Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
11-01-2023 12:51
Behavioral task
behavioral1
Sample
e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exe
Resource
win10v2004-20221111-en
General
-
Target
e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exe
-
Size
2.0MB
-
MD5
182fd62fdf57aaf29a889c1b65c65a2d
-
SHA1
bf4a705fb1a061590a50d4ce9e059c24c00b7a96
-
SHA256
e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7
-
SHA512
560028e45bb43279fb12e214683c021ca5e83d2f07419a9f68806a9dac47bc187cc62f3fdf82a53e1ec3724a2cd06be04759efec57a41895e50d061304fb4a37
-
SSDEEP
49152:dndSiKG7Idc6Rm8sDJMSgkdEiVTpnjyv:dhURm8vSFVov
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral2/memory/3272-132-0x0000000000460000-0x000000000065A000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exedescription pid process Token: SeDebugPrivilege 3272 e041951b9084d03b1685ed2fdea5587258b721c0c57940fea6167656bf2c69f7.exe