Overview

overview

10

Static

static

3

4c4da7ca3f...c6.exe

windows7-x64

10

4c4da7ca3f...c6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2023 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6.exe

  • Size

    219KB

  • MD5

    08bbb8edf7b5007130f68cbdd34a2fea

  • SHA1

    1d4b99ce9623326a0b38e340262aa781f3f7772b

  • SHA256

    4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6

  • SHA512

    176b9ae412c494c773218f15a0b564b62466f85218503930349f52b0ab7fbcc39fb535afa0e263a4e0985a89e18d761f21c9c3647c3b3d7c0e424c20d7f12d05

  • SSDEEP

    6144:7CiCmqvVOUoSeVrDKVpkN5RszhVPyJiNQvw9hQ+q9PzV+7vdrw2m56OIw:73CmPUoSeZDKV2bRs1VPsiSyhQ+qRsxs

Score
10/10
diamondfoxbotnetinfostealerstealer

Malware Config

Signatures

  • DiamondFox

    DiamondFox is a multipurpose botnet with many capabilities.

    botnetstealerdiamondfox
  • DiamondFox payload 2 IoCs

    Detects DiamondFox payload in file/memory.

    infostealer
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6.exe
    "C:\Users\Admin\AppData\Local\Temp\4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Users\Admin\AppData\Roaming\lsassfold\lsass.exe
      "C:\Users\Admin\AppData\Roaming\lsassfold\lsass.exe" 0
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\lsassfold\lsass.exe
    Filesize

    219KB

    MD5

    08bbb8edf7b5007130f68cbdd34a2fea

    SHA1

    1d4b99ce9623326a0b38e340262aa781f3f7772b

    SHA256

    4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6

    SHA512

    176b9ae412c494c773218f15a0b564b62466f85218503930349f52b0ab7fbcc39fb535afa0e263a4e0985a89e18d761f21c9c3647c3b3d7c0e424c20d7f12d05

    Download Submit

  • C:\Users\Admin\AppData\Roaming\lsassfold\lsass.exe
    Filesize

    219KB

    MD5

    08bbb8edf7b5007130f68cbdd34a2fea

    SHA1

    1d4b99ce9623326a0b38e340262aa781f3f7772b

    SHA256

    4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6

    SHA512

    176b9ae412c494c773218f15a0b564b62466f85218503930349f52b0ab7fbcc39fb535afa0e263a4e0985a89e18d761f21c9c3647c3b3d7c0e424c20d7f12d05

    Download Submit

  • C:\Users\Admin\AppData\Roaming\lsassfold\lsass.exe
    Filesize

    219KB

    MD5

    08bbb8edf7b5007130f68cbdd34a2fea

    SHA1

    1d4b99ce9623326a0b38e340262aa781f3f7772b

    SHA256

    4c4da7ca3fc9b71ecd8f9e8f0b676a2fb2d4c9428abee2abfac827495f94c8c6

    SHA512

    176b9ae412c494c773218f15a0b564b62466f85218503930349f52b0ab7fbcc39fb535afa0e263a4e0985a89e18d761f21c9c3647c3b3d7c0e424c20d7f12d05

    Download Submit

  • memory/3864-15-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/5112-0-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/5112-12-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download