35.0.0 Citrine
IR
679101
CloudBasic
09:15:11
05/08/2022
DCwTjs2dTP.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
2ed2a1d6604afeaa681f4c66dcd84194
6134d837220afe9377cd78950c8aca43dde08d8c
2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
589C442FC7A0C70DCA927115A700D41E
66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31
2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
CCCAC476B9113FEE393FAAE046C51F0B
C234350AFAE80DA95858F154CF4839421C1C2C62
EE0601D893B6A6978040DCA0C315C7855E278DD1264DE7AF85B91CB2B4C33882
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DCwTjs2dTP.exe.log
true
CC144808DBAF00E03294347EADC8E779
A3434FC71BA82B7512C813840427C687ADDB5AEA
3FC7B9771439E777A8F8B8579DD499F3EB90859AD30EFD8A765F341403FC7101
C:\Users\user\AppData\Local\Temp\tmp53F0.tmp.bat
false
F02730A3503455275DA10EFB33B82C09
76322B42303DBB065740A423FB414CEF653671E5
09BE09339F9A333B4BA5580D3F6F6E9E928A5A13A1C6448631FAFB1AB0332D6D
C:\Users\user\AppData\Roaming\sihost.exe
true
2ED2A1D6604AFEAA681F4C66DCD84194
6134D837220AFE9377CD78950C8ACA43DDE08D8C
2A48FA5118BF1C97DE6A6B7B0A45BCC95BD678D54F31E2F2D003E5F3EA49C780
\Device\Null
false
3DD7DD37C304E70A7316FE43B69F421F
A3754CFC33E9CA729444A95E95BCB53384CB51E4
4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
182.186.88.126
techandro.giize.com
true
182.186.88.126
hsolic.duckdns.org
true
techandro.giize.com
true
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Machine Learning detection for sample
Yara detected Generic Downloader
Antivirus / Scanner detection for submitted sample
Yara detected DcRat
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Yara detected AsyncRAT
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules
Snort IDS alert for network traffic