Analysis
-
max time kernel
47s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23-03-2023 18:03
Behavioral task
behavioral1
Sample
038.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
038.exe
-
Size
698KB
-
MD5
52ac6ad9bec9773531d170fe025f8cfe
-
SHA1
fd15564483854d8d26610de2ff8f8dafcb861b02
-
SHA256
1b5114a819cd0f44d02a11ac1f896e934a93cef4375292ca9aa763b8e41bddd9
-
SHA512
2b8e283d903da80ae5e11301d7acfb304d78a6c08f52bd7437348654c5f942fab6594679ff1579217fcd9c2d4ee08a59acff28714367e8b39f164055ded50c56
-
SSDEEP
12288:Z4w1tMWi5bzSICSpy0jFx+uve102bo1U+kCRqn:Z4AtZICSn+y92boyQ+
Score
10/10
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral1/memory/4884-133-0x000001EF938C0000-0x000001EF93976000-memory.dmp dcrat -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
038.exepid process 4884 038.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
038.exedescription pid process Token: SeDebugPrivilege 4884 038.exe