Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
16-05-2024 15:39
Behavioral task
behavioral1
Sample
e3adfd762b4cf90617f75d60981dcc80_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
e3adfd762b4cf90617f75d60981dcc80_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
e3adfd762b4cf90617f75d60981dcc80_NeikiAnalytics.exe
-
Size
2.0MB
-
MD5
e3adfd762b4cf90617f75d60981dcc80
-
SHA1
ae03da8230f657eb52ac42a9ff3d796d4a6599d2
-
SHA256
043099266a76736634f33ccddd09d996058d547781eecaed36a4d23c633faf57
-
SHA512
dcc55c4d922827adde5529da508819ac31fd4b514e00a9ff398371fdc3587ce1a52db68f01e80f469ecabff22084d90b778d360843b752b796e6e18d0ec4a80f
-
SSDEEP
49152:TrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:TdxVJC9UqRzsu+8N
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Processes:
resource yara_rule behavioral1/memory/2940-1-0x00000000000E0000-0x00000000002EA000-memory.dmp dcrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e3adfd762b4cf90617f75d60981dcc80_NeikiAnalytics.exedescription pid process Token: SeDebugPrivilege 2940 e3adfd762b4cf90617f75d60981dcc80_NeikiAnalytics.exe