darkcloud | 41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 14:28

Target

41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe
Size

804KB
MD5

18a92e23aba473ea087ea1d7a657d934
SHA1

7939d4ee66de909264064e089e3b8fbb1c9f1430
SHA256

41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790
SHA512

1f53907d3aaa85bb83342cd320573a9c4d9c3627dd7ab6dc8abeddb8147767614bc43dfdd6675797f83971633b3f61487d31e935b4c37ffc534f1ff4979a742a
SSDEEP

12288:NqKus0AXb2qSasZKWoOk7RT9B8b7XRMfPYlLBI2BgnpknPk1Ez9QP:MKrXaqhVf1w7XunYnI2B7kU9

Score

10^/10

darkcloud stealer

Family

darkcloud

Attributes

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2540 set thread context of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2512	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30
PID 2540 wrote to memory of 2512	2540	41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe	30

C:\Users\Admin\AppData\Local\Temp\41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790exe_JC.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2512

memory/2512-71-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2512-65-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2512-77-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2512-73-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2512-69-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2512-61-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2512-63-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2540-54-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2540-58-0x0000000004800000-0x0000000004840000-memory.dmp

Filesize
256KB

Download
memory/2540-60-0x0000000005A20000-0x0000000005ACE000-memory.dmp

Filesize
696KB

Download
memory/2540-59-0x00000000007A0000-0x00000000007AA000-memory.dmp

Filesize
40KB

Download
memory/2540-57-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2540-53-0x0000000000D90000-0x0000000000E5E000-memory.dmp

Filesize
824KB

Download
memory/2540-56-0x00000000004D0000-0x00000000004E4000-memory.dmp

Filesize
80KB

Download
memory/2540-76-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2540-55-0x0000000004800000-0x0000000004840000-memory.dmp

Filesize
256KB

Download