Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 13:25

General

  • Target

    d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    d40fdca8aca5de8dca5e995a57bd9810

  • SHA1

    1b84a5913a43ca4fded041d1f0d03541c43f19a0

  • SHA256

    0f08c6e5d88e82984dccfb934c8d545e7c3aa86c911e4811b3e64fe31a369f84

  • SHA512

    b2b845f4281714ba53740239a4b9494e617b919002d02b7b667af19fe08920543947f1faf260995eca554dde9f658e41754e66ad7cb38075619117d3e1c5da6c

  • SSDEEP

    49152:RrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:RdxVJC9UqRzsu+8N

Score
10/10

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2136-0-0x000007FEF5783000-0x000007FEF5784000-memory.dmp

    Filesize

    4KB

  • memory/2136-1-0x0000000000370000-0x000000000057A000-memory.dmp

    Filesize

    2.0MB

  • memory/2136-2-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB

  • memory/2136-3-0x0000000000240000-0x000000000024E000-memory.dmp

    Filesize

    56KB

  • memory/2136-4-0x0000000000250000-0x000000000025E000-memory.dmp

    Filesize

    56KB

  • memory/2136-5-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB