Overview

overview

10

Static

static

3

firsgenec.exe

windows7-x64

10

firsgenec.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    firsgenec.exe

  • Size

    515KB

  • MD5

    6396fe13c841f397d73a0c43e8e2aa0b

  • SHA1

    60927461048042ad76a48b5011b183b54f42b603

  • SHA256

    f24d7ab716eba0c20be61f486f7b87ea4b50bfa51768a4cb0f5ab533d870b21b

  • SHA512

    658498479e1cad3052371ae6c16751716678f813cf44761a6b46b3af62b8ee98f4b6bb871bb5d52aa2db03eb3c0c85f85186656f929f11ce09f7f72c1f40dc59

  • SSDEEP

    6144:zP6Rv7Lc8O4QwmaYP6pmD0oRS69MDTVH4XsfSe0sBF0SWQDlxot9k2yfH4z4n4k7:SA4r1O6owoRS6ITV1fKIWQDAsTn4kFR

Score
10/10
darkvisionrat

Malware Config

Extracted

Family

darkvision

C2

85.115.223.20

Signatures

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision
  • Darkvision family
    darkvision
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\firsgenec.exe
    "C:\Users\Admin\AppData\Local\Temp\firsgenec.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
      2⤵
        PID:2248

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2096-15-0x000007FEF6060000-0x000007FEF6A4C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2096-1-0x0000000000980000-0x0000000000A04000-memory.dmp

      Filesize

      528KB

      Download

    • memory/2096-2-0x000007FEF6060000-0x000007FEF6A4C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2096-0-0x000007FEF6063000-0x000007FEF6064000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2248-10-0x000007FFFFFDC000-0x000007FFFFFDD000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2248-14-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-16-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-12-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-6-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-9-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-8-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-7-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-5-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-4-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-3-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/2248-17-0x0000000140000000-0x000000014007A000-memory.dmp

      Filesize

      488KB

      Download