Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
17-05-2024 06:36
Static task
static1
Behavioral task
behavioral1
Sample
c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
Resource
win10v2004-20240226-en
General
-
Target
c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll
-
Size
9KB
-
MD5
c30942f733999b08c18bd383bcf447a0
-
SHA1
e1ad001447c5b123c3040991c39430811102f871
-
SHA256
183f0325d0d63a236408a163df94e07dc9e2702c7a868a7df4c472ce1d33bade
-
SHA512
f3e57e86a9c45d053f5eab26021c152de8db1f752d756a77087adbbf83adf5a2ec68881ed86491bcea17d417c2ae83d64f093d044782c4fda77de4d033ee1657
-
SSDEEP
192:O6S28Xed66b9hYuWJuOLjjOM553M0xQN:Z8Ob9CJuOLjjfv
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.3.128:443/api/artical/product/hot
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4832 wrote to memory of 4048 4832 rundll32.exe rundll32.exe PID 4832 wrote to memory of 4048 4832 rundll32.exe rundll32.exe PID 4832 wrote to memory of 4048 4832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c30942f733999b08c18bd383bcf447a0_NeikiAnalytics.dll,#12⤵PID:4048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:2908
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4048-0-0x0000000002180000-0x0000000002181000-memory.dmpFilesize
4KB