Analysis Overview
SHA256
55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb
Threat Level: Known bad
The file 55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
DCRat payload
Dcrat family
DcRat
DCRat payload
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-21 08:32
Signatures
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Dcrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 08:32
Reported
2024-06-21 08:35
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
DcRat
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe"
Network
Files
memory/2548-0-0x000007FEF53B3000-0x000007FEF53B4000-memory.dmp
memory/2548-1-0x0000000000E90000-0x0000000001140000-memory.dmp
memory/2548-2-0x000007FEF53B0000-0x000007FEF5D9C000-memory.dmp
memory/2548-3-0x00000000002D0000-0x00000000002DE000-memory.dmp
memory/2548-4-0x000007FEF53B0000-0x000007FEF5D9C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-21 08:32
Reported
2024-06-21 08:35
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
DcRat
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\55b3c40c1648bcddf9cbbe7d1fac76474d1f5859a60070e3d5da3b0ec0b1f8bb_NeikiAnalytics.exe"
Network
Files
memory/4684-0-0x00007FFA45923000-0x00007FFA45925000-memory.dmp
memory/4684-1-0x0000000000ED0000-0x0000000001180000-memory.dmp
memory/4684-2-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp
memory/4684-3-0x0000000001A40000-0x0000000001A4E000-memory.dmp
memory/4684-5-0x00007FFA45920000-0x00007FFA463E1000-memory.dmp