Resubmissions

19-06-2024 17:51

240619-wfeb3szfml 3

12-06-2024 19:27

240612-x6k3zs1bnn 10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 17:51

General

  • Target

    DCRat by C3lestial.fun.rar

  • Size

    33.5MB

  • MD5

    3112a622ece7c44b53c87e949af1ddd5

  • SHA1

    a770bef606f2ca9927a9500c20bdbf77cc0fc820

  • SHA256

    94e6c2037598e41f66f734e1e1e0934c1a167f5a9825d221dcc7c8dbdaaca6ff

  • SHA512

    6b5ded758418832c45c5c5273ddea5cc1a92c466a50289f9920b2d781f0de55199582ab4667e35155a592cd786f1498bf8c8199bf59212c13ae4ae6cee646139

  • SSDEEP

    786432:7gF2TX5HO7SWzCzw2HjIDuaMivz67rEhebp02lUrSRPTz+:G2TX5O79Wz9w2IzfAb0rSRP2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\DCRat by C3lestial.fun.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\DCRat by C3lestial.fun.rar
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads