Overview

overview

10

Static

static

10

8f4da657a9...58.exe

windows7-x64

10

8f4da657a9...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2023 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f4da657a98dd34b30d0f73d6779c1bff53e8e7258420ef3c6343d8fd0f1a558.exe

  • Size

    2.0MB

  • MD5

    880a2814118f8cedb133b7bbe7718f15

  • SHA1

    c384a8111263389f6136f7f4ae454a652957c5e1

  • SHA256

    8f4da657a98dd34b30d0f73d6779c1bff53e8e7258420ef3c6343d8fd0f1a558

  • SHA512

    4cef55970ad0e0f7ee6b5894b00fb128154968af79a4164fce99f69300e616c6819851725e7613db3736fa5baa68abf5e837039a651feb8c6fed1b75b226d925

  • SSDEEP

    49152:9ndSiKG7Idc6Rm8sDJMSgkdEiVTpnjyv:9hURm8vSFVov

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f4da657a98dd34b30d0f73d6779c1bff53e8e7258420ef3c6343d8fd0f1a558.exe
    "C:\Users\Admin\AppData\Local\Temp\8f4da657a98dd34b30d0f73d6779c1bff53e8e7258420ef3c6343d8fd0f1a558.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1508-132-0x0000000000DE0000-0x0000000000FDA000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1508-133-0x00007FF9D4C80000-0x00007FF9D5741000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1508-134-0x00007FF9D4C80000-0x00007FF9D5741000-memory.dmp
    Filesize

    10.8MB

    Download