Analysis
-
max time kernel
61s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
30-01-2023 02:13
Behavioral task
behavioral1
Sample
libcrypto.exe
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
libcrypto.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
libcrypto.exe
-
Size
317KB
-
MD5
61ee39f5537e65720ec629a593809c02
-
SHA1
a3ce1a9970fdb69c5f4bde0ffa49ca4cbd0c69bd
-
SHA256
8bed0227175fdad5e7f3c17003af481764230711f774b10af6b55d1ab58b25ec
-
SHA512
2e3c1ae897060820b0d5734c2c74740c22f4d45426fd51917a37cef652917ad12efdda7f3f9352e983f6f029a0d739317630928b82f247d1bbb00685ce97f284
-
SSDEEP
6144:H3yyN3U5XMNNWmfb7DyiUwCyJvjmk65mLRFe+i5SHbrVwCqy:HnNE5XM/j7DFJvAmLRFQ5S/R
Score
10/10
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral1/memory/2044-54-0x00000000000C0000-0x0000000000116000-memory.dmp dcrat -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
libcrypto.exepid process 2044 libcrypto.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
libcrypto.exedescription pid process Token: SeDebugPrivilege 2044 libcrypto.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2044-54-0x00000000000C0000-0x0000000000116000-memory.dmpFilesize
344KB