metasploit | 32f5a91e7e7f6f4aa612e556857432ae478b7846096dde93e82cb94173477c39 | Triage

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 10:51

Sharing

Report Analysis Logs

General

Target

db614ad0dc792ff59940051142523290_NeikiAnalytics.dll
Size

20KB
MD5

db614ad0dc792ff59940051142523290
SHA1

aab90bf3896b59cde9dd7b840b803e1955b01a82
SHA256

32f5a91e7e7f6f4aa612e556857432ae478b7846096dde93e82cb94173477c39
SHA512

f097ab021ff2fb813309ce5e3410bb8aa3d895d66420f34051711265a8145118ee3e47b619b711fff0195f32eead7d547c4c6b44650b21255fd0bb297afe6bcb
SSDEEP

384:LGy6SckZA74a/aN/YJ6gWy3elSYZuP18celPSI:YSqkWMYiBX

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.83.136:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 2032 set thread context of 2312 2032 rundll32.exe rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2032 wrote to memory of 2312	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2312	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2312	2032	rundll32.exe	rundll32.exe
PID 2032 wrote to memory of 2312	2032	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db614ad0dc792ff59940051142523290_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\system32\rundll32.exe
rundll32.exe
2⤵
PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-2-0x000000006BAC0000-0x000000006BACE000-memory.dmp

Filesize
56KB

Download
memory/2312-0-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2312-3-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download