Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11-01-2023 12:09
Behavioral task
behavioral1
Sample
395d65f4b35591f0505f24aae432c82f802f095ddc1a1b279f29066d0cb9fc56.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
395d65f4b35591f0505f24aae432c82f802f095ddc1a1b279f29066d0cb9fc56.exe
Resource
win10v2004-20221111-en
General
-
Target
395d65f4b35591f0505f24aae432c82f802f095ddc1a1b279f29066d0cb9fc56.exe
-
Size
2.0MB
-
MD5
43c3a083ad45c159332bd1f5978b86c9
-
SHA1
b53004cd9daabc1ddb78ece54f678b8e5d0a48a1
-
SHA256
395d65f4b35591f0505f24aae432c82f802f095ddc1a1b279f29066d0cb9fc56
-
SHA512
cce0b15e71cc2b050a3578f6e9c1ca7d9973fed491bd55b37451195e0c227188ec47300ed6c91c8b1f80363d2993985e621a686a24948d38de6965d1b06f8086
-
SSDEEP
49152:dndSiKG7Idc6Rm8sDJMSgkdEiVTpnjyv:dhURm8vSFVov
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral1/memory/2004-54-0x0000000000EE0000-0x00000000010DA000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
395d65f4b35591f0505f24aae432c82f802f095ddc1a1b279f29066d0cb9fc56.exedescription pid process Token: SeDebugPrivilege 2004 395d65f4b35591f0505f24aae432c82f802f095ddc1a1b279f29066d0cb9fc56.exe