Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

4885ce3f49...cs.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    125s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 13:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4885ce3f49b7050f9150458d6c221d40_NeikiAnalytics.exe

  • Size

    1.2MB

  • MD5

    4885ce3f49b7050f9150458d6c221d40

  • SHA1

    d50c0da9c07076da404b5055139ec88f0d8e5c35

  • SHA256

    a5513a4f33e08ca69b8c61337c2b5c116eb994a7eb4d155adb465d61562dc895

  • SHA512

    dcc90bfecbdf60d83d841a5854c4b91e5585cbcea86f1596a2d154d07ced64907cbe6af077ade51eb86fce42cfb2e4e6bb12fcee486f5b99203f8c7044144a66

  • SSDEEP

    24576:bHgBr4Lrh/OyKGVDewWUZ2QQl2Bp65gcTVjUCs2Vo2:bH6EZ/Oy9qN22QA2Bp65RjUV2Vo

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\4885ce3f49b7050f9150458d6c221d40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4885ce3f49b7050f9150458d6c221d40_NeikiAnalytics.exe"
    1⤵
      PID:2856
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:8
      1⤵
        PID:632

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=3CF14E21ED1C6D123D8F5A5BEC3B6C48; domain=.bing.com; expires=Tue, 03-Jun-2025 13:33:19 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 00C8C382C35E4980B585F78618DE7A4C Ref B: LON04EDGE0708 Ref C: 2024-05-09T13:33:19Z
        date: Thu, 09 May 2024 13:33:19 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3CF14E21ED1C6D123D8F5A5BEC3B6C48
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=NeVztJMrvLy82zwpk5XCZm8QEKO9OQx-8jun6trmyxw; domain=.bing.com; expires=Tue, 03-Jun-2025 13:33:19 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: BCE841543A434406B672707FF0A17082 Ref B: LON04EDGE0708 Ref C: 2024-05-09T13:33:19Z
        date: Thu, 09 May 2024 13:33:19 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3CF14E21ED1C6D123D8F5A5BEC3B6C48; MSPTC=NeVztJMrvLy82zwpk5XCZm8QEKO9OQx-8jun6trmyxw
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 205B5CFA6A834E5699031C0F719F31F7 Ref B: LON04EDGE0708 Ref C: 2024-05-09T13:33:19Z
        date: Thu, 09 May 2024 13:33:19 GMT
      • flag-us
        DNS
        71.31.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        71.31.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-be
        GET
        https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
        Remote address:
        2.17.107.130:443
        Request
        GET /th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        cookie: MUID=3CF14E21ED1C6D123D8F5A5BEC3B6C48; MSPTC=NeVztJMrvLy82zwpk5XCZm8QEKO9OQx-8jun6trmyxw
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Thu, 09 May 2024 13:33:20 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.7e6b1102.1715261600.c1b18f
      • flag-be
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        2.17.107.130:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        cookie: MUID=3CF14E21ED1C6D123D8F5A5BEC3B6C48; MSPTC=NeVztJMrvLy82zwpk5XCZm8QEKO9OQx-8jun6trmyxw
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 5773
        date: Thu, 09 May 2024 13:33:20 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.7e6b1102.1715261600.c1b18e
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        130.107.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        130.107.17.2.in-addr.arpa
        IN PTR
        Response
        130.107.17.2.in-addr.arpa
        IN PTR
        a2-17-107-130deploystaticakamaitechnologiescom
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        24.121.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        24.121.18.2.in-addr.arpa
        IN PTR
        Response
        24.121.18.2.in-addr.arpa
        IN PTR
        a2-18-121-24deploystaticakamaitechnologiescom
      • flag-us
        DNS
        21.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        77.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        77.190.18.2.in-addr.arpa
        IN PTR
        Response
        77.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-77deploystaticakamaitechnologiescom
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=
        tls, http2
        2.0kB
         9.2kB
         22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b6160b44e8654c36b0b91d5ee0d181ce&localId=w:59244BCC-88B7-85EB-8DCD-EAE142591B00&deviceId=6896201178070400&anid=

        HTTP Response

        204
      • 2.17.107.130:443
        www.bing.com
        tls, http2
        1.0kB
         4.7kB
         13
        9
      • 2.17.107.130:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.9kB
         12.8kB
         23
        18

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        71.31.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        71.31.126.40.in-addr.arpa

      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        130.107.17.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        130.107.17.2.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        24.121.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        24.121.18.2.in-addr.arpa

      • 8.8.8.8:53
        21.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        21.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        77.190.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        77.190.18.2.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2856-0-0x0000000140000000-0x000000014012E000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2856-1-0x0000000140000000-0x000000014012E000-memory.dmp

        Filesize

        1.2MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.