Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 02:49

General

  • Target

    696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    696a08079812bf0e8e1d7291f7a19770

  • SHA1

    b0a673cae6ebc90ce2b7be954bb2cb2756ae7656

  • SHA256

    2ee02e61d3ec04833143d220633dfa97a01819314f7ce157ff20efd90c2fb0f0

  • SHA512

    15de2614e57d7a7ba7b247b3bdbbb2a84a008939b9aea19280edcd960a8f08450f849ffea2284312b22a29c706f0dce12fc13cd5d5e41263db64b7f1a3f2473f

  • SSDEEP

    49152:zrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:zdxVJC9UqRzsu+8N

Score
10/10

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2080-0-0x000007FEF5573000-0x000007FEF5574000-memory.dmp

    Filesize

    4KB

  • memory/2080-1-0x0000000000A00000-0x0000000000C0A000-memory.dmp

    Filesize

    2.0MB

  • memory/2080-2-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

    Filesize

    9.9MB

  • memory/2080-3-0x00000000003D0000-0x00000000003DE000-memory.dmp

    Filesize

    56KB

  • memory/2080-4-0x00000000003E0000-0x00000000003EE000-memory.dmp

    Filesize

    56KB

  • memory/2080-5-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

    Filesize

    9.9MB