Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6133ae6da2b0253736674baefbf9dfa0_NeikiAnalytics.exe
-
Size
1.0MB
-
Sample
240613-fxb1aavgqf
-
MD5
6133ae6da2b0253736674baefbf9dfa0
-
SHA1
e3c56c57e7fc62bd44e3eb639540641bbecee044
-
SHA256
69913edd520ca7d5c4d8bd7a7d8fb7c69cc91c3bf9f985622b5675984162a5e9
-
SHA512
27cd5887c82d0dbab338b07ba2e3ac43757b9c494d8cad2f60bd4e5eb4233c7b72a1ff8352d70892593ab5fc073fac16c7605ce5f4c9175a37d95a9df635710f
-
SSDEEP
12288:vubxAa9sUFxZ8oq7URPvyKBozWeL+vSgmtjJcDVrCTZSXlVB0mGEB0aNN/cPUeWl:w9sUFxZq7URPt6RL6nBrEZUjGE/L8YZ
Behavioral task
behavioral1
Sample
6133ae6da2b0253736674baefbf9dfa0_NeikiAnalytics.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
6133ae6da2b0253736674baefbf9dfa0_NeikiAnalytics.exe
-
Size
1.0MB
-
MD5
6133ae6da2b0253736674baefbf9dfa0
-
SHA1
e3c56c57e7fc62bd44e3eb639540641bbecee044
-
SHA256
69913edd520ca7d5c4d8bd7a7d8fb7c69cc91c3bf9f985622b5675984162a5e9
-
SHA512
27cd5887c82d0dbab338b07ba2e3ac43757b9c494d8cad2f60bd4e5eb4233c7b72a1ff8352d70892593ab5fc073fac16c7605ce5f4c9175a37d95a9df635710f
-
SSDEEP
12288:vubxAa9sUFxZ8oq7URPvyKBozWeL+vSgmtjJcDVrCTZSXlVB0mGEB0aNN/cPUeWl:w9sUFxZq7URPt6RL6nBrEZUjGE/L8YZ
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1