Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

22664e8a1f...cs.exe

windows7-x64

7

22664e8a1f...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 05:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe

  • Size

    83KB

  • MD5

    22664e8a1f93720d0dc8710563118d20

  • SHA1

    97c274eaef7103bc06386e390ed12172c45574ae

  • SHA256

    ba5e0b84c04ce7a63afdbfd25103fd787541496f22b988356524e965e45659ec

  • SHA512

    3454cdf8f3fdcc1452b0f897a6416fce127d7d3e0a988f65609b867bbe3638fe4b1bfcdbc0068c87d9f107c9f08c7143ebbe2385ba21d588e9ab8c3f23b47433

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+xK:LJ0TAz6Mte4A+aaZx8EnCGVux

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe"
    1⤵
      PID:224

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3BC0EBDB42B96127251BFF5C439E6026; domain=.bing.com; expires=Mon, 16-Jun-2025 05:52:34 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9ABED8B047894C44A99E146379E0E0E2 Ref B: LON04EDGE0712 Ref C: 2024-05-22T05:52:34Z
      date: Wed, 22 May 2024 05:52:33 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3BC0EBDB42B96127251BFF5C439E6026; _EDGE_S=SID=3D3063E3F1AE60CF05627764F0E6613F
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=2j31yh_klezPfnCwWwldIrBNOKJoJL1lum5PzFph3e0; domain=.bing.com; expires=Mon, 16-Jun-2025 05:52:35 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2D88C98244454B8B9C55F2917E60DEF5 Ref B: LON04EDGE0712 Ref C: 2024-05-22T05:52:35Z
      date: Wed, 22 May 2024 05:52:34 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=38ccf3c3534247f1bc41d63a16b4717e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134647Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
      Remote address:
      23.62.61.97:443
      Request
      GET /aes/c.gif?RG=38ccf3c3534247f1bc41d63a16b4717e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134647Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3BC0EBDB42B96127251BFF5C439E6026
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1609B08AF38E4AD3BE9E360EB32F2BFE Ref B: BRU30EDGE0911 Ref C: 2024-05-22T05:52:35Z
      content-length: 0
      date: Wed, 22 May 2024 05:52:35 GMT
      set-cookie: _EDGE_S=SID=3D3063E3F1AE60CF05627764F0E6613F; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=3BC0EBDB42B96127251BFF5C439E6026; path=/; httponly; expires=Mon, 16-Jun-2025 05:52:35 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5d3d3e17.1716357155.66e77f7
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      91.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.90.14.23.in-addr.arpa
      IN PTR
      Response
      91.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-91deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.61.62.23.in-addr.arpa
      IN PTR
      Response
      97.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-97deploystaticakamaitechnologiescom
    • flag-us
      DNS
      69.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      69.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.97:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=3BC0EBDB42B96127251BFF5C439E6026; _EDGE_S=SID=3D3063E3F1AE60CF05627764F0E6613F; MSPTC=2j31yh_klezPfnCwWwldIrBNOKJoJL1lum5PzFph3e0; MUIDB=3BC0EBDB42B96127251BFF5C439E6026
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Wed, 22 May 2024 05:52:36 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5d3d3e17.1716357156.66e7be9
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.142.211.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.142.211.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      wecan.hasthe.technology
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      Remote address:
      8.8.8.8:53
      Request
      wecan.hasthe.technology
      IN A
      Response
      wecan.hasthe.technology
      IN A
      104.21.59.199
      wecan.hasthe.technology
      IN A
      172.67.183.40
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      Remote address:
      104.21.59.199:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------eb1d66a907f4564a
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 22 May 2024 05:53:03 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 22 May 2024 06:53:03 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJ2fnm6ZZkvdv608vaajkCSyGbKWpdJOLpFMESNACmjbb5XVyE2i5tbuc61Ct%2Bdf0gJt9VBi%2BgjtnXh1Cv2%2BoRYXNc5bBlt%2BX1sMS4P0Kd%2FmozjvQnrwrymSfQkjh8f7BWSs5QRyhip4%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 887a8b2f89d563de-LHR
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      199.59.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      199.59.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      Remote address:
      104.21.59.199:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------f763e9562192b16a
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 22 May 2024 05:53:34 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 22 May 2024 06:53:34 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yKVErHmzGkOmoa8QITIh1DhhyP93gpC3JaFgLGet5YpeKacoXabq7tB44QIM%2F1xpNjXp%2B3oohjdRQ9QC5W5hgCNdAZedUzB11F9uII%2FEv5U5xCNAJS0VnSdV9a9m%2B2iKYugUCDmOOZxLjg%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 887a8bebaeff63f7-LHR
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      Remote address:
      104.21.59.199:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------1c196bffaf6052f9
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 22 May 2024 05:54:04 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 22 May 2024 06:54:04 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qbjtMNYwx6s45yd2HTJEdMkx4cR6FW7oOXpuFTgmCanbjXezL4X9HmqUAZFmdTLZGG9IZ1GOFoj15S3LEk9povcxnYvSPL%2F5imEAo22Yk0Ef6dLTHUhxXPpDT82QrxLYPWw1Iml5jKljFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 887a8ca7fedd63e2-LHR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 555746
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1199B125E49243729428AFDCA5AEF460 Ref B: LON04EDGE0818 Ref C: 2024-05-22T05:54:14Z
      date: Wed, 22 May 2024 05:54:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 638730
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 74BB105D11F04699BED5D150CC6F6E57 Ref B: LON04EDGE0818 Ref C: 2024-05-22T05:54:14Z
      date: Wed, 22 May 2024 05:54:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659775
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E06F3A1349A64BA3BAA0A7AA720F535D Ref B: LON04EDGE0818 Ref C: 2024-05-22T05:54:14Z
      date: Wed, 22 May 2024 05:54:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 621794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CAC4197115354C148901416FC6727E4A Ref B: LON04EDGE0818 Ref C: 2024-05-22T05:54:14Z
      date: Wed, 22 May 2024 05:54:13 GMT
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      Remote address:
      104.21.59.199:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------a6bf5037c4deca84
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Wed, 22 May 2024 05:54:34 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 22 May 2024 06:54:34 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pwn%2Bwi9lkZ9uyjtqZbMJcr0eYAawlZMf6%2By0mzOv9Vk6Ql%2BPr%2BhocXT%2F2nib8s7uNeAAiaAIpfrvRltD7ljockg6MpWKgC%2BWop1tvDlsjw9oa6LpvXknquA7ZFWrEqhtEGhdRNA7RnQyAA%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 887a8d64380b9402-LHR
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
      tls, http2
      2.5kB
       9.0kB
       20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De80ydgclGCA02PaeRDLid-xDVUCUyZO_GkXx3JUma5QKTDzpGGaEpuJMn7jYk-aMoqP9jEZZIMpOU94w297qd5EOBpXhLz6Vk_SvqZt3FZZSYEpXVBxwuQjUi6mY_0YZ57sK5PUSkyBWrHs3rTX_xINCQWHzS2bRU0yPdIYgTvSiwYCcwI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D8be18068810d1e9e1426e64331032712&TIME=20240426T134647Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

      HTTP Response

      204
    • 23.62.61.97:443
      https://www.bing.com/aes/c.gif?RG=38ccf3c3534247f1bc41d63a16b4717e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134647Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
      tls, http2
      1.5kB
       5.4kB
       17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=38ccf3c3534247f1bc41d63a16b4717e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134647Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

      HTTP Response

      200
    • 23.62.61.97:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.6kB
       6.4kB
       17
      12

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 104.21.59.199:80
      http://wecan.hasthe.technology/upload
      http
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      14.6kB
       1.5kB
       15
      15

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 104.21.59.199:80
      http://wecan.hasthe.technology/upload
      http
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      14.6kB
       1.5kB
       15
      17

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 104.21.59.199:80
      http://wecan.hasthe.technology/upload
      http
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      14.6kB
       1.5kB
       15
      16

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      87.0kB
       2.6MB
       1867
      1864

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 104.21.59.199:80
      http://wecan.hasthe.technology/upload
      http
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      14.6kB
       1.5kB
       15
      16

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      91.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      91.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      97.61.62.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      97.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      69.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      69.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      205.47.74.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      205.47.74.20.in-addr.arpa

    • 8.8.8.8:53
      183.142.211.20.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      183.142.211.20.in-addr.arpa

    • 8.8.8.8:53
      wecan.hasthe.technology
      dns
      22664e8a1f93720d0dc8710563118d20_NeikiAnalytics.exe
      69 B
       101 B
       1
      1

      DNS Request

      wecan.hasthe.technology

      DNS Response

      104.21.59.199
      172.67.183.40

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      199.59.21.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      199.59.21.104.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\rifaien2-4gcBz65WYbNsvjKF.exe
      Filesize

      83KB

      MD5

      195ea36c9d963eddc69092069304c1b4

      SHA1

      8a545868a4ff153cc8a9ea3f03c040514645a127

      SHA256

      40453c9e1e6ad08e0238f167855ab2c8a77ef2bcff07e0be83056278a3178c16

      SHA512

      d82fde81eeb87c92b697026d30699cf9bc1c7660c094d08e46c3bae58efbaa58dcaadd055de7846e41c083477823164069215c25958c28ff3d654355c9d84a24

      Download Submit

    • memory/224-0-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/224-1-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/224-7-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/224-14-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/224-21-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/224-28-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.