Resubmissions

19-06-2024 17:51

240619-wfeb3szfml 3

12-06-2024 19:27

240612-x6k3zs1bnn 10

Analysis

  • max time kernel
    137s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 19:27

General

  • Target

    DCRat by C3lestial.fun.rar

  • Size

    33.5MB

  • MD5

    3112a622ece7c44b53c87e949af1ddd5

  • SHA1

    a770bef606f2ca9927a9500c20bdbf77cc0fc820

  • SHA256

    94e6c2037598e41f66f734e1e1e0934c1a167f5a9825d221dcc7c8dbdaaca6ff

  • SHA512

    6b5ded758418832c45c5c5273ddea5cc1a92c466a50289f9920b2d781f0de55199582ab4667e35155a592cd786f1498bf8c8199bf59212c13ae4ae6cee646139

  • SSDEEP

    786432:7gF2TX5HO7SWzCzw2HjIDuaMivz67rEhebp02lUrSRPTz+:G2TX5O79Wz9w2IzfAb0rSRP2

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\DCRat by C3lestial.fun.rar"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\DCRat by C3lestial.fun.rar"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3168
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4940

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads