Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-01-2025 16:59
Behavioral task
behavioral1
Sample
ff10a8686f000a107026bf58d56c5534e432ad7133f6dfb48c96552215612a18N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ff10a8686f000a107026bf58d56c5534e432ad7133f6dfb48c96552215612a18N.exe
Resource
win10v2004-20241007-en
General
-
Target
ff10a8686f000a107026bf58d56c5534e432ad7133f6dfb48c96552215612a18N.exe
-
Size
2.0MB
-
MD5
a66b3ee0cfb0281ec2b61546a98241d0
-
SHA1
ad3a9b0f3fa1674ad800ec167ac29205abbaf1e2
-
SHA256
ff10a8686f000a107026bf58d56c5534e432ad7133f6dfb48c96552215612a18
-
SHA512
a28dbba44a658507d4fbae9a78c6e61e17f860064eb93705cb8b4b5834fe7e69e025bdb8fb9b56dbcd9c469d5e20dd7b629d82b988470a48a4e896900f7be421
-
SSDEEP
49152:brYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:bdxVJC9UqRzsu+8N
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
resource yara_rule behavioral2/memory/536-1-0x00000000006F0000-0x00000000008FA000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 536 ff10a8686f000a107026bf58d56c5534e432ad7133f6dfb48c96552215612a18N.exe