darkcloud | 3b4e3532a40eca44a5d89734e3fa567e88cdda066bcd7048172a5e1f95c8781f

Analysis

max time kernel
137s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DHL AWB TRACKING DETAILS.exe
Size

866KB
MD5

5e8251350f619a486b4837dd4e41c7e1
SHA1

821494ab9e38414778ee4f17c771f79e3d4093a4
SHA256

3b4e3532a40eca44a5d89734e3fa567e88cdda066bcd7048172a5e1f95c8781f
SHA512

49ffb4b88718554906872201ddac704d0099f71fe4c6ceb1b8133817384dbb1716844e0ea9412abac5219b80b768ec9f80c198dc111c7413b030184c7a723209
SSDEEP

24576:O0m+XZZcgETYgDEPHWh0MfHdGFi7vGyEJZsF4BNysMi:O0vpZFETPIHMww7vlwZLBNy7i

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Signatures

DarkCloud
An information stealer written in Visual Basic.
stealer darkcloud

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2876 set thread context of 2704	2876	DHL AWB TRACKING DETAILS.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2704	DHL AWB TRACKING DETAILS.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2704	DHL AWB TRACKING DETAILS.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28
PID 2876 wrote to memory of 2704	2876	DHL AWB TRACKING DETAILS.exe	28

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2704-9-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2704-23-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2704-19-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2704-17-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2704-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2704-13-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2704-11-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2876-4-0x0000000000480000-0x0000000000488000-memory.dmp

Filesize
32KB

Download
memory/2876-8-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2876-7-0x0000000074C50000-0x000000007533E000-memory.dmp

Filesize
6.9MB

Download
memory/2876-6-0x0000000005560000-0x000000000560E000-memory.dmp

Filesize
696KB

Download
memory/2876-5-0x00000000009E0000-0x00000000009EC000-memory.dmp

Filesize
48KB

Download
memory/2876-1-0x0000000074C50000-0x000000007533E000-memory.dmp

Filesize
6.9MB

Download
memory/2876-3-0x0000000000450000-0x0000000000468000-memory.dmp

Filesize
96KB

Download
memory/2876-20-0x0000000074C50000-0x000000007533E000-memory.dmp

Filesize
6.9MB

Download
memory/2876-2-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/2876-0-0x00000000011F0000-0x00000000012CE000-memory.dmp

Filesize
888KB

Download