Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7609a834c94e791232efcf7fe8fe7df0_exe32.exe

  • Size

    783KB

  • Sample

    231015-ydbvaaec24

  • MD5

    7609a834c94e791232efcf7fe8fe7df0

  • SHA1

    d1d3e1755f5d4d264a7d5cf2fdb6f0bcd3afc61f

  • SHA256

    b155894733ade318a1448d83f693806ed14dec0378d03513ecab33971106a4ab

  • SHA512

    f093b654517987cd3c2d4576e0af7ac0eb5d917967ceab42f1cc5e2d0a14d731c54f6e32d24dcf052ffb2c7970fd3a7b7ff42d08d738dd8fdad05fb458e6a8b8

  • SSDEEP

    12288:GqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:G+OQbpbgsFdAyQvzSqaq8q

Malware Config

Targets

    • Target

      7609a834c94e791232efcf7fe8fe7df0_exe32.exe

    • Size

      783KB

    • MD5

      7609a834c94e791232efcf7fe8fe7df0

    • SHA1

      d1d3e1755f5d4d264a7d5cf2fdb6f0bcd3afc61f

    • SHA256

      b155894733ade318a1448d83f693806ed14dec0378d03513ecab33971106a4ab

    • SHA512

      f093b654517987cd3c2d4576e0af7ac0eb5d917967ceab42f1cc5e2d0a14d731c54f6e32d24dcf052ffb2c7970fd3a7b7ff42d08d738dd8fdad05fb458e6a8b8

    • SSDEEP

      12288:GqnOYxdAgpoNeF91rg5iFdr0yQ9gYx+EIpakCYJRU7Q9bWoFzqK:G+OQbpbgsFdAyQvzSqaq8q

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks