Overview

overview

10

Static

static

10

baedawdgh.exe

windows10-2004-x64

7

gdwadtyjuesfshas.exe

windows10-2004-x64

5

gweadtrgh.exe

windows10-2004-x64

8

hjgesadfseawd.exe

windows10-2004-x64

10

kisloyat.exe

windows10-2004-x64

10

kisteruop.exe

windows10-2004-x64

10

pothjmawdtrg.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hjgesadfseawd.exe

  • Size

    889KB

  • MD5

    ef75329efa1fa3cff64a2249e8b59306

  • SHA1

    90db5c089347c52e7aeddbe97a652b0dc622b840

  • SHA256

    6024771adfff13a50785d4bca819c583db42a5671d86bc6ac517c3620d931259

  • SHA512

    73cf385ce56147f4c7862ef90cda59c947408dc0bf82c9d0c4b503bb53266d62763c79759235ee20e07b6e36cb50c123facab185d099e397daf0574eb586302f

  • SSDEEP

    12288:kzw1NV5Il51mx6vEiss/VRqyAk9wiXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//q:kc8Xh/VAyAksEPLZj9H6t1

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hjgesadfseawd.exe
    "C:\Users\Admin\AppData\Local\Temp\hjgesadfseawd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2616-0-0x00007FFA5E943000-0x00007FFA5E945000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2616-1-0x0000000000C40000-0x0000000000D24000-memory.dmp

    Filesize

    912KB

    Download

  • memory/2616-2-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2616-4-0x0000000002DA0000-0x0000000002DBC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2616-5-0x0000000002EA0000-0x0000000002EF0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2616-7-0x0000000002DC0000-0x0000000002DD8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2616-10-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2616-9-0x0000000002D90000-0x0000000002D9C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2616-12-0x0000000002DE0000-0x0000000002DEE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-18-0x0000000002E60000-0x0000000002E6E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-16-0x0000000002E10000-0x0000000002E1C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2616-20-0x0000000002E70000-0x0000000002E7C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2616-21-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2616-14-0x0000000002E00000-0x0000000002E0C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2616-23-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

    Filesize

    10.8MB

    Download