Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 14:02

General

  • Target

    63bd4a94d37aa6aceab2c6d8423db403b9fd467b85e5c299f736b80e55f7ebf2.exe

  • Size

    431KB

  • MD5

    8d58433f19119d601a6a8f1430026598

  • SHA1

    e7a2d1f1e12d11a055c8a27375356804b51f8e0e

  • SHA256

    63bd4a94d37aa6aceab2c6d8423db403b9fd467b85e5c299f736b80e55f7ebf2

  • SHA512

    559db1c502e0260bd3cf9ce18e499c9935c21093fe032e142f0197e621511f950cbe517020500bcf072411457ea4d8ecfbb85125c7bc7c0212e25adbe7bf7f25

  • SSDEEP

    12288:eZsVxH05ZKUdcXUN71oyZZYo1+jYKkJj6GmZU:eZ6Hqt1oSZYoyYb6nZ

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63bd4a94d37aa6aceab2c6d8423db403b9fd467b85e5c299f736b80e55f7ebf2.exe
    "C:\Users\Admin\AppData\Local\Temp\63bd4a94d37aa6aceab2c6d8423db403b9fd467b85e5c299f736b80e55f7ebf2.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2236-0-0x0000000000400000-0x000000000046DF40-memory.dmp

    Filesize

    439KB