Analysis
-
max time kernel
131s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 02:49
Behavioral task
behavioral1
Sample
696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe
-
Size
2.0MB
-
MD5
696a08079812bf0e8e1d7291f7a19770
-
SHA1
b0a673cae6ebc90ce2b7be954bb2cb2756ae7656
-
SHA256
2ee02e61d3ec04833143d220633dfa97a01819314f7ce157ff20efd90c2fb0f0
-
SHA512
15de2614e57d7a7ba7b247b3bdbbb2a84a008939b9aea19280edcd960a8f08450f849ffea2284312b22a29c706f0dce12fc13cd5d5e41263db64b7f1a3f2473f
-
SSDEEP
49152:zrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:zdxVJC9UqRzsu+8N
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral2/memory/4788-1-0x0000000000900000-0x0000000000B0A000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exedescription pid process Token: SeDebugPrivilege 4788 696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe