Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 23:37

General

  • Target

    1883e3a4b7e4e247fe15f09c848c3aa08427163d74821ab2af2e435f5406cf89_NeikiAnalytics.exe

  • Size

    72KB

  • MD5

    68cf5abcf4b3718a2d8e4ad8694209b0

  • SHA1

    e4026fd99f77437f45d2c2546920237ccd21e88e

  • SHA256

    1883e3a4b7e4e247fe15f09c848c3aa08427163d74821ab2af2e435f5406cf89

  • SHA512

    4a41256a75e775c924cbd2a821c3b83f3c40ece824684f7e4808968cbd66cc39bc23c789794a862451af8cf061ed55d0138e16010fbcaba7a5771d0419983d89

  • SSDEEP

    1536:IfVaB651DmFFAN6qs7smH1bC1sMb+KR0Nc8QsJq39:WVp51QFNPVbCse0Nc8QsC9

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

147.185.221.18:49591

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1883e3a4b7e4e247fe15f09c848c3aa08427163d74821ab2af2e435f5406cf89_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1883e3a4b7e4e247fe15f09c848c3aa08427163d74821ab2af2e435f5406cf89_NeikiAnalytics.exe"
    1⤵
      PID:2400

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2400-0-0x0000000000020000-0x0000000000021000-memory.dmp
      Filesize

      4KB