Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07e331d8f4da07460446c4946b7e1290_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240516-wm1hwsha79

  • MD5

    07e331d8f4da07460446c4946b7e1290

  • SHA1

    236d4ec1debe9ff37d1b1612e2c6efc54f7900a8

  • SHA256

    f0b7658d97ad3263b4373978e5b90674a08f57bd245fad82fb0ad2b883d75292

  • SHA512

    49c1ee8bf1f5395bae30acfbc026d823bc5d02d2413755de768bd235121d5f992c5971e0479610c48f0d1593c0301ad713fb5cd2a75396e978acd87bd892730f

  • SSDEEP

    49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq

Malware Config

Targets

    • Target

      07e331d8f4da07460446c4946b7e1290_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      07e331d8f4da07460446c4946b7e1290

    • SHA1

      236d4ec1debe9ff37d1b1612e2c6efc54f7900a8

    • SHA256

      f0b7658d97ad3263b4373978e5b90674a08f57bd245fad82fb0ad2b883d75292

    • SHA512

      49c1ee8bf1f5395bae30acfbc026d823bc5d02d2413755de768bd235121d5f992c5971e0479610c48f0d1593c0301ad713fb5cd2a75396e978acd87bd892730f

    • SSDEEP

      49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.