Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-12-2024 23:27
Behavioral task
behavioral1
Sample
275855f571687a93791190c8b00d2c746db3c348a4d62f3c80f30a4b5378f199N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
275855f571687a93791190c8b00d2c746db3c348a4d62f3c80f30a4b5378f199N.exe
Resource
win10v2004-20241007-en
General
-
Target
275855f571687a93791190c8b00d2c746db3c348a4d62f3c80f30a4b5378f199N.exe
-
Size
2.0MB
-
MD5
2fab999f26b74dc8a47e6179e41b7f40
-
SHA1
57f899ea561636eff8830be7079fbc61895c3259
-
SHA256
275855f571687a93791190c8b00d2c746db3c348a4d62f3c80f30a4b5378f199
-
SHA512
3c1cead7dd69bc64607a4f0b6570146df654c7e263b2f8f24cc9ecb2f73125cbfba156e6a9cd126ceec544675333d8f5526f272b221985c01d379c1b99e7018d
-
SSDEEP
49152:5QOavWHvEToeWC7ZdEWrsELqT/wcSNWbK1ah:5LTHvEToeWELTWwb
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
resource yara_rule behavioral1/memory/2556-1-0x0000000000D30000-0x0000000000F38000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2556 275855f571687a93791190c8b00d2c746db3c348a4d62f3c80f30a4b5378f199N.exe