Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10InstalIеr...vg.dll
windows7-x64
1InstalIеr...vg.dll
windows10-2004-x64
1InstalIеr...sg.dll
windows7-x64
1InstalIеr...sg.dll
windows10-2004-x64
1InstalIеr...kc.dll
windows7-x64
1InstalIеr...kc.dll
windows10-2004-x64
1InstalIеr...18.exe
windows7-x64
8InstalIеr...18.exe
windows10-2004-x64
10InstalIеr...ws.dll
windows7-x64
1InstalIеr...ws.dll
windows10-2004-x64
1InstalIеr...le.dll
windows7-x64
1InstalIеr...le.dll
windows10-2004-x64
1TT18.exe
windows7-x64
8TT18.exe
windows10-2004-x64
10TTDesktop18.exe
windows7-x64
8TTDesktop18.exe
windows10-2004-x64
10TikTokDesktop18.exe
windows7-x64
8TikTokDesktop18.exe
windows10-2004-x64
10adjthjawdth.exe
windows7-x64
10adjthjawdth.exe
windows10-2004-x64
10bxftjhksaef.exe
windows7-x64
10bxftjhksaef.exe
windows10-2004-x64
10cli.exe
windows7-x64
3cli.exe
windows10-2004-x64
3dujkgsf.exe
windows7-x64
3dujkgsf.exe
windows10-2004-x64
5fdaerghawd.exe
windows7-x64
7fdaerghawd.exe
windows10-2004-x64
7fkydjyhjadg.exe
windows7-x64
10fkydjyhjadg.exe
windows10-2004-x64
10fsyjawdr.exe
windows7-x64
10fsyjawdr.exe
windows10-2004-x64
10Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30/11/2024, 21:21
Static task
static1
Behavioral task
behavioral1
Sample
InstalIеr-x86/Qts5Svg.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
InstalIеr-x86/Qts5Svg.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
InstalIеr-x86/SbieMsg.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
InstalIеr-x86/SbieMsg.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
InstalIеr-x86/SbieShelIPkc.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
InstalIеr-x86/SbieShelIPkc.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
InstalIеr-x86/TTDesktop18.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
InstalIеr-x86/TTDesktop18.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
InstalIеr-x86/cfg/platforms/qwindows.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral10
Sample
InstalIеr-x86/cfg/platforms/qwindows.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
InstalIеr-x86/cfg/styles/qwindowsvistastyle.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral12
Sample
InstalIеr-x86/cfg/styles/qwindowsvistastyle.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
TT18.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
TT18.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
TTDesktop18.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
TTDesktop18.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
TikTokDesktop18.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
TikTokDesktop18.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
adjthjawdth.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
adjthjawdth.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
bxftjhksaef.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
bxftjhksaef.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
cli.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
cli.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
dujkgsf.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
dujkgsf.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
fdaerghawd.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
fdaerghawd.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
fkydjyhjadg.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
fkydjyhjadg.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
fsyjawdr.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
adjthjawdth.exe
-
Size
888KB
-
MD5
28aaa8f0b29a96138fd597975a16c5d4
-
SHA1
b0ea5394610d089ab5248631a4c0f6666f79ffcd
-
SHA256
2516d63aa8aef58d6f0a4e330bd87209872b0ff21a17cff5201a2d4783c5bfab
-
SHA512
7feafb633d698a96d81fae7069ebc2492caa253ade2106a645353096e7855e9cf33a69307f71f253ebbb5b957abab0de608860cc5efb7a2196720c269f8c231d
-
SSDEEP
12288:wAl1WPQtkQNQ6yMs/Ua+iXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//qK4oV4g50:wwFp5yMs/UFEPLZj956t1
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
DCRat payload 1 IoCs
resource yara_rule behavioral19/memory/2184-1-0x0000000000F40000-0x0000000001024000-memory.dmp family_dcrat_v2 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe 2184 adjthjawdth.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2184 adjthjawdth.exe