Overview

overview

10

Static

static

10

ee01d40501...89.exe

windows7-x64

10

ee01d40501...89.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    75s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889.exe

  • Size

    2.0MB

  • MD5

    6b88d4b6c995c360e2f2138faa231794

  • SHA1

    8feb9520e5ea882bc9d0db0fdd711c103f9f4a5b

  • SHA256

    ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889

  • SHA512

    22349bf4b9da2b3df508a9b65716b17a0383777f9a1e66e94355de1b46e1d19a743fba9b16285399eba37e46491af205c21bdf83adf439bc13308b33351c5592

  • SSDEEP

    49152:JQOavWHvEToeWC7ZdEWrsELqT/wcSNWbK1aha:JLTHvEToeWELTWwbx

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889.exe
    "C:\Users\Admin\AppData\Local\Temp\ee01d40501dd3b612d3e65ceca0c0180175f42596df1cc37d35abae9bc816889.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2616-0-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2616-1-0x0000000000D50000-0x0000000000F58000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-2-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2616-3-0x0000000000150000-0x000000000015E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-4-0x0000000000160000-0x000000000016E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-5-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

    Filesize

    9.9MB

    Download