Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

8e5039af5a...KI.exe

windows7-x64

1

8e5039af5a...KI.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 01:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e5039af5a970a9ba2e54dfa150cb2e0_NEIKI.exe

  • Size

    172KB

  • MD5

    8e5039af5a970a9ba2e54dfa150cb2e0

  • SHA1

    2f241994b6e4b87a87fd47ba9255257d2e0f29e9

  • SHA256

    847972eafd266ceee01366a1998d068a3454702f87b063703266349b12d72a2c

  • SHA512

    2ac8c33ad38a2a257b48caee07f021603e39d1d6b04124935b29949f84ef7ae4ce7465ad1bf3000ed5bcfdf4151bdebecf817120c71d606943bafba79b873e55

  • SSDEEP

    3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEOD6oIAkeF0RNyreZ8PRmqIZq9awE0ctUiQFF:tFPxPke+eI38

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e5039af5a970a9ba2e54dfa150cb2e0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\8e5039af5a970a9ba2e54dfa150cb2e0_NEIKI.exe"
    1⤵
      PID:3256
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4956

      Network

      • flag-us
        DNS
        81.171.91.138.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.171.91.138.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        97.17.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.17.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        58.55.71.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.55.71.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        chromewebstore.googleapis.com
        Remote address:
        8.8.8.8:53
        Request
        chromewebstore.googleapis.com
        IN A
        Response
        chromewebstore.googleapis.com
        IN A
        172.217.169.74
        chromewebstore.googleapis.com
        IN A
        172.217.169.42
        chromewebstore.googleapis.com
        IN A
        142.250.179.234
        chromewebstore.googleapis.com
        IN A
        142.250.180.10
        chromewebstore.googleapis.com
        IN A
        142.250.187.202
        chromewebstore.googleapis.com
        IN A
        142.250.187.234
        chromewebstore.googleapis.com
        IN A
        142.250.178.10
        chromewebstore.googleapis.com
        IN A
        172.217.16.234
        chromewebstore.googleapis.com
        IN A
        142.250.200.10
        chromewebstore.googleapis.com
        IN A
        142.250.200.42
        chromewebstore.googleapis.com
        IN A
        216.58.201.106
        chromewebstore.googleapis.com
        IN A
        216.58.204.74
        chromewebstore.googleapis.com
        IN A
        216.58.213.10
        chromewebstore.googleapis.com
        IN A
        216.58.212.202
        chromewebstore.googleapis.com
        IN A
        216.58.212.234
      • flag-us
        DNS
        chromewebstore.googleapis.com
        Remote address:
        8.8.8.8:53
        Request
        chromewebstore.googleapis.com
        IN Unknown
        Response
      • flag-us
        DNS
        149.220.183.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        149.220.183.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        pki.goog
        Remote address:
        8.8.8.8:53
        Request
        pki.goog
        IN A
        Response
        pki.goog
        IN A
        216.239.32.29
      • flag-us
        DNS
        pki.goog
        Remote address:
        8.8.8.8:53
        Request
        pki.goog
        IN Unknown
        Response
      • flag-us
        GET
        http://pki.goog/gsr1/gsr1.crt
        Remote address:
        216.239.32.29:80
        Request
        GET /gsr1/gsr1.crt HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Encoding: gzip
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 797
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Wed, 08 May 2024 00:44:07 GMT
        Expires: Wed, 08 May 2024 01:34:07 GMT
        Cache-Control: public, max-age=3000
        Age: 2118
        Last-Modified: Wed, 20 May 2020 16:45:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        GET
        http://pki.goog/repo/certs/gtsr1.der
        Remote address:
        216.239.32.29:80
        Request
        GET /repo/certs/gtsr1.der HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 1371
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Wed, 08 May 2024 00:51:13 GMT
        Expires: Wed, 08 May 2024 01:41:13 GMT
        Cache-Control: public, max-age=3000
        Age: 1692
        Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        GET
        http://pki.goog/repo/certs/gts1c3.der
        Remote address:
        216.239.32.29:80
        Request
        GET /repo/certs/gts1c3.der HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Encoding: gzip
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 1304
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Wed, 08 May 2024 01:01:48 GMT
        Expires: Wed, 08 May 2024 01:51:48 GMT
        Cache-Control: public, max-age=3000
        Age: 1057
        Last-Modified: Mon, 17 Aug 2020 09:45:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        DNS
        74.169.217.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        74.169.217.172.in-addr.arpa
        IN PTR
        Response
        74.169.217.172.in-addr.arpa
        IN PTR
        lhr48s09-in-f101e100net
      • flag-us
        DNS
        104.219.191.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.219.191.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        29.32.239.216.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.32.239.216.in-addr.arpa
        IN PTR
        Response
        29.32.239.216.in-addr.arpa
        IN PTR
        any-in-201d1e100net
      • flag-us
        DNS
        11.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        208.143.182.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.143.182.52.in-addr.arpa
        IN PTR
        Response
      • 13.107.253.64:443
        46 B
         40 B
         1
        1
      • 172.217.169.74:443
        chromewebstore.googleapis.com
        tls
        909 B
         5.2kB
         8
        8
      • 216.239.32.29:80
        http://pki.goog/repo/certs/gts1c3.der
        http
        1.3kB
         6.1kB
         10
        10

        HTTP Request

        GET http://pki.goog/gsr1/gsr1.crt

        HTTP Response

        200

        HTTP Request

        GET http://pki.goog/repo/certs/gtsr1.der

        HTTP Response

        200

        HTTP Request

        GET http://pki.goog/repo/certs/gts1c3.der

        HTTP Response

        200
      • 8.8.8.8:53
        81.171.91.138.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        81.171.91.138.in-addr.arpa

      • 8.8.8.8:53
        97.17.167.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        97.17.167.52.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        73.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        73.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        58.55.71.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        58.55.71.13.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        chromewebstore.googleapis.com
        dns
        75 B
         315 B
         1
        1

        DNS Request

        chromewebstore.googleapis.com

        DNS Response

        172.217.169.74
        172.217.169.42
        142.250.179.234
        142.250.180.10
        142.250.187.202
        142.250.187.234
        142.250.178.10
        172.217.16.234
        142.250.200.10
        142.250.200.42
        216.58.201.106
        216.58.204.74
        216.58.213.10
        216.58.212.202
        216.58.212.234

      • 8.8.8.8:53
        chromewebstore.googleapis.com
        dns
        148 B
         279 B
         2
        2

        DNS Request

        chromewebstore.googleapis.com

        DNS Request

        149.220.183.52.in-addr.arpa

      • 8.8.8.8:53
        pki.goog
        dns
        54 B
         70 B
         1
        1

        DNS Request

        pki.goog

        DNS Response

        216.239.32.29

      • 8.8.8.8:53
        pki.goog
        dns
        54 B
         128 B
         1
        1

        DNS Request

        pki.goog

      • 8.8.8.8:53
        74.169.217.172.in-addr.arpa
        dns
        73 B
         112 B
         1
        1

        DNS Request

        74.169.217.172.in-addr.arpa

      • 8.8.8.8:53
        104.219.191.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        104.219.191.52.in-addr.arpa

      • 8.8.8.8:53
        29.32.239.216.in-addr.arpa
        dns
        72 B
         107 B
         1
        1

        DNS Request

        29.32.239.216.in-addr.arpa

      • 8.8.8.8:53
        11.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        11.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        208.143.182.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        208.143.182.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.