darkcloud | 7aa2c7dddf4293f44c8d736721480bea6d539228da56a4151c52ba9bffc87f6e

Analysis

max time kernel
139s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 14:30

Target

DHL AWB 38722187090.exe
Size

914KB
MD5

3232348d8f9aa98c80011580ae8d7c43
SHA1

f7887c6ea74e9d435ea8a7764fca67cf388e7477
SHA256

f2ae9306a48f1b446ce9467300267b864e8efe3f9e3b3d01da8bb89133140613
SHA512

2728202d1d29ab4d13e3c5a77eaa5e95a1d5f39969bb260e05331b0828e4da3f242615c663ccf0a44f013f7edadc1581158506feb643c06e08b6f5b2891c956c
SSDEEP

12288:H51qEww2d1mbTi5f6iB1YaZGMLxyAdLdE57Ry8iHs+t8PgaDZsoEJh3Y1EmXxDPJ:jqEw0CCiBDd6zBO8omiDotP1oMd

Score

10^/10

darkcloud stealer

Family

darkcloud

Attributes

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4308 set thread context of 2636	4308	DHL AWB 38722187090.exe	89

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2636	DHL AWB 38722187090.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89
PID 4308 wrote to memory of 2636	4308	DHL AWB 38722187090.exe	89

C:\Users\Admin\AppData\Local\Temp\DHL AWB 38722187090.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB 38722187090.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Users\Admin\AppData\Local\Temp\DHL AWB 38722187090.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL AWB 38722187090.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2636

memory/2636-141-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2636-143-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2636-148-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4308-133-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/4308-134-0x00000000006D0000-0x00000000007BA000-memory.dmp

Filesize
936KB

Download
memory/4308-135-0x00000000058A0000-0x0000000005E44000-memory.dmp

Filesize
5.6MB

Download
memory/4308-136-0x00000000051B0000-0x0000000005242000-memory.dmp

Filesize
584KB

Download
memory/4308-137-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/4308-138-0x0000000005320000-0x000000000532A000-memory.dmp

Filesize
40KB

Download
memory/4308-139-0x0000000005EF0000-0x0000000005F8C000-memory.dmp

Filesize
624KB

Download
memory/4308-140-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download
memory/4308-147-0x00000000748D0000-0x0000000075080000-memory.dmp

Filesize
7.7MB

Download