Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ee01d40501...89.exe

windows7-x64

10

ee01d40501...89.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    75s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/12/2024, 08:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889.exe

  • Size

    2.0MB

  • MD5

    6b88d4b6c995c360e2f2138faa231794

  • SHA1

    8feb9520e5ea882bc9d0db0fdd711c103f9f4a5b

  • SHA256

    ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889

  • SHA512

    22349bf4b9da2b3df508a9b65716b17a0383777f9a1e66e94355de1b46e1d19a743fba9b16285399eba37e46491af205c21bdf83adf439bc13308b33351c5592

  • SSDEEP

    49152:JQOavWHvEToeWC7ZdEWrsELqT/wcSNWbK1aha:JLTHvEToeWELTWwbx

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889.exe
    "C:\Users\Admin\AppData\Local\Temp\ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2616-0-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-1-0x0000000000D50000-0x0000000000F58000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-2-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2616-3-0x0000000000150000-0x000000000015E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-4-0x0000000000160000-0x000000000016E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-5-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.