Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 02:49

General

  • Target

    696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    696a08079812bf0e8e1d7291f7a19770

  • SHA1

    b0a673cae6ebc90ce2b7be954bb2cb2756ae7656

  • SHA256

    2ee02e61d3ec04833143d220633dfa97a01819314f7ce157ff20efd90c2fb0f0

  • SHA512

    15de2614e57d7a7ba7b247b3bdbbb2a84a008939b9aea19280edcd960a8f08450f849ffea2284312b22a29c706f0dce12fc13cd5d5e41263db64b7f1a3f2473f

  • SSDEEP

    49152:zrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:zdxVJC9UqRzsu+8N

Score
10/10

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\696a08079812bf0e8e1d7291f7a19770_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4788-0-0x00007FFFEF2C3000-0x00007FFFEF2C5000-memory.dmp

    Filesize

    8KB

  • memory/4788-1-0x0000000000900000-0x0000000000B0A000-memory.dmp

    Filesize

    2.0MB

  • memory/4788-2-0x00007FFFEF2C0000-0x00007FFFEFD81000-memory.dmp

    Filesize

    10.8MB

  • memory/4788-3-0x0000000002B80000-0x0000000002B8E000-memory.dmp

    Filesize

    56KB

  • memory/4788-4-0x0000000002B90000-0x0000000002B9E000-memory.dmp

    Filesize

    56KB

  • memory/4788-6-0x00007FFFEF2C0000-0x00007FFFEFD81000-memory.dmp

    Filesize

    10.8MB