Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16-05-2024 10:51
Behavioral task
behavioral1
Sample
db614ad0dc792ff59940051142523290_NeikiAnalytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
db614ad0dc792ff59940051142523290_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
db614ad0dc792ff59940051142523290_NeikiAnalytics.dll
-
Size
20KB
-
MD5
db614ad0dc792ff59940051142523290
-
SHA1
aab90bf3896b59cde9dd7b840b803e1955b01a82
-
SHA256
32f5a91e7e7f6f4aa612e556857432ae478b7846096dde93e82cb94173477c39
-
SHA512
f097ab021ff2fb813309ce5e3410bb8aa3d895d66420f34051711265a8145118ee3e47b619b711fff0195f32eead7d547c4c6b44650b21255fd0bb297afe6bcb
-
SSDEEP
384:LGy6SckZA74a/aN/YJ6gWy3elSYZuP18celPSI:YSqkWMYiBX
Malware Config
Extracted
metasploit
metasploit_stager
192.168.83.136:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 2032 set thread context of 2312 2032 rundll32.exe rundll32.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
rundll32.exedescription pid process target process PID 2032 wrote to memory of 2312 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2312 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2312 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2312 2032 rundll32.exe rundll32.exe