Analysis Overview
SHA256
a51667fcf9ac9bc47c41f9c99a314a2c666a6006f30188baec64de6e5d33809f
Threat Level: Known bad
The file 1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-06 22:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-06 22:07
Reported
2024-05-06 22:10
Platform
win7-20240221-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2100 wrote to memory of 2904 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2100 wrote to memory of 2904 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2100 wrote to memory of 2904 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2100 wrote to memory of 2904 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 24.8.94.121:1034 | tcp | |
| US | 198.7.243.100:1034 | tcp | |
| US | 16.91.198.235:1034 | tcp | |
| N/A | 10.0.0.152:1034 | tcp | |
| N/A | 192.168.1.113:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.6:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 16.91.198.235:1034 | tcp | |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 16.115.193.27:1034 | tcp | |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| IN | 4.240.78.157:1034 | tcp |
Files
memory/2100-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2904-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-10-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-9-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2904-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-41-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-45-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | a9118ec68fce0b680d7ac021c74ca3d4 |
| SHA1 | 02c39110351a8087e64642fdef6a2f14f359cdfa |
| SHA256 | b5382b8087d547458c43adeb10c78a0ad2b2d07a9b175f0fcebdd68c8b10da99 |
| SHA512 | 43c9072a1a78449be28a5a5859de955962f4b39a6f0372e1a09426459751df5424a097200331aefc1d517e05c6c8e5856c386af5ee9888cd19fd880f3c2628ad |
C:\Users\Admin\AppData\Local\Temp\tmp7F8C.tmp
| MD5 | 001d66b7ec8e63e4f26d3949463cd774 |
| SHA1 | ec4de272b8960eeed395f5ddfa4fd057e8f9386b |
| SHA256 | 23928392c27d770ece57eee1506b490baeb26a45455f8d4112f298444192628b |
| SHA512 | b513a298fd61df06816578c71a131b38c3fafc27d0d59886c92be4a06543732d0e959aeb26b8079f63fd4f5118d298e357916eb43ff9b2724bf3cb2296fa25fd |
memory/2904-60-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-63-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-67-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-68-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2904-72-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-06 22:07
Reported
2024-05-06 22:10
Platform
win10v2004-20240419-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3408 wrote to memory of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3408 wrote to memory of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3408 wrote to memory of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1e84f9bcc1faf2e8b4c9638add720008_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 24.8.94.121:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 198.7.243.100:1034 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.121.18.2.in-addr.arpa | udp |
| US | 16.91.198.235:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 209.85.203.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.42.9:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| IE | 209.85.203.27:25 | aspmx.l.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| N/A | 10.0.0.152:1034 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.27.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt3.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 192.168.1.113:1034 | tcp | |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.11.4:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| FI | 142.250.150.26:25 | alt4.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 16.91.198.235:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.250.27.26:25 | aspmx2.googlemail.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.223.2:25 | outlook.com | tcp |
| IE | 209.85.203.27:25 | aspmx.l.google.com | tcp |
| NL | 142.250.27.26:25 | aspmx2.googlemail.com | tcp |
| US | 16.115.193.27:1034 | tcp | |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| NL | 142.250.153.27:25 | aspmx3.googlemail.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mail.cs.stanford.edu | udp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 171.64.64.160:25 | mail.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | smtp.burtleburtle.net | udp |
| US | 65.254.250.102:25 | smtp.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx.outlook.com | udp |
| US | 8.8.8.8:53 | mail.outlook.com | udp |
| US | 8.8.8.8:53 | smtp.outlook.com | udp |
| GB | 40.99.202.114:25 | smtp.outlook.com | tcp |
| NL | 142.251.9.26:25 | alt3.aspmx.l.google.com | tcp |
| NL | 142.250.153.27:25 | aspmx3.googlemail.com | tcp |
| IN | 4.240.78.157:1034 | tcp |
Files
memory/3408-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/3920-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3920-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-22-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | da30aa29ca9226eed7e4846460a1f394 |
| SHA1 | 9b24ee7ad32920f1f341a0b0d368ac21f9d41b7a |
| SHA256 | db4c25c083944c77c6b75c3bee97b039b1cf234c577ec8bdaad14f2711d14e33 |
| SHA512 | b71611beff1392c2752107f20f9ec53879bb5dd5ff6a67447469eb14c5624d9a958ee071efd4892761c185c4d72156ae76840c342aefdd2b482c312199976e11 |
C:\Users\Admin\AppData\Local\Temp\tmp2865.tmp
| MD5 | 448d8063c6c9c3ce2fb1da97286d7185 |
| SHA1 | 8707e670c18ea682912ae915cc90b65658b1c2c1 |
| SHA256 | 6c8545ef2fc11cc9373cdf282286fc12f660c79c40a1fc60bd3e598788d43b9c |
| SHA512 | 8917fc9f23a6c1765534dbb55f3722cd3eab7df4c9539fa1c7a71cbadaa6c6a9c9848ec88bee0e1fb50a105fd42c615f2ab562b4546aa79b26db0afc7fa0cf8f |
memory/3920-101-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W1O6EZKR\LM5KGWSE.htm
| MD5 | 63fdb7ce175a3e1d6aa6bd5b7ef0dfa8 |
| SHA1 | d5ceb894dc65e787a94b20106fe1a858fcdf351b |
| SHA256 | 39c1d0ec945d0e42b93e70ff973eed565a7245ffcad8896faf13415adf4404bd |
| SHA512 | aad3f59908ec0ff50f98f4aa70f137d368a18a1d6bfc939c0867497e69faac70d8fa94fa121f2c9012c721a2f2aa21fe2d6dd538276b38bae6e54624db19323b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3X7K2ORY\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W1O6EZKR\search[6].htm
| MD5 | 685aaf80d05ee873ab020d9097934ca8 |
| SHA1 | 377437c235f4982f1ab0f69333d2a27deddeb9a3 |
| SHA256 | f459b67232d594cea33125f6738056225cdc3bbf1fe036cb82c5265f8cc2c915 |
| SHA512 | 4c340655cd722bc90fc0154869ea5e98130a4a1bf867a1abdf65b90f3ce1cad3af97552a992613fd1e5f6c2a79cc2ce65bb763536c75d511ed456b155a4dd959 |
memory/3920-219-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-220-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-224-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-228-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | e9b83582d4ba0d9d5c9f5a3194c3df7e |
| SHA1 | 0e8fa6e7269f6d761a504b023ba9f1a8ca954e1f |
| SHA256 | a80192f79cc528d3f337cd9e23f924e2e27d1b8ecbb2b573a6fa99a6914fb432 |
| SHA512 | 91bf8d9bde4ab46ad06577aa5a38d44ecfa614f707d68161df407cc5a8738342de10ed124f7aac6d559c057d6315fe11ab852e12ee9235f12ffc36b934b59742 |
memory/3920-246-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-249-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | c6fc5db5a55e60fcb177fb45716aa765 |
| SHA1 | 295c6f4267a6619f45d9db3215869fe1d0d94e42 |
| SHA256 | 8ff450da55c448f7efa84ba132050051a0fafc0e20a961e10df6c651499439f9 |
| SHA512 | 8aaac3c7554992ea0f3e206ff1c5bc9b37fe9b10304d7220e96f0155e118ab58516e19bd935e5ee09e828c417fc102b396f9377012e375c4423fe4f08fbd7368 |
memory/3920-261-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-262-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3920-266-0x0000000000400000-0x0000000000408000-memory.dmp