Overview

overview

10

Static

static

10

NEAS.cbddc...c0.exe

windows7-x64

10

NEAS.cbddc...c0.exe

windows10-2004-x64

10

Resubmissions

13/10/2023, 20:40

231013-zfvwlsab95 10

Analysis

  • max time kernel
    155s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 20:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.cbddc12efb35b167d9bf89ec8aedbac0.exe

  • Size

    2.3MB

  • MD5

    cbddc12efb35b167d9bf89ec8aedbac0

  • SHA1

    caa75e130c53e4a9b4dae297fc63085bbd204e91

  • SHA256

    02a2b3e40710f15c97b9f90e99bd14bdab3df5833c74d511c2ea8ebb0177f279

  • SHA512

    4dc88c280fd1d7bd1d1a33236703c1ef15f610b2b311c72190dd6ef041773bc1bee1ca4fdecb76298d437a7105e7779dc1a1c76353932b8e09d3fa141065c131

  • SSDEEP

    49152:39JJfWb3z7NWrRAMh8l9M9VnnoHszsLvDFH9TX:39TWb+RAMh8l9MYHusnV9L

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.cbddc12efb35b167d9bf89ec8aedbac0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cbddc12efb35b167d9bf89ec8aedbac0.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2060

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2060-0-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2060-1-0x0000000001380000-0x00000000015D2000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/2060-2-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2060-3-0x000000001AF10000-0x000000001AF90000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2060-4-0x000000001AF10000-0x000000001AF90000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2060-5-0x0000000000260000-0x000000000027C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/2060-6-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2060-7-0x000000001ADF0000-0x000000001AE46000-memory.dmp

          Filesize

          344KB

          Download