metasploit | 5efea9d9fbd802c625eaa80939fd94c228b973d44d181ea8ab11f3d4ef42e90c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
Size

6.0MB
MD5

c30741092945f21c04a10f98e9ed1620
SHA1

8435f33caa64e6527ea401d48268f45675743871
SHA256

5efea9d9fbd802c625eaa80939fd94c228b973d44d181ea8ab11f3d4ef42e90c
SHA512

5927f8eb04dc0baf5ceaef13594561a051d332a924ab6eeae097bc8b4072fc523fce868e7c47be9a354482e9e4e7c2a6aee523e7576ab631102c3d03cf38cdfc
SSDEEP

98304:lVzPib+sX1ZvbeAyJZ/dJolTlPNs2PKToa1FptF07TcXeZS7uiFpMndH2nkzwTVi:lVzPiCsXDjDyf/dJolpPgToa10/cOMFl

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

106.53.94.240:6000

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Loads dropped DLL 5 IoCs

Processes:

c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe

pid	process
3292	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
3292	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
3292	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
3292	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
3292	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe

description	pid	process	target process
PID 3452 wrote to memory of 3292	3452	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
PID 3452 wrote to memory of 3292	3452	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe	c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3452

C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c30741092945f21c04a10f98e9ed1620_NeikiAnalytics.exe"
2⤵
- Loads dropped DLL
PID:3292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI34522\VCRUNTIME140.dll
Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34522\_ctypes.pyd
Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34522\base_library.zip
Filesize
1008KB

MD5
c36ac516b6db2b1314bacd5b0f2f443e

SHA1
e1bdac2ee9d7d6bce7736a3f1227ac04a50a25b5

SHA256
cad7cfc3921fac97b004237f93645bf0344bb3bd0065c08d040846397ae494ff

SHA512
fb439ddb3e2198e84e7e5b591a73ccc3db65daa33d5eaf322b40818c7666ab6d58455d94c06a6eb3bdb1d8a147ed37044a7c5c8ba19d94cf144a4ad0bf63373c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34522\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34522\python38.dll
Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34522\ucrtbase.dll
Filesize
1020KB

MD5
c9c70e684ca8e1d74fcfa17dbc6eaab4

SHA1
956f47dbed9b405687429827f532e5347189f108

SHA256
c3c6ff3005623a771cf1642beabb62add5f101782b8f2b60081ab3faf2824cca

SHA512
2b3e9f1fe105bd4c08e76e6ac584670735cc459272c34e95dce3db3f58ad392a1a63c2726f3f08e1d35fd6facab92d41b9cb2ac44c0531ce44daf17a9517374a

Download Submit
memory/3292-64-0x0000015EE7580000-0x0000015EE7581000-memory.dmp

Filesize
4KB

Download