Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17-05-2024 06:36
Static task
static1
Behavioral task
behavioral1
Sample
c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
Resource
win10v2004-20240226-en
General
-
Target
c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
-
Size
9KB
-
MD5
c30942f733999b08c18bd383bcf447a0
-
SHA1
e1ad001447c5b123c3040991c39430811102f871
-
SHA256
183f0325d0d63a236408a163df94e07dc9e2702c7a868a7df4c472ce1d33bade
-
SHA512
f3e57e86a9c45d053f5eab26021c152de8db1f752d756a77087adbbf83adf5a2ec68881ed86491bcea17d417c2ae83d64f093d044782c4fda77de4d033ee1657
-
SSDEEP
192:O6S28Xed66b9hYuWJuOLjjOM553M0xQN:Z8Ob9CJuOLjjfv
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.3.128:443/api/artical/product/hot
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe PID 1288 wrote to memory of 2508 1288 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll,#12⤵PID:2508
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2508-0-0x0000000000180000-0x0000000000181000-memory.dmpFilesize
4KB