Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

24420dcbd1...cs.exe

windows7-x64

1

24420dcbd1...cs.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 19:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24420dcbd1e4da1879e6536204f46440_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    24420dcbd1e4da1879e6536204f46440

  • SHA1

    a7bfd3663f59e25562991b4e8ce5123a7396b359

  • SHA256

    314cc8e0d6f5055b75c599794baed7887860780eb8d5af5b0d4a2151ec39b70e

  • SHA512

    3abb66ef9ac420986cbbfadb89c9694271a7c6d2f52bb3ffc78e57ad6bc59d1d237bcd4c50de588a980d7fce53575348eb7c67e8983e2ed7d8252b519fa0e912

  • SSDEEP

    384:th+jqvqUbUlM7GNwxdA51umlHmzTGf8VK:t4+vP82ApQzTGfM

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24420dcbd1e4da1879e6536204f46440_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\24420dcbd1e4da1879e6536204f46440_NeikiAnalytics.exe"
    1⤵
      PID:2432
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        2⤵
        • Program crash
        PID:2632
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2432 -ip 2432
      1⤵
        PID:4360

      Network

      • flag-us
        DNS
        196.131.50.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        196.131.50.23.in-addr.arpa
        IN PTR
        Response
        196.131.50.23.in-addr.arpa
        IN PTR
        a23-50-131-196deploystaticakamaitechnologiescom
      • flag-us
        DNS
        13.86.106.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.86.106.20.in-addr.arpa
        IN PTR
        Response
      • flag-nl
        GET
        https://www.bing.com/th?id=OADD2.10239373720215_1RHWT2NN92K0QRRNR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        23.62.61.96:443
        Request
        GET /th?id=OADD2.10239373720215_1RHWT2NN92K0QRRNR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1548
        date: Thu, 16 May 2024 19:59:45 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.5c3d3e17.1715889585.117a448
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        71.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        71.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        96.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        96.61.62.23.in-addr.arpa
        IN PTR
        Response
        96.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-96deploystaticakamaitechnologiescom
      • flag-us
        DNS
        nexusrules.officeapps.live.com
        Remote address:
        8.8.8.8:53
        Request
        nexusrules.officeapps.live.com
        IN A
        Response
        nexusrules.officeapps.live.com
        IN CNAME
        prod.nexusrules.live.com.akadns.net
        prod.nexusrules.live.com.akadns.net
        IN A
        52.111.229.48
      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        48.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        48.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        48.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        48.229.111.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 792794
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0D5B92E85C9B4DA7AB4B4090C964027C Ref B: LON04EDGE0612 Ref C: 2024-05-16T20:01:23Z
        date: Thu, 16 May 2024 20:01:22 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 627437
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: CD404EC6531342DFA1A348627F0313D6 Ref B: LON04EDGE0612 Ref C: 2024-05-16T20:01:23Z
        date: Thu, 16 May 2024 20:01:22 GMT
      • flag-us
        DNS
        138.201.86.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.201.86.20.in-addr.arpa
        IN PTR
        Response
      • 23.62.61.96:443
        https://www.bing.com/th?id=OADD2.10239373720215_1RHWT2NN92K0QRRNR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.5kB
         6.8kB
         17
        12

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239373720215_1RHWT2NN92K0QRRNR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        tls, http2
        50.3kB
         1.5MB
         1075
        1072

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         16
        14
      • 8.8.8.8:53
        196.131.50.23.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        196.131.50.23.in-addr.arpa

      • 8.8.8.8:53
        13.86.106.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        13.86.106.20.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        71.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        71.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        96.61.62.23.in-addr.arpa
        dns
        146 B
         274 B
         2
        2

        DNS Request

        96.61.62.23.in-addr.arpa

        DNS Request

        nexusrules.officeapps.live.com

        DNS Response

        52.111.229.48

      • 8.8.8.8:53
        241.150.49.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        241.150.49.20.in-addr.arpa

        DNS Request

        241.150.49.20.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        48.229.111.52.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        48.229.111.52.in-addr.arpa

        DNS Request

        48.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        138.201.86.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        138.201.86.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.