Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

4b53f09e13...cs.dll

windows7-x64

3

4b53f09e13...cs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 00:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b53f09e13a18cc352a62b76a4ef85f0_NeikiAnalytics.dll

  • Size

    116KB

  • MD5

    4b53f09e13a18cc352a62b76a4ef85f0

  • SHA1

    f74f272ff0faa4b9c5d297947310def7881da413

  • SHA256

    363450eccbe46762b9570cca2f064d9e97b1d8c6443548318cb8febafb00f039

  • SHA512

    c05828482aac3e778f173e7a92e1da2dc5f4c79122422c2fd886f1ac5511473c7ae25bb6cc34a7e14a5f153ec66d89f6a66058f59903071869b52ea0735bd478

  • SSDEEP

    1536:E9MwtVsi0oufZVsQoZaF0NEk73kYoVoVUTsXdPKdoSsgkRewuG:E9MwwZVsxZNEo3HoVw3lKdouw3

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b53f09e13a18cc352a62b76a4ef85f0_NeikiAnalytics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:916
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b53f09e13a18cc352a62b76a4ef85f0_NeikiAnalytics.dll,#1
      2⤵
        PID:2708
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 636
          3⤵
          • Program crash
          PID:1056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2708 -ip 2708
      1⤵
        PID:2492

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=1AC4F3DD42ED682336C2E75D430D6933; domain=.bing.com; expires=Mon, 09-Jun-2025 00:10:49 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 116E0C5A89234D4794FF26C7830E1C35 Ref B: LON04EDGE1120 Ref C: 2024-05-15T00:10:49Z
        date: Wed, 15 May 2024 00:10:49 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1AC4F3DD42ED682336C2E75D430D6933; _EDGE_S=SID=255E067CEF716DEE293912FCEEDB6C9D
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=Vv3ssEzPFRKrc0gICriEsz3y5TPD1NzQklk1_9R_rI0; domain=.bing.com; expires=Mon, 09-Jun-2025 00:10:49 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6A2B3A843637412B9ADDB2E64FF072C5 Ref B: LON04EDGE1120 Ref C: 2024-05-15T00:10:49Z
        date: Wed, 15 May 2024 00:10:49 GMT
      • flag-be
        GET
        https://www.bing.com/aes/c.gif?RG=9c5694c4340e409a93e16b83bebe30b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110845Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
        Remote address:
        88.221.83.187:443
        Request
        GET /aes/c.gif?RG=9c5694c4340e409a93e16b83bebe30b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110845Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182 HTTP/2.0
        host: www.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1AC4F3DD42ED682336C2E75D430D6933
        Response
        HTTP/2.0 200
        cache-control: private,no-store
        pragma: no-cache
        vary: Origin
        p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 53D2E316F5A648A3A830D78C6807485C Ref B: DUS30EDGE0807 Ref C: 2024-05-15T00:10:49Z
        content-length: 0
        date: Wed, 15 May 2024 00:10:49 GMT
        set-cookie: _EDGE_S=SID=255E067CEF716DEE293912FCEEDB6C9D; path=/; httponly; domain=bing.com
        set-cookie: MUIDB=1AC4F3DD42ED682336C2E75D430D6933; path=/; httponly; expires=Mon, 09-Jun-2025 00:10:49 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.b753dd58.1715731849.940ce48
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-be
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        88.221.83.187:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        cookie: MUID=1AC4F3DD42ED682336C2E75D430D6933; _EDGE_S=SID=255E067CEF716DEE293912FCEEDB6C9D; MSPTC=Vv3ssEzPFRKrc0gICriEsz3y5TPD1NzQklk1_9R_rI0; MUIDB=1AC4F3DD42ED682336C2E75D430D6933
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Wed, 15 May 2024 00:10:50 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.b753dd58.1715731850.940d03d
      • flag-us
        DNS
        187.83.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        187.83.221.88.in-addr.arpa
        IN PTR
        Response
        187.83.221.88.in-addr.arpa
        IN PTR
        a88-221-83-187deploystaticakamaitechnologiescom
      • flag-us
        DNS
        76.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        76.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        19.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        213.143.182.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        213.143.182.52.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
        tls, http2
        2.5kB
         9.0kB
         20
        17

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rte7tRJWP5_kcTix3skHBzVUCUxGWq_LdXq0d8qL8Pgk9FJ_s4ntN6FRhL2efLLqeVqNjI-0Ca7fajorWoSdo44GIo5n4VBg2eBBUSBtSz_dfTVOU9Hj-iMw8pOa4WA0XXmTDF-yCSEGEydrtWFYYxOu8Ds3ORX5y0jUdMQ7vARNS_GI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D9c00cbc9cdc41d920d83adf290d9e109&TIME=20240508T110845Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

        HTTP Response

        204
      • 88.221.83.187:443
        https://www.bing.com/aes/c.gif?RG=9c5694c4340e409a93e16b83bebe30b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110845Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
        tls, http2
        1.4kB
         5.3kB
         16
        10

        HTTP Request

        GET https://www.bing.com/aes/c.gif?RG=9c5694c4340e409a93e16b83bebe30b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110845Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182

        HTTP Response

        200
      • 88.221.83.187:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.6kB
         6.4kB
         17
        12

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 52.111.229.43:443
        322 B
         7
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        187.83.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        187.83.221.88.in-addr.arpa

      • 8.8.8.8:53
        76.32.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        76.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        50.23.12.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        50.23.12.20.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        19.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        19.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        213.143.182.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        213.143.182.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.