01cc2b1bca4a1a99bb6ae311ff222b788700913cb0ba765dbdee7f25160bf91a

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 06:47

Target

[CRACKED BY L1nc0In] NEW DCRat/DCRat/data/DCRBC.exe
Size

26KB
MD5

14a56e4b7bd40512b49d6f72086e8fc1
SHA1

d8c05adc75d739a56c63d6596d460304eb219cc6
SHA256

86c45fb7473e5c1df78b8cbb2003033c37b4cb01a677c1ef30ca1573e84ec692
SHA512

3d5c2010963694262dcb08337f80190630d890565a25610c33983268afad11b0882fb5c7a03b5e629560d3fd1b9b3856d4896f5a272c53928c1fd10924e3b3f8
SSDEEP

384:7P0jnfJQhdPTfmUi5YbS8ISIfKfLOI87oRehG6VBVHCHljIhzqb:4YdxccSHSjfLOIyoRet9iHWhzm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2112	2120	DCRBC.exe	31
PID 2120 wrote to memory of 2112	2120	DCRBC.exe	31
PID 2120 wrote to memory of 2112	2120	DCRBC.exe	31

C:\Users\Admin\AppData\Local\Temp\[CRACKED BY L1nc0In] NEW DCRat\DCRat\data\DCRBC.exe
"C:\Users\Admin\AppData\Local\Temp\[CRACKED BY L1nc0In] NEW DCRat\DCRat\data\DCRBC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2120 -s 528
  2⤵
  PID:2112

memory/2120-0-0x000007FEF5F33000-0x000007FEF5F34000-memory.dmp

Filesize
4KB

Download
memory/2120-1-0x0000000000C90000-0x0000000000C9C000-memory.dmp

Filesize
48KB

Download
memory/2120-2-0x000000001A8F0000-0x000000001AA0E000-memory.dmp

Filesize
1.1MB

Download