Overview

overview

10

Static

static

9

5725f38e24...97.exe

windows7_x64

10

5725f38e24...97.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294207s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    28-03-2022 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5725f38e2426e2992bba27abb7c17e3618c77e3ab994b726e138280e2bd99797.exe

  • Size

    575KB

  • MD5

    1088a3707a9424caff2f89182715566a

  • SHA1

    03c3a9f9fa10fa7579435303f84ea040485eeb14

  • SHA256

    5725f38e2426e2992bba27abb7c17e3618c77e3ab994b726e138280e2bd99797

  • SHA512

    754e253fd7d64a8304ab5041677ec5432c14ab00f1c1322ccf7770ffeb0b3127f62091184e77ed7852534a645454ab55263e7d598ea8c9651493650ad403aab4

Score
10/10
darkvncrat

Malware Config

Signatures

  • DarkVNC

    DarkVNC is a malicious version of the famous VNC software.

    ratdarkvnc
  • DarkVNC Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5725f38e2426e2992bba27abb7c17e3618c77e3ab994b726e138280e2bd99797.exe
    "C:\Users\Admin\AppData\Local\Temp\5725f38e2426e2992bba27abb7c17e3618c77e3ab994b726e138280e2bd99797.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe
      2⤵
        PID:1968

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1484-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1484-55-0x0000000000400000-0x0000000000493000-memory.dmp

      Filesize

      588KB

      Download

    • memory/1484-57-0x00000000002E0000-0x0000000000353000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1484-60-0x0000000000400000-0x0000000000493000-memory.dmp

      Filesize

      588KB

      Download

    • memory/1484-56-0x0000000010000000-0x0000000010089000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1484-61-0x0000000000400000-0x0000000000493000-memory.dmp

      Filesize

      588KB

      Download

    • memory/1484-62-0x0000000002750000-0x0000000002890000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1968-63-0x0000000000000000-mapping.dmp

      Download