Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-04-2024 17:12
General
-
Target
file4232024.exe
-
Size
1.1MB
-
MD5
982f1903db530be43b0d0fc4ce976e8e
-
SHA1
e2a9534e65f2ae33df71b136cfef600eab4f3627
-
SHA256
0c0d782dac4f8afdf63e33666febfe1aea6605c1a64ae532a8b84d2d315b176b
-
SHA512
80d5a9a05b5079dc99f48ac2497dfa5ef08fb37204d5b6811f5ad3806950d43ddfecea13713e9624ef00473f75c94a661b48b27363461a532bcb237a6afbbd2b
-
SSDEEP
24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaoPOpKOWz6zBvxwiruLgP5:Oh+ZkldoPK8YaompKFz6lJw4uA
Score
10/10
Malware Config
Extracted
Family
darkcloud
Attributes
-
email_from
igor.bos@vinoterra.ru
-
email_to
office.tony39@mail.ru
Signatures
-
DarkCloud
An information stealer written in Visual Basic.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file4232024.exe"C:\Users\Admin\AppData\Local\Temp\file4232024.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\file4232024.exe"2⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2952-10-0x0000000000290000-0x0000000000294000-memory.dmpFilesize
16KB
-
memory/3060-11-0x0000000000400000-0x0000000000460000-memory.dmpFilesize
384KB
-
memory/3060-13-0x0000000000400000-0x0000000000460000-memory.dmpFilesize
384KB
-
memory/3060-16-0x0000000000400000-0x0000000000460000-memory.dmpFilesize
384KB
-
memory/3060-17-0x0000000000400000-0x0000000000460000-memory.dmpFilesize
384KB