Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27-06-2024 23:03
General
-
Target
36ded09b5dee35c33645b90ce0c3279fd7adf2edadb54fd7f202c5aaabb2ced1_NeikiAnalytics.dll
-
Size
9KB
-
MD5
70f9592523c0c66c00d6f8b0c97df860
-
SHA1
7c8fae88ca5d2e6837c74a63953b47dd17a68622
-
SHA256
36ded09b5dee35c33645b90ce0c3279fd7adf2edadb54fd7f202c5aaabb2ced1
-
SHA512
6a3a85e90808bc6ac4541cd24900b571775f2dc90e89b3fafe1dd796067455a572167ceae5dd3f25a99d4ff0caef6045108f4eae994198cdfbca7efb74e3c4d7
-
SSDEEP
48:q0kV3zU9G4aNVh7XphlhEF57/nGhZoEmbOE:vDIK6oE
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36ded09b5dee35c33645b90ce0c3279fd7adf2edadb54fd7f202c5aaabb2ced1_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36ded09b5dee35c33645b90ce0c3279fd7adf2edadb54fd7f202c5aaabb2ced1_NeikiAnalytics.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\calc.execalc.exe4⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-0-0x00000000004D0000-0x00000000004D1000-memory.dmpFilesize
4KB