Overview

overview

10

Static

static

10

hjgesadfseawd.exe

windows7-x64

10

hjgesadfseawd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 21:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hjgesadfseawd.exe

  • Size

    889KB

  • MD5

    ef75329efa1fa3cff64a2249e8b59306

  • SHA1

    90db5c089347c52e7aeddbe97a652b0dc622b840

  • SHA256

    6024771adfff13a50785d4bca819c583db42a5671d86bc6ac517c3620d931259

  • SHA512

    73cf385ce56147f4c7862ef90cda59c947408dc0bf82c9d0c4b503bb53266d62763c79759235ee20e07b6e36cb50c123facab185d099e397daf0574eb586302f

  • SSDEEP

    12288:kzw1NV5Il51mx6vEiss/VRqyAk9wiXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//q:kc8Xh/VAyAksEPLZj9H6t1

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hjgesadfseawd.exe
    "C:\Users\Admin\AppData\Local\Temp\hjgesadfseawd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1544-0-0x00007FFE2E223000-0x00007FFE2E225000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1544-1-0x0000000000930000-0x0000000000A14000-memory.dmp

    Filesize

    912KB

    Download

  • memory/1544-2-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1544-4-0x0000000002BC0000-0x0000000002BDC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1544-5-0x000000001B640000-0x000000001B690000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1544-8-0x0000000002BE0000-0x0000000002BF8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1544-6-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1544-10-0x0000000002A80000-0x0000000002A8C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1544-12-0x0000000002AA0000-0x0000000002AAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1544-15-0x0000000002C00000-0x0000000002C0C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1544-13-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1544-17-0x000000001B5F0000-0x000000001B5FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1544-19-0x000000001B690000-0x000000001B69E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1544-21-0x000000001B6A0000-0x000000001B6AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1544-23-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1544-24-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

    Filesize

    10.8MB

    Download