metasploit | c2e5bb25c659064f941ca957a01cd638d837fb9782ad8c8874a1fa6a36e04755

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 12:27

Target

e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe
Size

72KB
MD5

e042dd6965e0bf739eff4c58fbeae5f0
SHA1

ccf143783c12de9dbe2759b388dee5b08ac66dec
SHA256

c2e5bb25c659064f941ca957a01cd638d837fb9782ad8c8874a1fa6a36e04755
SHA512

d5adc2b3f407c7f6eaaa1ec7f4f8bf00dd4613ff000821c8935d669068884fbb020e52c2489f8f07f9a1142e028d450e9e00f06b8943eb21e4c510b9b0378714
SSDEEP

1536:ILTYdVOXoF5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4F4i+Ge0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe

description	pid	process	target process
PID 2040 wrote to memory of 3016	2040	e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe	cmd.exe
PID 2040 wrote to memory of 3016	2040	e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe	cmd.exe
PID 2040 wrote to memory of 3016	2040	e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe	cmd.exe
PID 2040 wrote to memory of 3016	2040	e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e042dd6965e0bf739eff4c58fbeae5f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C echo 'OS{21c7003b81dd65d032e7fd6f54287d3e}'
2⤵
PID:3016

memory/2040-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download