Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a
-
Size
1.3MB
-
Sample
221101-25hcxsfge3
-
MD5
bb1475c169fa9d4583d71c9f5feee016
-
SHA1
7e2028c83fa1c4f13a4523f04fe9c7b17d5ebdfc
-
SHA256
1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a
-
SHA512
f64ce56cf7e13b94e6440e07b9c8bbeacaf1494a6fd87023fe087f17adddcb6402b47d38cb40bfd48aa6f901b20a79a601049f4f9f73dfe57c9fe4b3d8ed7357
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a
-
Size
1.3MB
-
MD5
bb1475c169fa9d4583d71c9f5feee016
-
SHA1
7e2028c83fa1c4f13a4523f04fe9c7b17d5ebdfc
-
SHA256
1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a
-
SHA512
f64ce56cf7e13b94e6440e07b9c8bbeacaf1494a6fd87023fe087f17adddcb6402b47d38cb40bfd48aa6f901b20a79a601049f4f9f73dfe57c9fe4b3d8ed7357
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-