Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
17-05-2024 06:36
Behavioral task
behavioral1
Sample
c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
-
Size
6.0MB
-
MD5
c30741092945f21c04a10f98e9ed1620
-
SHA1
8435f33caa64e6527ea401d48268f45675743871
-
SHA256
5efea9d9fbd802c625eaa80939fd94c228b973d44d181ea8ab11f3d4ef42e90c
-
SHA512
5927f8eb04dc0baf5ceaef13594561a051d332a924ab6eeae097bc8b4072fc523fce868e7c47be9a354482e9e4e7c2a6aee523e7576ab631102c3d03cf38cdfc
-
SSDEEP
98304:lVzPib+sX1ZvbeAyJZ/dJolTlPNs2PKToa1FptF07TcXeZS7uiFpMndH2nkzwTVi:lVzPiCsXDjDyf/dJolpPgToa10/cOMFl
Malware Config
Extracted
metasploit
metasploit_stager
106.53.94.240:6000
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Loads dropped DLL 22 IoCs
Processes:
c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exepid process 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe 292 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exedescription pid process target process PID 2836 wrote to memory of 292 2836 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe PID 2836 wrote to memory of 292 2836 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe PID 2836 wrote to memory of 292 2836 c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe"2⤵
- Loads dropped DLL
PID:292
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\VCRUNTIME140.dllFilesize
93KB
MD54a365ffdbde27954e768358f4a4ce82e
SHA1a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA2566a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA51254e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\_ctypes.pydFilesize
124KB
MD5291a0a9b63bae00a4222a6df71a22023
SHA17a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-core-file-l1-2-0.dllFilesize
20KB
MD595fc810f959d96c61f6f9253127bff71
SHA18fc9c9734c403b0b84bc179959981aa091c17099
SHA2565fb473086e44333037e8d1caf6b8d28de65456dd857ae5b8b4e19c8ade503805
SHA512349cf1abe86cf719e3133dfeaac49653178c06749745263bb166ee05b3d68011d673027976869a5d6b2982f789e826867dd5436965a95d0a5165bea151db28a6
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-core-file-l2-1-0.dllFilesize
18KB
MD5bfffa7117fd9b1622c66d949bac3f1d7
SHA1402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA2561ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-core-localization-l1-2-0.dllFilesize
20KB
MD503a206acd8506a98e0739ce47e01b953
SHA1e31aadf5311edb2ec94a1ed6626530e113dfae4f
SHA25617c5b3baa666e84ee40672322bd7d7e358d245e1654bd002c4a3e69b6506d9f6
SHA512affffe086058ffea5bfe7b4cf6aca351ec85e314b3e8be5d47e3b9ca59c3460561a0c9ccba0f1464dc4586d6c9eb6595fb7515ca7b3347283162d9e8206688df
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-core-processthreads-l1-1-1.dllFilesize
20KB
MD5b27eeb752278d9b29bcb85b9e21dffce
SHA1cd4e423db7965af1977ccd9af15c6c57875fab7c
SHA2561a9353d63287fccea1c4c25477e53b0e7ab3486a041126889394095e72de2cfc
SHA51291c0edf007f28a62c291174bf8c8d16db8f9e250976994ca608186aec668d4febe9dccb5fd8cfecdaf6323eebb20652696223ab6e458938a9a26533585a3e4a8
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-core-timezone-l1-1-0.dllFilesize
20KB
MD5f1c33921470337eda023dee2bba77806
SHA1f5141609be944e521631cb9c8c81f809e6f0942a
SHA2567821beadeab01bb8ab3712b896b092786d85e7a220ef35149092db431895871b
SHA512d3131b9a011083b469ce05a3b4241e7b366ced42240ea429fbbe3770ee9073c532aee2fa8c206e6b579d26dbb838efd5ab84d4dfa8b4ed106bc9b42dc05c35e3
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-conio-l1-1-0.dllFilesize
20KB
MD51457e688256f800b81ddec93cc1395bd
SHA12c0c0223135e7df64ad2ba0140e0e35381241ed4
SHA25696704ffc2462b40b89c5a4e8c0bf12cb51d6f5a2d2032d348b205e72f86b9967
SHA512935a637b34ca530cebe1ab4ee54586797b7ffd93283deeaaebdadce14e910df4ecccfc1d10873f17495c4a42d7df72bbc1df56a7cde5644c6fc111c5c831ba24
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-convert-l1-1-0.dllFilesize
24KB
MD5864d71816eb5cca38e63403edde397c4
SHA1dae1ee2da6c8244294c42cc2d744729f6c1e08f7
SHA2568318f97efe79ee68c235d0b29f5c0a4460f163579a7a035324eeda2faec8a9ab
SHA5127f04bcc768be8614e4eccc246d19e5c576e6d00e0190ac47b0c0f23d7f85ea9a12298e660d6fa43613cc72521437e39b82c526f0d84c12cfaee3b8d2312e06bc
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-environment-l1-1-0.dllFilesize
20KB
MD565dcbcf130b75d7f7b8d61d2a7cadb8c
SHA1c7f2465f4f903be63fc27ff0a6f0aa8cf70e41ce
SHA2561d1bd8458b3607e42c805ce0a87aeac53ab818aa4656a257d3fb4b1f74f307b7
SHA512e8dcbaaf5af5acf7cb9a973d5404c348d1ec478b2a7b8adae5bd4befc8bbc12a55dd34795e8d7a810f59c9dc716df892c4df2894685a8db6f4d055aff36fa305
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-filesystem-l1-1-0.dllFilesize
20KB
MD5338f281c22f203f51c3c102ed5d70dee
SHA106711c8269781348469c3e5f0bc742095d6d9143
SHA256cc40976b256a0de12db33f3b8d3877778f8f6d3074cf1178703c9e331a2793cb
SHA512dd2680a9e847fe7398844e2419d7dc31a4eb69a21a45cbbc083b03efc48f71a02fc67d7eabd6456f8ff39f592885fc7706bbb6bc3556bc5269c28b0c805f8776
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-heap-l1-1-0.dllFilesize
20KB
MD53c136f64fe405ed46d6c1033e9619411
SHA1b088633bf160a6d3774f22e03dd4ae6edac9fee2
SHA2568905e2c2e21f1912c488844be9678de3be30b958973ceef23305d7d4f79a3f7f
SHA5122981167de4f03096fb2237c2fa69b0dc702b87004b1092681f0c1590f1d08dce73a5ce5dbfdfd6e214cf8ca88cfdf6d01b3cdd1acbc958d7d5ab3b84d795dad1
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-locale-l1-1-0.dllFilesize
20KB
MD5d740df64e14e8c534faad4ea5b03245c
SHA14e95b50392a60b8e3f9d3c8050e194769cd138d6
SHA2565d1c2a62f78a37014ad1da57e72bcf2e0811bcc090a1db1a42574d8d77dcbf22
SHA51261eb4925dc8ec916fd96bb144d830432e8aa58fade539228e619b8d6c503d57872ecf004059879bfe0c3a35a0adff0bb39eed3d1d74c23963f6567391e9e7b4b
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-math-l1-1-0.dllFilesize
28KB
MD563770930925dce98744256cdb5bac235
SHA1d30ca931e40154ac362a97f6c00e8a91689c74e0
SHA2562b4d055b15fb5e945f0fa6e31bfa83fed68c2753f6b52bd4e2c5d74d944bd780
SHA512cd55bd82d09ce5c02f77128f45860c0b7a646a6c03655879ded104d89e3857499a1b000059311fe89a3a34b3d5704e7d28361ab4d9873e48c0442d89d393936f
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-process-l1-1-0.dllFilesize
20KB
MD5bf211b13e14270c595588d2977aadf77
SHA13e0a14482c19192eff777c3ed07262e5bbba844a
SHA256edc6dbd6e0f3c486ec5a7657d373d0cbc5fd923699251a9fd3d40d1f9af59f54
SHA51213af70c56c6a16609f74627e1f2e508d4e5325f844b71da824d4ec3dac0d4a5d2359e1c7f71f0932bd10d6012f28a0a4f10ec217810076b7483373ea670a1d62
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-runtime-l1-1-0.dllFilesize
24KB
MD5833afdb36bdb82b902bdf549e11f3659
SHA10d9f6b6c24d225eb9638304737cc5a647fc8f908
SHA25671d469dfe48394c88c3409a17eb4d8bf73dac6d8d516e5d9209362210295944c
SHA512869702bf8a7533da9cf1a57d7eec6fc74c5ddc896c7dcb3619ea5148ef793ff6e79404112a4c4ccb7dc5d8398e9d843456e1f3aa2d6db46aaf0eda4a11fcad5e
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-stdio-l1-1-0.dllFilesize
24KB
MD5e91f0d056131be37c9239ac1e8eaefd7
SHA109e3f5c0f26a542a6b45ed6fcb984e6d0c95bb60
SHA256020d585c01dbedbd989170172a0a25009822acfaf6c8451b4f7a5265413ff755
SHA5124dfa50adc5538645b606da5ea09dc509c8911fafd4d82958ea55d01b40dd27691cdd8f6bf55dfdfdd32d94d140cac11b5b937372200f379aec0ca28166f4f0a6
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-string-l1-1-0.dllFilesize
24KB
MD52cb41fce51a93573f389a1955ae66abc
SHA1fe4f62731b82bc47d10fbb0e5ec1de7eb31678ec
SHA2564438861e448bbf1eabe89efd356fd5e7cbc455f0c2bd08c140baa34f095dbb57
SHA5124af08d659d8059b801c7dab74bb9a6afb33f0d8583616c9f5267539c99cca0c7f8497c5d1ea205b0a686713c7ae67f8f6cd7aec7b9b2d50fdaf76bbdd26e71b7
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\api-ms-win-crt-time-l1-1-0.dllFilesize
20KB
MD5cef9e6ad9fbe35890fa957ad5492b56c
SHA14783977a0041a129813d14f9bebccd67c28325e6
SHA256325ec6b56c272dc3d08490077cc9040fe629bdd176968ca10ae6738686332faf
SHA51249ff991a6bcee2f6fdb1cc012a057841764fcca1a6301437435e1194dfc2d94e692aa26a715884472eac7d86a666c6a494e12789d8af4662f5b64efe6d885c0f
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\base_library.zipFilesize
1008KB
MD5c36ac516b6db2b1314bacd5b0f2f443e
SHA1e1bdac2ee9d7d6bce7736a3f1227ac04a50a25b5
SHA256cad7cfc3921fac97b004237f93645bf0344bb3bd0065c08d040846397ae494ff
SHA512fb439ddb3e2198e84e7e5b591a73ccc3db65daa33d5eaf322b40818c7666ab6d58455d94c06a6eb3bdb1d8a147ed37044a7c5c8ba19d94cf144a4ad0bf63373c
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\libffi-7.dllFilesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\python38.dllFilesize
4.0MB
MD526ba25d468a778d37f1a24f4514d9814
SHA1b64fe169690557656ede3ae50d3c5a197fea6013
SHA2562f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA51280471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080
-
C:\Users\Admin\AppData\Local\Temp\_MEI28362\ucrtbase.dllFilesize
1020KB
MD5c9c70e684ca8e1d74fcfa17dbc6eaab4
SHA1956f47dbed9b405687429827f532e5347189f108
SHA256c3c6ff3005623a771cf1642beabb62add5f101782b8f2b60081ab3faf2824cca
SHA5122b3e9f1fe105bd4c08e76e6ac584670735cc459272c34e95dce3db3f58ad392a1a63c2726f3f08e1d35fd6facab92d41b9cb2ac44c0531ce44daf17a9517374a
-
memory/292-98-0x0000000000560000-0x0000000000561000-memory.dmpFilesize
4KB