Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 04:57

General

  • Target

    3713babf5fbbbcf85cf64d29a097708bfe1ad471409f5d0ec914884be402df86_NeikiAnalytics.dll

  • Size

    1.2MB

  • MD5

    559c43b38eb9cda558975284c08e6380

  • SHA1

    8a23f1f8148e4b9cc9c20b3be56b39e9b0dab5ed

  • SHA256

    3713babf5fbbbcf85cf64d29a097708bfe1ad471409f5d0ec914884be402df86

  • SHA512

    5171bb84e6301c2977262d5bf105abeea1b18be911ccfd956c4863c586d2399f697dd5b7e1f15756179c813adf40cd326a300f3b7f3390af0959ebe63f7ba703

  • SSDEEP

    12288:JE6N7PFEDWJihVbjnEPBgQVl4lPaH8dn/StuEm2XwZyAopv+4Apovq/:JE27PFEUQU6l4yn/StM2WfC+4Apiq/

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 33 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3713babf5fbbbcf85cf64d29a097708bfe1ad471409f5d0ec914884be402df86_NeikiAnalytics.dll
    1⤵
    • Modifies registry class
    PID:3016
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4204,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    1⤵
      PID:4032

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads