Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 08:57 UTC

General

  • Target

    ac306205086202cde216c82e093eea40_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    ac306205086202cde216c82e093eea40

  • SHA1

    df1a8dd2094ff52ce763b6ccec976fd05ded5c9e

  • SHA256

    f388cf7c61fd87640270d2155a29897e790712d731f68e0330442e1d3aeb4e00

  • SHA512

    d79fd312d670f0143ff9878841a048e900ba07a1bb584c21a90e61fbb46a955b357dca71eab6fe6a0081b3d722df3d557e168e3932410151fa6b1b05f1f283d7

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmC5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac306205086202cde216c82e093eea40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ac306205086202cde216c82e093eea40_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\UserDotZ0\devbodec.exe
      C:\UserDotZ0\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3324

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0B18381C1F536B0511832C621EB36A87; domain=.bing.com; expires=Sat, 07-Jun-2025 08:57:16 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A5D6FBC47A614929B5FC6D5289CD3FBE Ref B: LON04EDGE1113 Ref C: 2024-05-13T08:57:16Z
    date: Mon, 13 May 2024 08:57:15 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0B18381C1F536B0511832C621EB36A87; _EDGE_S=SID=1B0D462B9D3B60EA3D0352559C576105
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=jB3KiRu5ZIsQ85_OATQmGl6JGVmzShWvarnH1uDkGFw; domain=.bing.com; expires=Sat, 07-Jun-2025 08:57:16 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9ECFDB79A7D742528A3E7D08F498031D Ref B: LON04EDGE1113 Ref C: 2024-05-13T08:57:16Z
    date: Mon, 13 May 2024 08:57:15 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266
    Remote address:
    23.62.61.106:443
    Request
    GET /aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0B18381C1F536B0511832C621EB36A87
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 93CD4C97E32047B79C60B421E524AD08 Ref B: BRU30EDGE0516 Ref C: 2024-05-13T08:57:16Z
    content-length: 0
    date: Mon, 13 May 2024 08:57:16 GMT
    set-cookie: _EDGE_S=SID=1B0D462B9D3B60EA3D0352559C576105; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=0B18381C1F536B0511832C621EB36A87; path=/; httponly; expires=Sat, 07-Jun-2025 08:57:16 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.663d3e17.1715590636.8f87c0
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    106.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.61.62.23.in-addr.arpa
    IN PTR
    Response
    106.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-106deploystaticakamaitechnologiescom
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.106:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=0B18381C1F536B0511832C621EB36A87; _EDGE_S=SID=1B0D462B9D3B60EA3D0352559C576105; MSPTC=jB3KiRu5ZIsQ85_OATQmGl6JGVmzShWvarnH1uDkGFw; MUIDB=0B18381C1F536B0511832C621EB36A87
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Mon, 13 May 2024 08:57:18 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.663d3e17.1715590638.8f90bc
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 499516
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 81169C0D29E849A48C4ECE3D6A1256EA Ref B: LON04EDGE0713 Ref C: 2024-05-13T08:58:51Z
    date: Mon, 13 May 2024 08:58:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 476246
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 53C2C170B7D84080990CB16D9D85B25B Ref B: LON04EDGE0713 Ref C: 2024-05-13T08:58:51Z
    date: Mon, 13 May 2024 08:58:51 GMT
  • flag-us
    DNS
    93.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    93.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF
    tls, http2
    2.5kB
    9.0kB
    19
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8lfVJG5vTZEbHrw3P1wSYvDVUCUx5UmvtAoSwCAhJNPPWQ6zwYKKOJ_yqbbcEkxrgM_ubsupTe44QnXmFewHDIHN9aTXBsYxHo4i7BMONxo-0u5e7hJXINcXzN0MG8DSm5Znh7LReKshh3IpPwfrGwehVzOiqhpEL5OqOg1kU_HbIKYmQ%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D098750c7deb813359e4736ec71f73dac&TIME=20240426T134308Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266&muid=ADDDFB3EF7AA0DA8A4964D397794E5DF

    HTTP Response

    204
  • 23.62.61.106:443
    https://www.bing.com/aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266
    tls, http2
    1.5kB
    5.4kB
    17
    12

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=ef24e622a6eb466f82c05c66dd93b049&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134308Z&adUnitId=11730597&localId=w:ADDDFB3E-F7AA-0DA8-A496-4D397794E5DF&deviceId=6896200621815266

    HTTP Response

    200
  • 23.62.61.106:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.7kB
    6.4kB
    18
    13

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    34.9kB
    1.0MB
    741
    737

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    20.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    20.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    106.61.62.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    106.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    93.65.42.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    93.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxEN\dobxloc.exe

    Filesize

    4.1MB

    MD5

    a60c18c1bbff10c03116f80dc8d3ec55

    SHA1

    b48aaea22968b0288a8389124dbe390fd299517b

    SHA256

    4ecd542201961ed0e9a09ae53520b37489e31d5707ff565a90ce4d7fee20da2d

    SHA512

    33a31d108370ecebe60bae33c2a2b25d31b1bda187cdec6b72e97761b06e0875cdd2e5ebf28319badc80724b486fc69ebe35b841d65dc31bb6e9305ff40050cf

  • C:\UserDotZ0\devbodec.exe

    Filesize

    4.1MB

    MD5

    ef7e1f75c0ecd816974abfe86076a194

    SHA1

    bd3155342ee2f4bf4a75947387b90b7b4bb19bd1

    SHA256

    4b79e3942787a25e1351de66fd8ecc3a6bf931f7789965d29140c7a1b14b134b

    SHA512

    fa2174241d722e5ac6c2f76cbab5873cf3de6eb8f16f519876364725e95aad9e4bfdd820ba76b072c1bc1e781e0169dfff8a6fe03b6fa62902bb17a6ed69744f

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    203B

    MD5

    6122d2221920e3a2720463a01784ebac

    SHA1

    442b5fa82d3bd65dc86248fdd740a7cec541c0b7

    SHA256

    53c42b4546498d98349fa4b8c3fb0dfdfd3fe77a83b03043cf966e88e7cd8b48

    SHA512

    99961c82819737d06737e226ac115e18138c212f9fc1c6c71ec5d65ffa6e949f21afac14e5a7dc71181f22a927b020adb8351086ff367978c046176bf9e97394

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.