Analysis Overview
SHA256
6299a681f17cef494d732f1bec2050ef18c5d3d2cf38df2081fff8ae422381a9
Threat Level: Shows suspicious behavior
The file 4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Event Triggered Execution: Component Object Model Hijacking
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 13:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 13:59
Reported
2024-06-18 14:02
Platform
win7-20240611-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Event Triggered Execution: Component Object Model Hijacking
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\ProgID\ = "ADOInfoProvider.MSSQLInfoProvider" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\Version | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\TypeLib\ = "{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\ = "ADOInfoProvider Library" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\FLAGS\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\ = "MSSQLInfoProvider" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider\Clsid\ = "{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\0\win32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider\ = "MSSQLInfoProvider" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider\Clsid | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\Version\ = "1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 13:59
Reported
2024-06-18 14:02
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Event Triggered Execution: Component Object Model Hijacking
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider\Clsid\ = "{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\FLAGS\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider\Clsid | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider\ = "MSSQLInfoProvider" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\ = "ADOInfoProvider Library" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\0\win32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\Version\ = "1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\ProgID\ = "ADOInfoProvider.MSSQLInfoProvider" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\Version | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\TypeLib\ = "{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3ED6E93A-5D39-4BAE-9466-824FADC9D8CE}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E03ED2E4-F7CC-46E1-8ECB-96415B9F4BF0}\ = "MSSQLInfoProvider" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ADOInfoProvider.MSSQLInfoProvider | C:\Windows\system32\regsvr32.exe | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4e1328f16286aaff5d2ee3d7073f0930_NeikiAnalytics.dll