Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5576b41ef9...cs.exe

windows7-x64

10

5576b41ef9...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 13:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5576b41ef97652d384a05521c3940630_NeikiAnalytics.exe

  • Size

    53KB

  • MD5

    5576b41ef97652d384a05521c3940630

  • SHA1

    b63da298a7ad201beaab8812f97cdc7e884af58d

  • SHA256

    3d1d844f18883245c98fbf9802762d9a3090912f774ba124b475c35edb46fba3

  • SHA512

    2b7926474877d3cd295c9df5b345bcb51ebd8e979fc224f2483b718217d16ee096b9095010d880b0ba89c93b0052b71ceae11c5be9e0607e28ec306fc5904b6c

  • SSDEEP

    1536:vNRg8r8QFghki7Kp3StjEMjmLM3ztDJWZsXy4JzxPME:VghkiJJjmLM3zRJWZsXy4Jt

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5576b41ef97652d384a05521c3940630_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5576b41ef97652d384a05521c3940630_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\vaeuf.exe
      "C:\Users\Admin\vaeuf.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4532

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0B2A3121B6146691306025AFB7AF67BD; domain=.bing.com; expires=Mon, 23-Jun-2025 13:17:40 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 08B2D5D515304212A26CB36504CB232F Ref B: LON04EDGE0817 Ref C: 2024-05-29T13:17:40Z
    date: Wed, 29 May 2024 13:17:39 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0B2A3121B6146691306025AFB7AF67BD; _EDGE_S=SID=0216A1A018B86EC6144FB52E19C16F2F
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=OzzxlxU_mxfqHmBbzZ-SJ1NvwV0ooFT7huwwOIFOPXw; domain=.bing.com; expires=Mon, 23-Jun-2025 13:17:40 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8EFA167C8B61435F87F0E9C4CD0E041B Ref B: LON04EDGE0817 Ref C: 2024-05-29T13:17:40Z
    date: Wed, 29 May 2024 13:17:40 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
    Remote address:
    23.62.61.104:443
    Request
    GET /aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0B2A3121B6146691306025AFB7AF67BD
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2C8967377F334241847B9EC75199BF7B Ref B: LON212050706009 Ref C: 2024-05-29T13:17:40Z
    content-length: 0
    date: Wed, 29 May 2024 13:17:40 GMT
    set-cookie: _EDGE_S=SID=0216A1A018B86EC6144FB52E19C16F2F; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=0B2A3121B6146691306025AFB7AF67BD; path=/; httponly; expires=Mon, 23-Jun-2025 13:17:40 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.ad3d3e17.1716988660.64b1a90
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    144.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    144.107.17.2.in-addr.arpa
    IN PTR
    Response
    144.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-144deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.61.62.23.in-addr.arpa
    IN PTR
    Response
    104.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-104deploystaticakamaitechnologiescom
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.104:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=0B2A3121B6146691306025AFB7AF67BD; _EDGE_S=SID=0216A1A018B86EC6144FB52E19C16F2F; MSPTC=OzzxlxU_mxfqHmBbzZ-SJ1NvwV0ooFT7huwwOIFOPXw; MUIDB=0B2A3121B6146691306025AFB7AF67BD
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Wed, 29 May 2024 13:17:42 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.563d3e17.1716988662.248ce13
  • flag-us
    DNS
    ns2.thepicturehut.net
    5576b41ef97652d384a05521c3940630_NeikiAnalytics.exe
    Remote address:
    8.8.8.8:53
    Request
    ns2.thepicturehut.net
    IN A
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 430689
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A7B0FACBAE7C490C84C63C91B8FE1ADC Ref B: LON04EDGE0614 Ref C: 2024-05-29T13:19:19Z
    date: Wed, 29 May 2024 13:19:19 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 415458
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0E81B2C51B664383AFCE2B9EF2712AC8 Ref B: LON04EDGE0614 Ref C: 2024-05-29T13:19:19Z
    date: Wed, 29 May 2024 13:19:19 GMT
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
    tls, http2
    2.5kB
     9.0kB
     20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

    HTTP Response

    204
  • 23.62.61.104:443
    https://www.bing.com/aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
    tls, http2
    1.4kB
     5.4kB
     16
    12

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981

    HTTP Response

    200
  • 23.62.61.104:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
     6.3kB
     16
    11

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    31.9kB
     883.1kB
     647
    645

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    144.107.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    144.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    104.61.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    104.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    ns2.thepicturehut.net
    dns
    5576b41ef97652d384a05521c3940630_NeikiAnalytics.exe
    67 B
     140 B
     1
    1

    DNS Request

    ns2.thepicturehut.net

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vaeuf.exe
    Filesize

    53KB

    MD5

    3b8ec4e9bc5d94f799113f7e54ae99f5

    SHA1

    3018636707e4e5f70c016e131551afd18cdbcdb4

    SHA256

    3111f139e83ba8d045133fad2c77db3138c08eefbde842a5f9feec19cb086ea7

    SHA512

    6c36478086ea53dcbc87ffef372d34412f08bc92bdb2bc823b834ef4f274f4229d2ac38e8aa435bdc0271a2f8618b3047810f5a811722d29b19ce445aa33cb48

    Download Submit

  • memory/3152-0-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4532-33-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.