Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-01-2024 17:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
DHL AWB TRACKING DETAILS.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
DHL AWB TRACKING DETAILS.exe
-
Size
866KB
-
MD5
5e8251350f619a486b4837dd4e41c7e1
-
SHA1
821494ab9e38414778ee4f17c771f79e3d4093a4
-
SHA256
3b4e3532a40eca44a5d89734e3fa567e88cdda066bcd7048172a5e1f95c8781f
-
SHA512
49ffb4b88718554906872201ddac704d0099f71fe4c6ceb1b8133817384dbb1716844e0ea9412abac5219b80b768ec9f80c198dc111c7413b030184c7a723209
-
SSDEEP
24576:O0m+XZZcgETYgDEPHWh0MfHdGFi7vGyEJZsF4BNysMi:O0vpZFETPIHMww7vlwZLBNy7i
Malware Config
Extracted
Family
darkcloud
Attributes
- email_from
- email_to
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
DHL AWB TRACKING DETAILS.exedescription pid process target process PID 2480 set thread context of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
DHL AWB TRACKING DETAILS.exepid process 2840 DHL AWB TRACKING DETAILS.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
DHL AWB TRACKING DETAILS.exepid process 2840 DHL AWB TRACKING DETAILS.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
DHL AWB TRACKING DETAILS.exedescription pid process target process PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe PID 2480 wrote to memory of 2840 2480 DHL AWB TRACKING DETAILS.exe DHL AWB TRACKING DETAILS.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2840