Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 13:25

General

  • Target

    d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    d40fdca8aca5de8dca5e995a57bd9810

  • SHA1

    1b84a5913a43ca4fded041d1f0d03541c43f19a0

  • SHA256

    0f08c6e5d88e82984dccfb934c8d545e7c3aa86c911e4811b3e64fe31a369f84

  • SHA512

    b2b845f4281714ba53740239a4b9494e617b919002d02b7b667af19fe08920543947f1faf260995eca554dde9f658e41754e66ad7cb38075619117d3e1c5da6c

  • SSDEEP

    49152:RrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:RdxVJC9UqRzsu+8N

Score
10/10

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d40fdca8aca5de8dca5e995a57bd9810_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1572-0-0x00007FFF0F373000-0x00007FFF0F375000-memory.dmp

    Filesize

    8KB

  • memory/1572-1-0x0000000000280000-0x000000000048A000-memory.dmp

    Filesize

    2.0MB

  • memory/1572-2-0x00007FFF0F370000-0x00007FFF0FE31000-memory.dmp

    Filesize

    10.8MB

  • memory/1572-3-0x00000000026A0000-0x00000000026AE000-memory.dmp

    Filesize

    56KB

  • memory/1572-4-0x000000001AFA0000-0x000000001AFAE000-memory.dmp

    Filesize

    56KB

  • memory/1572-6-0x00007FFF0F370000-0x00007FFF0FE31000-memory.dmp

    Filesize

    10.8MB