metasploit | 183f0325d0d63a236408a163df94e07dc9e2702c7a868a7df4c472ce1d33bade | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 06:36

Sharing

Report Analysis Logs

General

Target

c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
Size

9KB
MD5

c30942f733999b08c18bd383bcf447a0
SHA1

e1ad001447c5b123c3040991c39430811102f871
SHA256

183f0325d0d63a236408a163df94e07dc9e2702c7a868a7df4c472ce1d33bade
SHA512

f3e57e86a9c45d053f5eab26021c152de8db1f752d756a77087adbbf83adf5a2ec68881ed86491bcea17d417c2ae83d64f093d044782c4fda77de4d033ee1657
SSDEEP

192:O6S28Xed66b9hYuWJuOLjjOM553M0xQN:Z8Ob9CJuOLjjfv

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.3.128:443/api/artical/product/hot

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe
PID 1288 wrote to memory of 2508	1288	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1288

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll,#1
2⤵
PID:2508

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2508-0-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download