Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
48fac557f8d1f09daf97b2e433fb27c0NeikiAnalytics.exe
-
Size
1.1MB
-
Sample
240529-he8yeaee49
-
MD5
48fac557f8d1f09daf97b2e433fb27c0
-
SHA1
b311cbdf022aee4f23e939667004f437a1d58cbe
-
SHA256
517fd556114cb8281cea66eea54753fb04e219bfe86aa07e06917501aa3071be
-
SHA512
b6eb7022904ccfd6c5efa37fd81897a2a1311f5e5e57f110ff49180f9d2835a508b9e7975eb6ce84284f91bf8ea6fd198ede0593271f81f2ea128ac911c30c1a
-
SSDEEP
12288:El+4Tcyct/JWT7yckBlepmbMsBXYHOWyAh5+djVyKDGpiRe7FaS+ug82qGeJ3btU:Zyc5JWackYm7dZ1Oq2nn2qPJ3btV3+f
Malware Config
Targets
-
-
Target
48fac557f8d1f09daf97b2e433fb27c0NeikiAnalytics.exe
-
Size
1.1MB
-
MD5
48fac557f8d1f09daf97b2e433fb27c0
-
SHA1
b311cbdf022aee4f23e939667004f437a1d58cbe
-
SHA256
517fd556114cb8281cea66eea54753fb04e219bfe86aa07e06917501aa3071be
-
SHA512
b6eb7022904ccfd6c5efa37fd81897a2a1311f5e5e57f110ff49180f9d2835a508b9e7975eb6ce84284f91bf8ea6fd198ede0593271f81f2ea128ac911c30c1a
-
SSDEEP
12288:El+4Tcyct/JWT7yckBlepmbMsBXYHOWyAh5+djVyKDGpiRe7FaS+ug82qGeJ3btU:Zyc5JWackYm7dZ1Oq2nn2qPJ3btV3+f
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1