Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 17:51
Static task
static1
Behavioral task
behavioral1
Sample
DCRat by C3lestial.fun.rar
Resource
win7-20240611-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
DCRat by C3lestial.fun.rar
Resource
win10v2004-20240508-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
DCRat by C3lestial.fun.rar
-
Size
33.5MB
-
MD5
3112a622ece7c44b53c87e949af1ddd5
-
SHA1
a770bef606f2ca9927a9500c20bdbf77cc0fc820
-
SHA256
94e6c2037598e41f66f734e1e1e0934c1a167f5a9825d221dcc7c8dbdaaca6ff
-
SHA512
6b5ded758418832c45c5c5273ddea5cc1a92c466a50289f9920b2d781f0de55199582ab4667e35155a592cd786f1498bf8c8199bf59212c13ae4ae6cee646139
-
SSDEEP
786432:7gF2TX5HO7SWzCzw2HjIDuaMivz67rEhebp02lUrSRPTz+:G2TX5O79Wz9w2IzfAb0rSRP2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2764 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1176 wrote to memory of 2764 1176 cmd.exe 29 PID 1176 wrote to memory of 2764 1176 cmd.exe 29 PID 1176 wrote to memory of 2764 1176 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\DCRat by C3lestial.fun.rar"1⤵
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\DCRat by C3lestial.fun.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2764
-