Overview

overview

10

Static

static

mixazed_20...49.exe

windows7_x64

10

mixazed_20...49.exe

windows10_x64

10

Analysis

  • max time kernel
    17s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    16-08-2021 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mixazed_20210816-170249.exe

  • Size

    513KB

  • MD5

    a79c261f6fae161ede7489db34ca3813

  • SHA1

    c2d6bb13082a20c0fe6a97d49a01d5f39355e952

  • SHA256

    5895164454aba620b70384013953a9e1e8e0b90166bd5fb849275e42071f0025

  • SHA512

    6097dd911f5ca54e7df4281bae393b0a91abf601a89af33b726e177855c7060045db843763b9dff147b589cbf67a3daddf8b584a9f7adb340da377ce089c80a7

Score
10/10
darkvncrat

Malware Config

Signatures

  • DarkVNC

    DarkVNC is a malicious version of the famous VNC software.

    ratdarkvnc
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • DarkVNC Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mixazed_20210816-170249.exe
    "C:\Users\Admin\AppData\Local\Temp\mixazed_20210816-170249.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3624
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe
      2⤵
        PID:2612
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 496
        2⤵
        • Suspicious use of NtCreateProcessExOtherParentProcess
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2680

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2612-118-0x000001B588B20000-0x000001B588B21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2612-119-0x000001B588D90000-0x000001B588F39000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3624-116-0x0000000000400000-0x0000000000937000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/3624-115-0x00000000009D0000-0x0000000000B1A000-memory.dmp

      Filesize

      1.3MB

      Download