Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    18-06-2024 13:59

General

  • Target

    4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll

  • Size

    1.8MB

  • MD5

    4e1328f16286aaff5d2ee3d7073f0930

  • SHA1

    8f658f6f4b606180669e2a016c1afc84878c616e

  • SHA256

    6299a681f17cef494d732f1bec2050ef18c5d3d2cf38df2081fff8ae422381a9

  • SHA512

    0992c374855d3e4747434985766b8a015d9d70a82b4d762741995d3842f4f98be92e653022ba873be7d8c64d6a6461f4799e755c210752f2ab23b46638dc42f1

  • SSDEEP

    24576:icjYURxCm5eoDdEQ5ZIqLG6NK7RswS/QC1XG9dp:5YURxR5eYV5G6NK7RswS/QC1G

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 25 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll
    1⤵
    • Modifies registry class
    PID:2064

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Replay Monitor

Loading Replay Monitor...

Downloads