Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

f3617aa389...cs.exe

windows7-x64

1

f3617aa389...cs.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 16:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3617aa38933e7c087e0136a11646750_NeikiAnalytics.exe

  • Size

    14KB

  • MD5

    f3617aa38933e7c087e0136a11646750

  • SHA1

    4118769525417e0039df7e8ec9d6b5d3085a08b4

  • SHA256

    3709e827bcd283a7954c35193003f5d2f6eecf1b40b561d2060b690972d08e7b

  • SHA512

    23cf18cac9ba7e207241bd462d1806aaae404e375284f006988b4f960b154baaaba8b769703aa8f44741cbeba4289e285e1d9a7f9517193571f268143f3a16ff

  • SSDEEP

    192:oFvCFG67+/NzulBulBulBulBulqZw56foiBTIqDE045HQyQQQQ:oFI7UN6YYYYBAoiBTHDE045H

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3617aa38933e7c087e0136a11646750_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f3617aa38933e7c087e0136a11646750_NeikiAnalytics.exe"
    1⤵
      PID:1828
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 216
        2⤵
        • Program crash
        PID:4452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1828 -ip 1828
      1⤵
        PID:3400

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=3C86FE537C1C681E04BEEADB7DFC6901; domain=.bing.com; expires=Tue, 17-Jun-2025 16:55:47 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6E09845287E4462C8C2090C201143681 Ref B: LON04EDGE1106 Ref C: 2024-05-23T16:55:47Z
        date: Thu, 23 May 2024 16:55:46 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3C86FE537C1C681E04BEEADB7DFC6901
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=83kUlsVNL0f03StfqNARLIXOQtKJXh-AJmlvmQAZ9sI; domain=.bing.com; expires=Tue, 17-Jun-2025 16:55:47 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 718BD2ED463B4D1B908C48091940999D Ref B: LON04EDGE1106 Ref C: 2024-05-23T16:55:47Z
        date: Thu, 23 May 2024 16:55:46 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3C86FE537C1C681E04BEEADB7DFC6901; MSPTC=83kUlsVNL0f03StfqNARLIXOQtKJXh-AJmlvmQAZ9sI
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: FF4B854E8A99442A9C332BB32F14F860 Ref B: LON04EDGE1106 Ref C: 2024-05-23T16:55:47Z
        date: Thu, 23 May 2024 16:55:46 GMT
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        219.183.117.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        219.183.117.104.in-addr.arpa
        IN PTR
        Response
        219.183.117.104.in-addr.arpa
        IN PTR
        a104-117-183-219deploystaticakamaitechnologiescom
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        140.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        140.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.32.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-be
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        88.221.83.224:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        cookie: MUID=3C86FE537C1C681E04BEEADB7DFC6901; MSPTC=83kUlsVNL0f03StfqNARLIXOQtKJXh-AJmlvmQAZ9sI
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Thu, 23 May 2024 16:55:49 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.dc53dd58.1716483349.10c732d7
      • flag-us
        DNS
        224.83.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        224.83.221.88.in-addr.arpa
        IN PTR
        Response
        224.83.221.88.in-addr.arpa
        IN PTR
        a88-221-83-224deploystaticakamaitechnologiescom
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        138.107.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.107.17.2.in-addr.arpa
        IN PTR
        Response
        138.107.17.2.in-addr.arpa
        IN PTR
        a2-17-107-138deploystaticakamaitechnologiescom
      • flag-us
        DNS
        138.107.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.107.17.2.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        19.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 555746
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 79C9BB03AD4B452B9E3F5F508B445033 Ref B: LON04EDGE0707 Ref C: 2024-05-23T16:57:25Z
        date: Thu, 23 May 2024 16:57:25 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 638730
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 84A4A2FD12FC4EECAE03C3CEC2C8AA88 Ref B: LON04EDGE0707 Ref C: 2024-05-23T16:57:25Z
        date: Thu, 23 May 2024 16:57:25 GMT
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
        tls, http2
        2.0kB
         9.2kB
         22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=710199b0d5864912998164b53f4e8b7e&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=

        HTTP Response

        204
      • 88.221.83.224:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.5kB
         6.4kB
         16
        12

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 52.111.227.14:443
        322 B
         7
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.2kB
         17
        15
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        tls, http2
        43.1kB
         1.3MB
         916
        913

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        219.183.117.104.in-addr.arpa
        dns
        74 B
         141 B
         1
        1

        DNS Request

        219.183.117.104.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        140.32.126.40.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        140.32.126.40.in-addr.arpa

        DNS Request

        140.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        224.83.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        224.83.221.88.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        138.107.17.2.in-addr.arpa
        dns
        142 B
         135 B
         2
        1

        DNS Request

        138.107.17.2.in-addr.arpa

        DNS Request

        138.107.17.2.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        19.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        19.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
         173 B
         2
        1

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
         106 B
         1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1828-0-0x0000000000400000-0x000000000040A000-memory.dmp

        Filesize

        40KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.