Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Expensive.exe
-
Size
2.1MB
-
Sample
231028-xs4m6sef9w
-
MD5
9127de477fcc591eea0315222e9ab353
-
SHA1
3731c238313b43c908c5c10981f6e0f35bb6593f
-
SHA256
071523576cd4bb651eeecf43780cea7dd9bcba75e00382016bc6ce9d47129c98
-
SHA512
3999391dc6dd1e2e92d2d1318ee6b2306542c0e7d2977e73130283a3b44edce8b553663e17d54eb683ddf04096006a31d8b47b430309e38f199599f6c9947023
-
SSDEEP
24576:h2G/nvxW3Wwh0hcCTp8vHOBYpTy1h1SyhGfS3l2o4nFAwODRxWcKmBN3ialREy4z:hbA3tGhcqKIJT1fsFpO/kWiaUJz
Behavioral task
behavioral1
Sample
Expensive.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
Expensive.exe
-
Size
2.1MB
-
MD5
9127de477fcc591eea0315222e9ab353
-
SHA1
3731c238313b43c908c5c10981f6e0f35bb6593f
-
SHA256
071523576cd4bb651eeecf43780cea7dd9bcba75e00382016bc6ce9d47129c98
-
SHA512
3999391dc6dd1e2e92d2d1318ee6b2306542c0e7d2977e73130283a3b44edce8b553663e17d54eb683ddf04096006a31d8b47b430309e38f199599f6c9947023
-
SSDEEP
24576:h2G/nvxW3Wwh0hcCTp8vHOBYpTy1h1SyhGfS3l2o4nFAwODRxWcKmBN3ialREy4z:hbA3tGhcqKIJT1fsFpO/kWiaUJz
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2