Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 13:25
Behavioral task
behavioral1
Sample
d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe
-
Size
2.0MB
-
MD5
d40fdca8aca5de8dca5e995a57bd9810
-
SHA1
1b84a5913a43ca4fded041d1f0d03541c43f19a0
-
SHA256
0f08c6e5d88e82984dccfb934c8d545e7c3aa86c911e4811b3e64fe31a369f84
-
SHA512
b2b845f4281714ba53740239a4b9494e617b919002d02b7b667af19fe08920543947f1faf260995eca554dde9f658e41754e66ad7cb38075619117d3e1c5da6c
-
SSDEEP
49152:RrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:RdxVJC9UqRzsu+8N
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral2/memory/1572-1-0x0000000000280000-0x000000000048A000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exedescription pid process Token: SeDebugPrivilege 1572 d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe