Behavioral task
behavioral1
Sample
2aa3c1b7c94881e8e4e458b35076473cccf73b02bc51ce546dc85097af06cac1_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2aa3c1b7c94881e8e4e458b35076473cccf73b02bc51ce546dc85097af06cac1_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
2aa3c1b7c94881e8e4e458b35076473cccf73b02bc51ce546dc85097af06cac1_NeikiAnalytics.exe
-
Size
7KB
-
MD5
40e8fafa2c80e75503aeea7cbe72fc20
-
SHA1
69bfd4f1b3356fd564746ddfcfb0f7bf24429284
-
SHA256
2aa3c1b7c94881e8e4e458b35076473cccf73b02bc51ce546dc85097af06cac1
-
SHA512
cf069660ee0ec414308b3fc95bd37c5e3bc18a515a71214b0c4ca9b7aae89d92a296009e722b6d6452e6e1ca2be824b594b43f94670992a56adbbb94c763b6a7
-
SSDEEP
24:eFGStrJ9u0/6iwZnZdkBQAVKoc+BpKZqpeNDMSCvOXpmB:is06pkBQvz+BprSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
192.168.56.102:4444
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2aa3c1b7c94881e8e4e458b35076473cccf73b02bc51ce546dc85097af06cac1_NeikiAnalytics.exe
Files
-
2aa3c1b7c94881e8e4e458b35076473cccf73b02bc51ce546dc85097af06cac1_NeikiAnalytics.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.qnwd Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE