Overview

overview

10

Static

static

10

adjthjawdth.exe

windows7-x64

10

adjthjawdth.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30/11/2024, 21:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adjthjawdth.exe

  • Size

    888KB

  • MD5

    28aaa8f0b29a96138fd597975a16c5d4

  • SHA1

    b0ea5394610d089ab5248631a4c0f6666f79ffcd

  • SHA256

    2516d63aa8aef58d6f0a4e330bd87209872b0ff21a17cff5201a2d4783c5bfab

  • SHA512

    7feafb633d698a96d81fae7069ebc2492caa253ade2106a645353096e7855e9cf33a69307f71f253ebbb5b957abab0de608860cc5efb7a2196720c269f8c231d

  • SSDEEP

    12288:wAl1WPQtkQNQ6yMs/Ua+iXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//qK4oV4g50:wwFp5yMs/UFEPLZj956t1

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adjthjawdth.exe
    "C:\Users\Admin\AppData\Local\Temp\adjthjawdth.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1948-0-0x000007FEF5143000-0x000007FEF5144000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1948-1-0x0000000000CD0000-0x0000000000DB4000-memory.dmp

    Filesize

    912KB

    Download

  • memory/1948-2-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-4-0x00000000009D0000-0x00000000009EC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1948-6-0x0000000000A80000-0x0000000000A98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1948-8-0x00000000009B0000-0x00000000009BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-9-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-11-0x00000000009C0000-0x00000000009CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1948-13-0x00000000009F0000-0x00000000009FC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-15-0x0000000000AA0000-0x0000000000AAC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-17-0x0000000000AB0000-0x0000000000ABE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1948-19-0x0000000000AC0000-0x0000000000ACC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1948-20-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-22-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1948-21-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.