Overview
overview
7Static
static
3newdcnyash/DCRat.exe
windows11-21h2-x64
6newdcnyash...xa.dll
windows11-21h2-x64
3newdcnyash...BC.exe
windows11-21h2-x64
1newdcnyash...BT.exe
windows11-21h2-x64
1newdcnyash...LC.exe
windows11-21h2-x64
1newdcnyash...lt.exe
windows11-21h2-x64
1newdcnyash...C3.dll
windows11-21h2-x64
3newdcnyash...xt.dll
windows11-21h2-x64
3newdcnyash...64.dll
windows11-21h2-x64
3newdcnyash...on.exe
windows11-21h2-x64
1newdcnyash...ip.exe
windows11-21h2-x64
1newdcnyash...ib.dll
windows11-21h2-x64
1newdcnyash...le.exe
windows11-21h2-x64
7newdcnyash...or.exe
windows11-21h2-x64
7newdcnyash...nc.vbe
windows11-21h2-x64
1newdcnyash...ss.exe
windows11-21h2-x64
1newdcnyash...ar.exe
windows11-21h2-x64
3newdcnyash...ar.exe
windows11-21h2-x64
5newdcnyash...ce.exe
windows11-21h2-x64
7newdcnyash...lI.jar
windows11-21h2-x64
1newdcnyash...II.jar
windows11-21h2-x64
1newdcnyash...Il.jar
windows11-21h2-x64
1newdcnyash...II.jar
windows11-21h2-x64
1newdcnyash...II.jar
windows11-21h2-x64
1newdcnyash...ll.jar
windows11-21h2-x64
7newdcnyash...ll.jar
windows11-21h2-x64
1newdcnyash...ll.jar
windows11-21h2-x64
1newdcnyash...lI.jar
windows11-21h2-x64
1newdcnyash...lI.jar
windows11-21h2-x64
1newdcnyash...ll.jar
windows11-21h2-x64
1newdcnyash...II.jar
windows11-21h2-x64
1newdcnyash...er.bat
windows11-21h2-x64
7Analysis
-
max time kernel
14s -
max time network
29s -
platform
windows11-21h2_x64 -
resource
win11-20240704-en -
resource tags
arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system -
submitted
05-07-2024 04:32
Static task
static1
Behavioral task
behavioral1
Sample
newdcnyash/DCRat.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
newdcnyash/data/7zxa.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
newdcnyash/data/DCRBC.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
newdcnyash/data/DCRBT.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
newdcnyash/data/DCRLC.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
newdcnyash/data/Default.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
newdcnyash/data/NCC3.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
newdcnyash/data/RarExt.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
newdcnyash/data/RarExt64.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
newdcnyash/data/WinCon.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
newdcnyash/data/Zip.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
newdcnyash/data/dnlib.dll
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
newdcnyash/data/dotNET_Reactor.Console.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
newdcnyash/data/dotNET_Reactor.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
newdcnyash/data/enc.vbe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
newdcnyash/data/mpress.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
newdcnyash/data/rar.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
newdcnyash/data/wrar.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
newdcnyash/dcrat_updservice.exe
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
newdcnyash/lib/IIlIllIIlIllllIIIlIIlllIIIIIlIlllIIIIllllllIlIIlllIlIlIlllIIIlIIllIIIIlIllIlIlIlIlIlI.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
newdcnyash/lib/IIllIIIIIlIlIIlIIIllIllllIIIlllIIIlIlIIlIlIllllIIlIIllIlIlIllIIIIIlIlllllllIIIIlIIlII.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
newdcnyash/lib/IlIIIIllIIIIIIIIIllIlIllIIIlIIllIIlIIllIIlIlIIIIIIIIIIlllIIlIllIIIlIlIllIllIlIlIlIlIl.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
newdcnyash/lib/IlIlIIIIIIlIIIIIIllIlIIlIllIllIlIIIlIllllIlIlllIIlIIllIllIIlIlllIIIllllIlIllIIIIIIIII.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
newdcnyash/lib/IllIIIIIIIlllIIIlIlIllIIIIIllIllIlIIlIllIlIIlIllIIlIlIlIlllllllIIlllllllIIlIIIlIlIlII.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
newdcnyash/lib/IllIIIIIIlIIIIIlIllIIIIlIlIIIIlIIllIIllIIlIlllIlIlIlIIIlllllIlllIllIIIlllllIlIlIlIlll.jar
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
newdcnyash/lib/IlllIIlllllIIllIIIlIIlIlIlIllllIlllIllllIIIIIlIllIIIIllIIlllIllIlIlIlIIIIllIllIIlllll.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
newdcnyash/lib/lIIIIIIllIllllllIIlllIlIIIIlIIllllIIIIIIIIllIIIIIlIIIIIIIlllIIIIIIlIIIlIlIlIlIlIllIll.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
newdcnyash/lib/lIIlIIlllIIIIIIlllIllIIIlIlIllIlllIlIllIllllIllIIIlIlIIIlIllIllIIlllIlllllIIIlIIlIIlI.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
newdcnyash/lib/lIlllIIlIIlllIIllIIIlIIIIIlIlIlIIIIlIllIIlllIlllIllIlllIlIlIlllIIllIIllIIIlIllIIIlllI.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
newdcnyash/lib/llIlIlIIlllIllIlllIlIIIlIIIIlllIIIllIllllIIIIIIIIlllIlIIlllIIllIIllIlIIIllIIIIlIIlIll.jar
Resource
win11-20240704-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
newdcnyash/lib/llIlIllIllIllIlIlllIlllIIIllllllIlIIlIllIlIlIlllIllIIIIIlllIIlIIlIllllIIIlllIllIIlIII.jar
Resource
win11-20240704-en
windows11-21h2-x64
General
-
Target
newdcnyash/data/wrar.exe
-
Size
2.4MB
-
MD5
719e61c6e73b9bd856414664366fa049
-
SHA1
adcc056a20418517c2ac6d51579b5ab145180443
-
SHA256
14f3322fa4e6fce0a30f01bd53dac40f8f8d48991480de2bedd8c4ab6e2fa477
-
SHA512
9176b85e9f246b9e4060dda5d5383205dfc4eab73cc5fd2e4cc384d740c1b1b31284260015737e757577683b274a5ebf85df684d6896d62acaffce15ea3d4593
-
SSDEEP
49152:sKi8CSRyIo1eshtx6z3GZ9amzNQeyUHBdH3txTs9:sKH1RyFeiTyGZ9fKe9Bp9xk
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association 2 TTPs 4 IoCs
Processes:
wrar.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ wrar.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2652 2996 WerFault.exe wrar.exe -
Modifies registry class 64 IoCs
Processes:
wrar.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\WinRAR.exe\" \"%1\"" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rev wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\rarext.dll" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\rarext64.dll" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\WinRAR.exe\" \"%1\"" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32 wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32 wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32 wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\WinRAR.exe,0" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\WinRAR.exe\" \"%1\"" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\WinRAR.exe,0" wrar.exe Key created \REGISTRY\USER\S-1-5-21-3590242114-4229536887-1276274119-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ = "WinRAR" wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive" wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command wrar.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open wrar.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\newdcnyash\\data\\WinRAR.exe,1" wrar.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
wrar.exepid process 2996 wrar.exe 2996 wrar.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\newdcnyash\data\wrar.exe"C:\Users\Admin\AppData\Local\Temp\newdcnyash\data\wrar.exe"1⤵
- Modifies system executable filetype association
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 31762⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2996 -ip 29961⤵