Overview

overview

10

Static

static

cf04fc9db5...88.exe

windows7_x64

10

cf04fc9db5...88.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294212s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    20-03-2022 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf04fc9db51e68544ae38d93ef517e8fff5c8a4e14d0c1628e7b9bcbf8286e88.exe

  • Size

    9.5MB

  • MD5

    dcb0e76902f912328a7613df7221cfae

  • SHA1

    1814a081ed127351f1cb6ad40e9003ab168508c4

  • SHA256

    cf04fc9db51e68544ae38d93ef517e8fff5c8a4e14d0c1628e7b9bcbf8286e88

  • SHA512

    6367e5546d90ea39432f1a1d1a321206b4b5be31d79ca82f3deea95a94edd25f606e9cc878e5e9dc372efd0338c3f9f071bf5a0268dea667122688263dcf8fda

Score
10/10
darkvncrat

Malware Config

Signatures

  • DarkVNC

    DarkVNC is a malicious version of the famous VNC software.

    ratdarkvnc
  • DarkVNC Payload 3 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf04fc9db51e68544ae38d93ef517e8fff5c8a4e14d0c1628e7b9bcbf8286e88.exe
    "C:\Users\Admin\AppData\Local\Temp\cf04fc9db51e68544ae38d93ef517e8fff5c8a4e14d0c1628e7b9bcbf8286e88.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe
      2⤵
        PID:464

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/464-62-0x0000000000080000-0x0000000000081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/464-63-0x0000000000290000-0x0000000000359000-memory.dmp

      Filesize

      804KB

      Download

    • memory/1684-54-0x0000000075841000-0x0000000075843000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1684-55-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1684-56-0x0000000001BD0000-0x0000000001BD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1684-57-0x0000000010000000-0x0000000010089000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1684-60-0x0000000000400000-0x000000000047B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1684-61-0x0000000002790000-0x00000000028D0000-memory.dmp

      Filesize

      1.2MB

      Download