Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522
-
Size
2.5MB
-
Sample
231012-q17w8see94
-
MD5
e71b100ba4895671392bebdb6940b58a
-
SHA1
3f0cc8aad3fa8041b5ba40ac4c3e9d9d2d909d25
-
SHA256
f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522
-
SHA512
24d99c32e2b275aa2554225932e73c319169cbe87811ab4d08861e44a43f0e7984690e1e83200405321062680d7ec679eea7ab7d09b633700b1edcf73dc68191
-
SSDEEP
49152:UbA30JB27p9ftg4mUnKbgHns5D6RL1gVHrl+ZraG9LOgwddVyB7pe:Ub3a9fmbgMN8qLYxasqDncq
Behavioral task
behavioral1
Sample
f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522
-
Size
2.5MB
-
MD5
e71b100ba4895671392bebdb6940b58a
-
SHA1
3f0cc8aad3fa8041b5ba40ac4c3e9d9d2d909d25
-
SHA256
f554f85e09589b01fd0b4280b8446e4c28300e699676ca4c1a1bac3342b48522
-
SHA512
24d99c32e2b275aa2554225932e73c319169cbe87811ab4d08861e44a43f0e7984690e1e83200405321062680d7ec679eea7ab7d09b633700b1edcf73dc68191
-
SSDEEP
49152:UbA30JB27p9ftg4mUnKbgHns5D6RL1gVHrl+ZraG9LOgwddVyB7pe:Ub3a9fmbgMN8qLYxasqDncq
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-