Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-01-2024 09:24
Behavioral task
behavioral1
Sample
207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exe
-
Size
431KB
-
MD5
8e2e1fe21a90c9f87436aa013145b8ad
-
SHA1
354df3e0cd3717761f8792fb4e9fd6527b64e933
-
SHA256
207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d
-
SHA512
3761112dee43ed6b65d8034ca84e86dc390963ba96755cc7c572267b583245156075023de36fe08a1815f2a105e87a72c68c40a162c841b6dc1f33d61d0edf1c
-
SSDEEP
12288:dZsVxH05ZKUdcXUN71oyZZYo1+jYKkJj6GmZU:dZ6Hqt1oSZYoyYb6nZ
Malware Config
Extracted
Family
darkcloud
Attributes
- email_from
- email_to
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exepid process 3028 207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exepid process 3028 207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exe"C:\Users\Admin\AppData\Local\Temp\207f0df1c81520fd3f430cfb4a6893e27996d8645602f9056e9ff55952a4957d.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3028