Overview

overview

10

Static

static

10

adjthjawdth.exe

windows7-x64

10

adjthjawdth.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adjthjawdth.exe

  • Size

    888KB

  • MD5

    28aaa8f0b29a96138fd597975a16c5d4

  • SHA1

    b0ea5394610d089ab5248631a4c0f6666f79ffcd

  • SHA256

    2516d63aa8aef58d6f0a4e330bd87209872b0ff21a17cff5201a2d4783c5bfab

  • SHA512

    7feafb633d698a96d81fae7069ebc2492caa253ade2106a645353096e7855e9cf33a69307f71f253ebbb5b957abab0de608860cc5efb7a2196720c269f8c231d

  • SSDEEP

    12288:wAl1WPQtkQNQ6yMs/Ua+iXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//qK4oV4g50:wwFp5yMs/UFEPLZj956t1

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adjthjawdth.exe
    "C:\Users\Admin\AppData\Local\Temp\adjthjawdth.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1948-0-0x000007FEF5143000-0x000007FEF5144000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1948-1-0x0000000000CD0000-0x0000000000DB4000-memory.dmp

    Filesize

    912KB

    Download

  • memory/1948-2-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-4-0x00000000009D0000-0x00000000009EC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1948-6-0x0000000000A80000-0x0000000000A98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1948-8-0x00000000009B0000-0x00000000009BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-9-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-11-0x00000000009C0000-0x00000000009CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1948-13-0x00000000009F0000-0x00000000009FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-15-0x0000000000AA0000-0x0000000000AAC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-17-0x0000000000AB0000-0x0000000000ABE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1948-19-0x0000000000AC0000-0x0000000000ACC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-20-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-22-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-21-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download