0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 23:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
Size

83KB
MD5

be88b472f52346a5039aac09264c8690
SHA1

a579a91378c7bee82b3c81a9b709371e48fb3fc3
SHA256

0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382
SHA512

f1dc657d93788d8ff5b4e0561421b50ac01c3816c06af60c851b3c6b65bce0529e057f1ac4dcaf29a2bc57de098094a4fa5a38d6afcc1d3072aaf128e8a0f7e5
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUp:69WpQE0zUp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4851) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1520

Network

DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0967D69B632461F2370BC236629F6011; domain=.bing.com; expires=Thu, 24-Jul-2025 23:09:16 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 67DF29864A0444479DC756B82749A16C Ref B: LON04EDGE0810 Ref C: 2024-06-29T23:09:16Z
date: Sat, 29 Jun 2024 23:09:16 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0967D69B632461F2370BC236629F6011; _EDGE_S=SID=23F2749C306D6E3133F1603131656F0E

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=MYIV728V67soXnMCuktMDjhmt6A9UgAhZwD75b-bLr8; domain=.bing.com; expires=Thu, 24-Jul-2025 23:09:17 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C941B54F36254A92B7CED1B9B1E16717 Ref B: LON04EDGE0810 Ref C: 2024-06-29T23:09:17Z
date: Sat, 29 Jun 2024 23:09:16 GMT
GET

https://www.bing.com/aes/c.gif?RG=eb03d21372224c33b72f778f8fb76479&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195752Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=eb03d21372224c33b72f778f8fb76479&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195752Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0967D69B632461F2370BC236629F6011

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B22C09F5B6AA471296D6895318B0F8FE Ref B: AMS04EDGE3111 Ref C: 2024-06-29T23:09:17Z
content-length: 0
date: Sat, 29 Jun 2024 23:09:17 GMT
set-cookie: _EDGE_S=SID=23F2749C306D6E3133F1603131656F0E; path=/; httponly; domain=bing.com
set-cookie: MUIDB=0967D69B632461F2370BC236629F6011; path=/; httponly; expires=Thu, 24-Jul-2025 23:09:17 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1719702556.8f03857
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

203.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.107.17.2.in-addr.arpa

IN PTR

Response

203.107.17.2.in-addr.arpa

IN PTR

a2-17-107-203deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 835660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ECDACD2244F947E5AFE5E05F4186CCB7 Ref B: LON04EDGE1105 Ref C: 2024-06-29T23:10:56Z
date: Sat, 29 Jun 2024 23:10:55 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 770657
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FBF93F8C2CD14097A7B1A427B9670CCD Ref B: LON04EDGE1105 Ref C: 2024-06-29T23:10:56Z
date: Sat, 29 Jun 2024 23:10:55 GMT
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response

204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

tls, http2

2.5kB
9.1kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JHhVI_FuQ2Qoguz83nWgmjVUCUx3Hy7t1PHhQocH_h-LIQMBJPh-CfuMM2SMUDgUIJbQXSt-uOSreE6Kz7qd4lOSmIcHWbD_gTiZPHX8m1rM1cbmAjlViASP3ZwLjbsQw5wDae6iZpG5u-wx7vjcVmA6kAWfOK74_fKVzO3CKjp2f8NA%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D071a644d0e471babab4b0225a2463124&TIME=20240611T195752Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=eb03d21372224c33b72f778f8fb76479&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195752Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

tls, http2

1.4kB
5.4kB
16
14

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=eb03d21372224c33b72f778f8fb76479&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195752Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

56.5kB
1.7MB
1209
1206

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

203.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

203.107.17.2.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
84KB

MD5
56c80d0f53601de288461ea7d3ec5474

SHA1
8ef16b0f987d85ace4ef64e5930850782417851a

SHA256
5d94797f36f8fc554e6dea407a464180c7cb301460d2a6b1261b8a4935cbcd7b

SHA512
8a0a645eb1f0a5a39c787b27cfb288e470d27d3e732378d7336cfa2b240db8337acf84387b9d3aa8438ab3526e5d78adb5421e5ee0f2dbf103f8bec4081a89b5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
e1b8e63f9ed61c8f23708be473e960c4

SHA1
6845756950c50bff771f3c378b6b76d50d26ca69

SHA256
6a5ca058a3113bf37437a65d22da81ab45abd11270d09ea062e6e5e5bc001e77

SHA512
22dadf312c2aaf35ccde3b61eb5851e422eb41e695de72bc4e78fa100c8d43526a742c38ab304a80a79164ef9d66a3507515c97d0e083daca8abfd14961cf590

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.