Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.deae068c77a6e63c6d74307f353e5e40.exe
-
Size
784KB
-
Sample
231031-kxzhssge28
-
MD5
deae068c77a6e63c6d74307f353e5e40
-
SHA1
cb740abd0c89cd3cb20356f6e5777f879372f906
-
SHA256
c3b511d889528a52823649518bf1f0227f28c5d76f252bbaea8a3f31578f86a7
-
SHA512
4c506b647042da604aa3f96a30538874218daf4960e4fb11048a7f4a7f998a020928fb2374e27073fe4bf5fd9be80bf0f3d218108bcb0a513467991057115166
-
SSDEEP
12288:eqnO8YpD1oOJp+Ce1PSiG2jfIBoI5DyDwYMDxFesH0ioBw7oKk2:e+ORToOWSi5gBoS4wYUJ0eo2
Behavioral task
behavioral1
Sample
NEAS.deae068c77a6e63c6d74307f353e5e40.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.deae068c77a6e63c6d74307f353e5e40.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.deae068c77a6e63c6d74307f353e5e40.exe
-
Size
784KB
-
MD5
deae068c77a6e63c6d74307f353e5e40
-
SHA1
cb740abd0c89cd3cb20356f6e5777f879372f906
-
SHA256
c3b511d889528a52823649518bf1f0227f28c5d76f252bbaea8a3f31578f86a7
-
SHA512
4c506b647042da604aa3f96a30538874218daf4960e4fb11048a7f4a7f998a020928fb2374e27073fe4bf5fd9be80bf0f3d218108bcb0a513467991057115166
-
SSDEEP
12288:eqnO8YpD1oOJp+Ce1PSiG2jfIBoI5DyDwYMDxFesH0ioBw7oKk2:e+ORToOWSi5gBoS4wYUJ0eo2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1