6ca0732c155a15f67928a38c9c9ba8b2f08fb5e90fa38332b94b0457607c208b

Analysis

max time kernel
64s
max time network
29s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-04-2023 11:34

Target

SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe
Size

234KB
MD5

4851971e37ce8cd2b61a795780b7d4b5
SHA1

eab1b044ddb4df43660b96cf8000e6b0bacf9f6e
SHA256

6ca0732c155a15f67928a38c9c9ba8b2f08fb5e90fa38332b94b0457607c208b
SHA512

82bbaa0f15206a2322a75d20571baf20c5e7e91c6cc5e1d4fdc1aebc36624c2da7cefa036e7bf6d1e0252a914e705631829cc12ade308f872ffe008b7c8731de
SSDEEP

3072:Yiwwb6hYh8zBR4FGTy8YkMwjmalLUZ7d+a+4alnzr1AXwBdR+6dO6drF4OogCY14:dY+hxl6pi4lnzr8wBWr692c1IOq

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid	Process
1928	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description	pid	Process
Token: SeDebugPrivilege	1928	powershell.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe

description	pid	Process	procid_target
PID 1960 wrote to memory of 1928	1960	SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe	27
PID 1960 wrote to memory of 1928	1960	SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe	27
PID 1960 wrote to memory of 1928	1960	SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe	27
PID 1960 wrote to memory of 1928	1960	SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe	27

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.DCRat.11088.10887.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1928

memory/1928-58-0x00000000025A0000-0x00000000025E0000-memory.dmp

Filesize
256KB

Download
memory/1928-59-0x00000000025A0000-0x00000000025E0000-memory.dmp

Filesize
256KB

Download
memory/1928-60-0x00000000025A0000-0x00000000025E0000-memory.dmp

Filesize
256KB

Download
memory/1928-62-0x00000000025A0000-0x00000000025E0000-memory.dmp

Filesize
256KB

Download
memory/1960-54-0x0000000001220000-0x000000000125C000-memory.dmp

Filesize
240KB

Download
memory/1960-55-0x0000000000590000-0x00000000005D0000-memory.dmp

Filesize
256KB

Download
memory/1960-61-0x0000000000590000-0x00000000005D0000-memory.dmp

Filesize
256KB

Download