8bc4d422624113b2af547b64fa7df842b821f189ca4d7bad6e75767fec4a9e59

Submit
Reports

Overview

overview

Static

static

123.bat

windows10-1703-x64

DCRat.exe

windows10-1703-x64

data/7zxa.dll

windows10-1703-x64

data/DCRAC.exe

windows10-1703-x64

data/DCRCC.exe

windows10-1703-x64

data/Default.exe

windows10-1703-x64

data/NCC2.dll

windows10-1703-x64

data/NCC3.dll

windows10-1703-x64

data/NCCheck.dll

windows10-1703-x64

data/Rar.exe

windows10-1703-x64

data/RarExt.dll

windows10-1703-x64

data/RarExt64.dll

windows10-1703-x64

data/WinCon.exe

windows10-1703-x64

data/Zip.exe

windows10-1703-x64

data/dnlib.dll

windows10-1703-x64

data/dotNE...le.exe

windows10-1703-x64

data/dotNE...or.exe

windows10-1703-x64

data/enc.vbe

windows10-1703-x64

data/upx.exe

windows10-1703-x64

data/wRar.exe

windows10-1703-x64

lib/IIIlll...lI.jar

windows10-1703-x64

lib/IIIlll...lI.jar

windows10-1703-x64

lib/IIlIlI...lI.jar

windows10-1703-x64

lib/IlIIlI...II.jar

windows10-1703-x64

lib/IlIlII...Il.jar

windows10-1703-x64

lib/IlIllI...Il.jar

windows10-1703-x64

lib/IllIII...II.jar

windows10-1703-x64

lib/lIIllI...Il.jar

windows10-1703-x64

lib/llIlII...lI.jar

windows10-1703-x64

plugins/BS...on.dll

windows10-1703-x64

plugins/Bl...in.dll

windows10-1703-x64

plugins/Bu...in.dll

windows10-1703-x64

Analysis

max time kernel
132s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-04-2024 04:43

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx zgrat

5 signatures

Behavioral task

behavioral1

Sample

123.bat

Resource

win10-20240404-en

discovery

windows10-1703-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

DCRat.exe

Resource

win10-20240404-en

discovery

windows10-1703-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

data/7zxa.dll

Resource

win10-20240404-en

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

data/DCRAC.exe

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

data/DCRCC.exe

Resource

win10-20240404-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

data/Default.exe

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

data/NCC2.dll

Resource

win10-20240404-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

data/NCC3.dll

Resource

win10-20240404-en

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

data/NCCheck.dll

Resource

win10-20240404-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

data/Rar.exe

Resource

win10-20240404-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

data/RarExt.dll

Resource

win10-20240404-en

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

data/RarExt64.dll

Resource

win10-20240404-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

data/WinCon.exe

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

data/Zip.exe

Resource

win10-20240404-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

data/dnlib.dll

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

data/dotNET_Reactor.Console.exe

Resource

win10-20240404-en

zgrat rat

windows10-1703-x64

6 signatures

150 seconds

Behavioral task

behavioral17

Sample

data/dotNET_Reactor.exe

Resource

win10-20240404-en

zgrat rat

windows10-1703-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

data/enc.vbe

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

data/upx.exe

Resource

win10-20240404-en

upx

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

data/wRar.exe

Resource

win10-20240404-en

persistence

windows10-1703-x64

6 signatures

150 seconds

Behavioral task

behavioral21

Sample

lib/IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

lib/IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlI.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

lib/IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

lib/IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

lib/IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

lib/IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

lib/IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

lib/lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

lib/llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar

Resource

win10-20240404-en

discovery

windows10-1703-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

plugins/BSoDProtection/BSoDProtection.dll

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

plugins/BlockInputPlugin/BlockInputPlugin.dll

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

plugins/BuildInstallationTweaksPlugin/BuildInstallationTweaksPlugin.dll

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

data/NCCheck.dll
Size

162KB
MD5

569052631a6b80c1c6a336c10c978b02
SHA1

4bc411b19536c90a6ea0917d7d93f3f6560ee6f0
SHA256

c41cd461470ff3c936e225cea37e5190cb06e3cd70a3d76ca8e5d3aceead5493
SHA512

d0e251973a0c6b3fecaa41d9042c7001e4e9e20484fe2ed9ed1ce04a416952054cb010bff6643c0fa093ac60bbe079c11ba0d6f9699224a3db7a56fdbc4f7f69
SSDEEP

3072:iW3Hj+g/SFOANotkow8WZT75Izm04x7RP+iH3D1VIkB5XFu9H:v36gp5tk5Nx1P+iH3D1VIk6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4024 wrote to memory of 708	4024	rundll32.exe	rundll32.exe
PID 4024 wrote to memory of 708	4024	rundll32.exe	rundll32.exe
PID 4024 wrote to memory of 708	4024	rundll32.exe	rundll32.exe

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\data\NCCheck.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\data\NCCheck.dll,#1
2⤵
PID:708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/708-0-0x0000000003F80000-0x0000000003FBD000-memory.dmp

Filesize
244KB

Download