Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0
-
Size
1.3MB
-
Sample
230203-le7bcsdg38
-
MD5
75d94d9c4b5f51c0d858642511e73a11
-
SHA1
b195f029c43665db1e6bda1ff2e2ad3296cee307
-
SHA256
a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0
-
SHA512
c0815f1670e04becfbe8e3bf681040e71e26bdc1508efbaa04b135a0a6c2c856236b7f3ec00f298d22f09a28df2b0a4103a0a5e5eb59ba037934c7c6a3304340
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Behavioral task
behavioral1
Sample
a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0
-
Size
1.3MB
-
MD5
75d94d9c4b5f51c0d858642511e73a11
-
SHA1
b195f029c43665db1e6bda1ff2e2ad3296cee307
-
SHA256
a23abaec990907ef2ae7842ac7041a4c61934ed9acdfd023586d2bab3f8a3aa0
-
SHA512
c0815f1670e04becfbe8e3bf681040e71e26bdc1508efbaa04b135a0a6c2c856236b7f3ec00f298d22f09a28df2b0a4103a0a5e5eb59ba037934c7c6a3304340
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-