dcrat | 759d8cc4f58b382d5e17a9744bc7b86781dd58704af341bcc9e7e859a81303fe

Analysis

max time kernel
91s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 21:43

Target

80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe
Size

2.0MB
MD5

80d60545521be47b95c73a6779ef90e0
SHA1

b34fb298ad999c5f59cda130e84ff947f13cb052
SHA256

759d8cc4f58b382d5e17a9744bc7b86781dd58704af341bcc9e7e859a81303fe
SHA512

500f3cd1a907378fb08889ea5ac42dc044f471f230fe604fad6534c0b718a943c38ad1e05f13dae01430fee9b0ba00657dedca5ee24b638629753255ee0d66cb
SSDEEP

49152:zrYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:zdxVJC9UqRzsu+8N

Score

10^/10

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
behavioral2/memory/2732-1-0x00000000002C0000-0x00000000004CA000-memory.dmp	dcrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2732	80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\80d60545521be47b95c73a6779ef90e0NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2732

memory/2732-0-0x00007FFE4B143000-0x00007FFE4B145000-memory.dmp

Filesize
8KB

Download
memory/2732-1-0x00000000002C0000-0x00000000004CA000-memory.dmp

Filesize
2.0MB

Download
memory/2732-2-0x00007FFE4B140000-0x00007FFE4BC01000-memory.dmp

Filesize
10.8MB

Download
memory/2732-3-0x0000000002540000-0x000000000254E000-memory.dmp

Filesize
56KB

Download
memory/2732-4-0x0000000002550000-0x000000000255E000-memory.dmp

Filesize
56KB

Download
memory/2732-6-0x00007FFE4B140000-0x00007FFE4BC01000-memory.dmp

Filesize
10.8MB

Download