Analysis
-
max time kernel
148s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
24/07/2023, 06:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
DHL invoice.exe
Resource
win7-20230712-en
4 signatures
150 seconds
General
-
Target
DHL invoice.exe
-
Size
1005KB
-
MD5
cb042c7e4846ae4285bbd1d700bd2c11
-
SHA1
6059f7265731d3d797397804889beb5bfb7a48ff
-
SHA256
0802c13f11828457c8cd914c34d00517fc2ddccfb9060f34d90d01c01db4e47e
-
SHA512
7bd0f93ed6f14a841c98489753957d3ad64eedcb2fc27c80f76e24de1df607349a400cc0b819ee43847e18f5bd81a4faf92a2cbf1108bdf4b4117c2485f1a97d
-
SSDEEP
24576:HFuHpEdNi+i4VsKrezc/e7VeySOQOGmM9M:H2CdNiHMVH/eBDy
Malware Config
Extracted
Family
darkcloud
Attributes
- email_from
- email_to
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4380 set thread context of 1156 4380 DHL invoice.exe 95 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1156 DHL invoice.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95 PID 4380 wrote to memory of 1156 4380 DHL invoice.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"C:\Users\Admin\AppData\Local\Temp\DHL invoice.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:1156
-