Overview

overview

10

Static

static

10

0b68b6976c...8c.exe

windows7-x64

10

0b68b6976c...8c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24-03-2023 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b68b6976ce7b3b7932a35a00160e38c.exe

  • Size

    829KB

  • MD5

    0b68b6976ce7b3b7932a35a00160e38c

  • SHA1

    14d43c43292d417da6bbac21491dcf346a4bc0de

  • SHA256

    746cf06882b23f72a1f61783ef15bc50309a451abf181f80342565e89e51e04b

  • SHA512

    7f16da4b0782a351182db85d9315f9057c0ad6996885eeb2111ffad561818a9f487ca6a4444cd50b25667a73b66b3390f45414c4bbb397450afe21f5284541d3

  • SSDEEP

    12288:+f26x3stG2zpTYlbCXdOm6r2i8hiPafbxjkAdbV3knD7nsTVkmT:CStJt0lbXm6r2imlkpnD7nsTVkC

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • DCRat payload 2 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b68b6976ce7b3b7932a35a00160e38c.exe
    "C:\Users\Admin\AppData\Local\Temp\0b68b6976ce7b3b7932a35a00160e38c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2016-54-0x0000000000840000-0x0000000000916000-memory.dmp
    Filesize

    856KB

    Download
  • memory/2016-55-0x000000001AD00000-0x000000001AD80000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2016-56-0x000000001AD00000-0x000000001AD80000-memory.dmp
    Filesize

    512KB

    Download