Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 09:24

General

  • Target

    7950963b742a8b0d9f4e1fd6c642c8b8245a9dc668ce361c9f5390a86c8fd4af.exe

  • Size

    431KB

  • MD5

    d2c0fda1ece3cc90733e291661a10162

  • SHA1

    ec0ea1da845eda2dde1d04e8b715eb8396b4000e

  • SHA256

    7950963b742a8b0d9f4e1fd6c642c8b8245a9dc668ce361c9f5390a86c8fd4af

  • SHA512

    cbc0510fe1781ca101e6fbad17ee6a7b27dc90431256e09ef688815428f6f1c59e64da32a6db55f234d6ba4ce093283aa4facb73bca44405e41e6e3a3d8d349f

  • SSDEEP

    12288:fZsVxH05ZKUdcXUN71oyZZYo1+jYKkJj6GmZU:fZ6Hqt1oSZYoyYb6nZ

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7950963b742a8b0d9f4e1fd6c642c8b8245a9dc668ce361c9f5390a86c8fd4af.exe
    "C:\Users\Admin\AppData\Local\Temp\7950963b742a8b0d9f4e1fd6c642c8b8245a9dc668ce361c9f5390a86c8fd4af.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3036-0-0x0000000000400000-0x000000000046DF40-memory.dmp

    Filesize

    439KB