Overview

overview

3

Static

static

3

CRACKED CL...ed.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    12s
  • max time network
    15s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/11/2024, 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CRACKED CLOUDY/cloudy-cracked.exe

  • Size

    1.3MB

  • MD5

    f6138d4bcc2ad07e24542a4d1af1fbf1

  • SHA1

    fe5c9391cf451b05a10a09ad842de4d7fc14e2d9

  • SHA256

    aaaa841b7c207f3ec7a41922e6873e637d8640deb81229b816d4b524bb318ab5

  • SHA512

    4a7270c05281d638d0b498e90bf3b8409e76e76af17e494cfe1bd384e61656f7e1fad30b20483dbaf4597e3e3a6aa36e91c661df4f4f3fa2f75907c60319a543

  • SSDEEP

    24576:3QJLxgQVz/df8zhvPC6WBXZlF6J6g8iLIYusX2gdZqbJvtzhv:3AiEz4hvPUBzIOLQIBthv

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CRACKED CLOUDY\cloudy-cracked.exe
    "C:\Users\Admin\AppData\Local\Temp\CRACKED CLOUDY\cloudy-cracked.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3088
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c start cmd /C "color b && title Error && echo You must run the function KeyAuthApp.init(); first && timeout /t 5"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5032
      • C:\Windows\system32\cmd.exe
        cmd /C "color b && title Error && echo You must run the function KeyAuthApp.init(); first && timeout /t 5"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4440
        • C:\Windows\system32\timeout.exe
          timeout /t 5
          4⤵
          • Delays execution with timeout.exe
          PID:4208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3088-0-0x00007FF86D2C3000-0x00007FF86D2C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3088-1-0x00000171B86F0000-0x00000171B8844000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3088-2-0x00007FF86D2C0000-0x00007FF86DD82000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3088-3-0x00000171BA460000-0x00000171BA47C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3088-4-0x00000171D2F40000-0x00000171D2F52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3088-5-0x00007FF86D2C0000-0x00007FF86DD82000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3088-6-0x00000171D32C0000-0x00000171D3372000-memory.dmp

    Filesize

    712KB

    Download

  • memory/3088-7-0x00000171D3250000-0x00000171D3272000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3088-9-0x00000171D3280000-0x00000171D32BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3088-11-0x00007FF86D2C0000-0x00007FF86DD82000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3088-10-0x00000171D7180000-0x00000171D7188000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3088-13-0x00000171D71D0000-0x00000171D71DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3088-12-0x00000171D7200000-0x00000171D7238000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3088-14-0x00007FF86D2C0000-0x00007FF86DD82000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3088-15-0x00007FF86D2C0000-0x00007FF86DD82000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3088-18-0x00007FF86D2C0000-0x00007FF86DD82000-memory.dmp

    Filesize

    10.8MB

    Download