ddccfb9060f34d90d01c01db4e47e
-
SHA512
7bd0f93ed6f14a841c98489753957d3ad64eedcb2fc27c80f76e24de1df607349a400cc0b819ee43847e18f5bd81a4faf92a2cbf1108bdf4b4117c2485f1a97d
-
SSDEEP
24576:HFuHpEdNi+i4VsKrezc/e7VeySOQOGmM9M:H2CdNiHMVH/eBDy
Malware Config
Extracted
Family
darkcloud
Attributes
- email_from
- email_to
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1972 set thread context of 2508 1972 DHL invoice.exe 30 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2508 DHL invoice.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30 PID 1972 wrote to memory of 2508 1972 DHL invoice.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:2508
-