darkvision | 29e74d6e8389a64215bce21ea71c8d33f9303628c9b4a5b1420b6b05b9d0483e | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 16:13

Sharing

Report Analysis Logs

General

Target

STUB.exe
Size

276KB
MD5

d2f788785c16e3b73c1a3d9c0a5f7d11
SHA1

783165011e702e3882add5ae9932eee13c0fe4b2
SHA256

29e74d6e8389a64215bce21ea71c8d33f9303628c9b4a5b1420b6b05b9d0483e
SHA512

bd274bc3578efc4477e9914fb5678077959d62ba77bcc297dba7532725c561b66fff7ae71e6a1a57d7783c12dc9d47d66130559cd62c98f8c73cf5de6b03d975
SSDEEP

3072:rrDyh1bdjkWxF/1PVg88WRhgEr1yNhT2xE/3MW7o4+W95nBN3nF5Epr1R:uhhJDFgX3Er8PTAE/3JR5TnFa

Score

10^/10

darkvision rat

Malware Config

Signatures

DarkVision Rat
DarkVision Rat is a trojan written in C++.
rat darkvision
Darkvision family
darkvision

Executes dropped EXE 1 IoCs

pid	Process
1356	Z

Loads dropped DLL 1 IoCs

pid	Process
840	STUB.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
840	STUB.exe
840	STUB.exe
1356	Z
1356	Z

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	840	STUB.exe
Token: SeDebugPrivilege	1356	Z

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 1356	840	STUB.exe	29
PID 840 wrote to memory of 1356	840	STUB.exe	29
PID 840 wrote to memory of 1356	840	STUB.exe	29

C:\Users\Admin\AppData\Local\Temp\STUB.exe
"C:\Users\Admin\AppData\Local\Temp\STUB.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:840
- C:\ProgramData\Z\Z
  "C:\ProgramData\Z\Z" {E42BED59-BB92-47DA-ACFB-F46E12F84DC5}
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Z\Z

Filesize
276KB

MD5
d2f788785c16e3b73c1a3d9c0a5f7d11

SHA1
783165011e702e3882add5ae9932eee13c0fe4b2

SHA256
29e74d6e8389a64215bce21ea71c8d33f9303628c9b4a5b1420b6b05b9d0483e

SHA512
bd274bc3578efc4477e9914fb5678077959d62ba77bcc297dba7532725c561b66fff7ae71e6a1a57d7783c12dc9d47d66130559cd62c98f8c73cf5de6b03d975

Download Submit