Analysis
-
max time kernel
103s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2023 14:41
Behavioral task
behavioral1
Sample
429b305d240c130b141eb3d4c0ba1fa731b4ba3fcfbebe3b3de0c329d947ed8c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
429b305d240c130b141eb3d4c0ba1fa731b4ba3fcfbebe3b3de0c329d947ed8c.exe
Resource
win10v2004-20220812-en
General
-
Target
429b305d240c130b141eb3d4c0ba1fa731b4ba3fcfbebe3b3de0c329d947ed8c.exe
-
Size
2.0MB
-
MD5
5bc462a7ed28ccdf5afbcdbbe85d1b76
-
SHA1
9aea646d5ddb0c75294b2e8a61aa99b7003d0b56
-
SHA256
429b305d240c130b141eb3d4c0ba1fa731b4ba3fcfbebe3b3de0c329d947ed8c
-
SHA512
85de4e7f2bc6183a13c361a9b5d388fa42a5e653d62b1585444f55cac2717c5f6c0408bf2cbcc783c3b08b40dbc0cab940cbf57e2f0e58f3b5b8693ca1e82d2f
-
SSDEEP
49152:dndSiKG7Idc6Rm8sDJMSgkdEiVTpnjyv:dhURm8vSFVov
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral2/memory/3968-132-0x0000000000DA0000-0x0000000000F9A000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
429b305d240c130b141eb3d4c0ba1fa731b4ba3fcfbebe3b3de0c329d947ed8c.exedescription pid process Token: SeDebugPrivilege 3968 429b305d240c130b141eb3d4c0ba1fa731b4ba3fcfbebe3b3de0c329d947ed8c.exe