Overview

overview

3

Static

static

3

36c44833f2...cs.exe

windows7-x64

1

36c44833f2...cs.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/06/2024, 02:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36c44833f211bcafa5060085a25a9900_NeikiAnalytics.exe

  • Size

    30KB

  • MD5

    36c44833f211bcafa5060085a25a9900

  • SHA1

    fe1fe3a6b6b8b413408253adcfcdf8f8e7b75dea

  • SHA256

    1112584969df2b5c73f0e76cb05295961521b029791398e827dcf3acc245cab6

  • SHA512

    4c25aed4228c24382b8f1c56532679a2ebfc8a2e18677f1583685382b50ecb9e75816f416518931cc910b0ce1e6075c126bdb2df79f292d818fd2f49e0952d6f

  • SSDEEP

    384:/YSzC1eTpVWnmRBWhGLaW397PXsF2U7JyfFN51LtHxeVhmy6X:/k1eDpJLZbXs0U7Jy9hZOwX

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\36c44833f211bcafa5060085a25a9900_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36c44833f211bcafa5060085a25a9900_NeikiAnalytics.exe"
    1⤵
      PID:2260

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=27C8C499AA776A4F336ED038ABCC6B1D; domain=.bing.com; expires=Sat, 12-Jul-2025 02:27:11 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 07ACE3F5E9F14AC1807DBFDE11058A5D Ref B: LON04EDGE0821 Ref C: 2024-06-17T02:27:11Z
      date: Mon, 17 Jun 2024 02:27:11 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=27C8C499AA776A4F336ED038ABCC6B1D; _EDGE_S=SID=13F51E6E4B5E65651C6B0ACF4A3264B2
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=Ne0z67qEtROaJa2wgSmfLfwjZZ_hpgdodeV7PQrWeTM; domain=.bing.com; expires=Sat, 12-Jul-2025 02:27:12 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8406661EF45143C7A219F1A7FEB71870 Ref B: LON04EDGE0821 Ref C: 2024-06-17T02:27:12Z
      date: Mon, 17 Jun 2024 02:27:11 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
      Remote address:
      23.62.61.97:443
      Request
      GET /aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=27C8C499AA776A4F336ED038ABCC6B1D
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 3CF949CAD1964A2C9D2A070627C57B42 Ref B: BRU30EDGE0606 Ref C: 2024-06-17T02:27:11Z
      content-length: 0
      date: Mon, 17 Jun 2024 02:27:11 GMT
      set-cookie: _EDGE_S=SID=13F51E6E4B5E65651C6B0ACF4A3264B2; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=27C8C499AA776A4F336ED038ABCC6B1D; path=/; httponly; expires=Sat, 12-Jul-2025 02:27:11 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5d3d3e17.1718591231.3e4fb8e
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      203.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.107.17.2.in-addr.arpa
      IN PTR
      Response
      203.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-203deploystaticakamaitechnologiescom
    • flag-us
      DNS
      97.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.61.62.23.in-addr.arpa
      IN PTR
      Response
      97.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-97deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
      tls, http2
      2.5kB
       9.0kB
       20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8H3L0elwrYt-hmFvnwk3XHjVUCUz0fWdQwqG9vx84VEiXN0hP2xiWsXs5y7AS-GDqCxAZcgcp20hejP4Lw3QiuLXhalsmVpM-ylvbpH0jV_fXgqnimylcec0CH6PeacljB9-qyk8K4c4Q9CukD9mAcYZPedv0Z1NqgFzcEPwhUKaI2GSL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmNvbGxlZ2Utc3R1ZGVudC1wcmljaW5nJTNmb2NpZCUzZGNtbWZ1NndpMTY0%26rlid%3D234491d9542f13b69fbdf7b1f5968a25&TIME=20240611T191329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

      HTTP Response

      204
    • 23.62.61.97:443
      https://www.bing.com/aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
      tls, http2
      1.5kB
       5.4kB
       17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=01781f19b8d74a728dacf52e7918d903&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191329Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      203.107.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      203.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      97.61.62.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      97.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.