Analysis
-
max time kernel
142s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16-04-2024 16:31
General
-
Target
42352173769d2a4f3b7e4e10bb135092.exe
-
Size
1.2MB
-
MD5
42352173769d2a4f3b7e4e10bb135092
-
SHA1
87afa2afe4b2a5dda9d7684d79c5f2958d387ac8
-
SHA256
9ef94607fc86a367934d7bd636d9a92c6943e41a79f1defb622d8716f013bde8
-
SHA512
11708e5f16833f513f8ebb5e371dd9bbaaae03ec1d58ebc4dca369dbb4b9b472ad84f88e33b54ac80b64a3d42254a3d990d6584e5fe8b88596f19f2fd1ae82f5
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa5vDa6jeukIWmxrQcBn5:1h+ZkldoPK8Ya5BeantQcX
Score
10/10
Malware Config
Extracted
Family
darkcloud
Attributes
-
email_from
igor.bos@vinoterra.ru
-
email_to
officebackup01@mail.ru
Signatures
-
DarkCloud
An information stealer written in Visual Basic.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\42352173769d2a4f3b7e4e10bb135092.exe"C:\Users\Admin\AppData\Local\Temp\42352173769d2a4f3b7e4e10bb135092.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\42352173769d2a4f3b7e4e10bb135092.exe"2⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2152-11-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/2152-13-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/2152-16-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/2164-10-0x0000000000320000-0x0000000000324000-memory.dmpFilesize
16KB