Overview

overview

10

Static

static

10

adjthjawdth.exe

windows7-x64

10

adjthjawdth.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adjthjawdth.exe

  • Size

    888KB

  • MD5

    28aaa8f0b29a96138fd597975a16c5d4

  • SHA1

    b0ea5394610d089ab5248631a4c0f6666f79ffcd

  • SHA256

    2516d63aa8aef58d6f0a4e330bd87209872b0ff21a17cff5201a2d4783c5bfab

  • SHA512

    7feafb633d698a96d81fae7069ebc2492caa253ade2106a645353096e7855e9cf33a69307f71f253ebbb5b957abab0de608860cc5efb7a2196720c269f8c231d

  • SSDEEP

    12288:wAl1WPQtkQNQ6yMs/Ua+iXPrQfkXmm1RhdLB9XirkVknCBz9eQFZz//qK4oV4g50:wwFp5yMs/UFEPLZj956t1

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adjthjawdth.exe
    "C:\Users\Admin\AppData\Local\Temp\adjthjawdth.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3508-1-0x0000000000A80000-0x0000000000B64000-memory.dmp

    Filesize

    912KB

    Download

  • memory/3508-0-0x00007FFB82543000-0x00007FFB82545000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3508-2-0x00007FFB82540000-0x00007FFB83001000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3508-4-0x0000000001450000-0x000000000146C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3508-5-0x000000001B6B0000-0x000000001B700000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3508-8-0x00007FFB82540000-0x00007FFB83001000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3508-7-0x0000000001470000-0x0000000001488000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3508-12-0x0000000001330000-0x000000000133E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3508-10-0x0000000001320000-0x000000000132C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3508-14-0x0000000002D40000-0x0000000002D4C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3508-16-0x0000000002D50000-0x0000000002D5C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3508-18-0x0000000002D60000-0x0000000002D6E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3508-20-0x0000000002D70000-0x0000000002D7C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3508-22-0x00007FFB82540000-0x00007FFB83001000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3508-23-0x00007FFB82540000-0x00007FFB83001000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3508-24-0x00007FFB82540000-0x00007FFB83001000-memory.dmp

    Filesize

    10.8MB

    Download