Analysis Overview
SHA256
135fbddd7675f3affc55e4261798f700c9775d668bf8016ef4177d4d768641b5
Threat Level: Known bad
The file 1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 08:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 08:09
Reported
2024-05-07 08:11
Platform
win7-20240215-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2200 wrote to memory of 2016 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2200 wrote to memory of 2016 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2200 wrote to memory of 2016 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2200 wrote to memory of 2016 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.19.4.20:1034 | tcp | |
| N/A | 192.168.1.25:1034 | tcp | |
| IN | 115.242.106.67:1034 | tcp | |
| US | 16.49.13.204:1034 | tcp | |
| N/A | 192.168.1.9:1034 | tcp | |
| IN | 115.248.246.211:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.3:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IN | 4.240.75.254:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| IE | 159.134.164.195:1034 | tcp |
Files
memory/2200-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2200-4-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-9-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-11-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2016-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2200-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-53-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 603ca71b3d4cf6dfa24dfd35cf960962 |
| SHA1 | 6e1cc3e8d89652fa61c03aacad4ef36becaac67f |
| SHA256 | bedf99782e120a0ad1e619c84c413b464f35d046a193e15e16a5bb63ebcef426 |
| SHA512 | f69c42da8a075405fb68e83c634747ed61020393b9c404b7cf4d026ec81f76308a224419f7fafc922545a8a8f9fb943eabed05d02f6ab122070db6a36c561e9b |
C:\Users\Admin\AppData\Local\Temp\tmpF3D3.tmp
| MD5 | 423787b1c060c53b13a7f05bf755fbf2 |
| SHA1 | cea9e4bc9779eaa56f55db8fda80191c38afbac1 |
| SHA256 | f1cb44f6a0fe7705bbff60bb21a673333cdf686ab699976d3917ea7f91d46c2e |
| SHA512 | 713bfc43b8a0ea1c7b14087d2e5a42ad0d3ac547f114e0e0aa9a18ffac88e058a863c16b4893c3881400955665348c10dd3ec3b43bc617e2e135a6b8b57c3b5b |
memory/2016-71-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2016-74-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-07 08:09
Reported
2024-05-07 08:11
Platform
win10v2004-20240419-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2440 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2440 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2440 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1ffcb501c032d58702e7f5cf964913ac_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.19.4.20:1034 | tcp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 192.168.1.25:1034 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| IN | 115.242.106.67:1034 | tcp | |
| US | 16.49.13.204:1034 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| N/A | 192.168.1.9:1034 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| IN | 115.248.246.211:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| IE | 74.125.193.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.10.2:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.81.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | snai1mai1.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | snai1mai1.com | udp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IN | 4.240.75.254:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.27.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IE | 159.134.164.195:1034 | tcp | |
| US | 171.64.64.64:25 | tcp |
Files
memory/2440-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2744-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2744-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-44-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 679d964a0e634a2c2183964400e8f717 |
| SHA1 | 0afa9970448acbc99b5fb53f5d10b1b66d972f60 |
| SHA256 | afe6579a9d042a3a2e1cd4e7766e60138609dd5d31d7694213e69ad0f3594205 |
| SHA512 | 75b5b5aaee1a7bb9fe3bcb670140d79f9f3c7118246483fba8198c6635818e63a47f9a1e320488fe96f07cd0f10a664bac047ee38f3c0d2261188e5820b23968 |
C:\Users\Admin\AppData\Local\Temp\tmp7B9.tmp
| MD5 | cdf9e5206a2efa3ba90d7765c07ba192 |
| SHA1 | a22afc57f95392e27482edfe1709c1a74e96ca95 |
| SHA256 | 34b11f84603b7232301e26a94333dacc5773ca414fcd47ee3d7d0fa745fc3ae1 |
| SHA512 | 9f47d1ac0ec6a50c05a94d8982b42d8d9a30a9017ce40776a9a1360ff4ca3d5ea38518adf4ea5396aca05e281cc03fbc18e089bc3e33d2b79c8f0ba1f5b232ec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LYH0CKVD\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQH3BVSD\search[4].htm
| MD5 | 8ac2985620720c55214622eef241e74a |
| SHA1 | 2a7629d70966694a81c25870b2e9a6d3325edc00 |
| SHA256 | 9d2cf46322f49b16a02a9b74063c9b3380af46414f77a37509646bed57bbd109 |
| SHA512 | 6f1dd013eabe6d1d0dea3b60a31b5dd16541eec46b286c6cfe75e669f7941bd27bc21e053f9887bd86da859296b7e32cf328b482dc5da4f510abd870c7646c83 |
memory/2744-159-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PQX1KJ9K\S4MDM1JT.htm
| MD5 | adfd31ffbc5a24ac59258f712e55a55d |
| SHA1 | ac20290ecb50fe9ae9dd78df0a2a12d6d049d86c |
| SHA256 | 4d0d6ec764e7f771b9f9e4a022f4cc909fd2657bae4a2c61bc1619e6198ed961 |
| SHA512 | 6015329fc750cd83bc704448c7e541ff8ce94954588fa3729b923c9b291bfa943ebc28df04222e71ec3f8f87848e807168cd8cc900877fff874af11918896569 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5ACXXH1H\search[4].htm
| MD5 | 46dadc9ccd611d6f22a4d2d494a7c1c1 |
| SHA1 | 133b85c482b37b91e1a1326d30be1493274bd9a0 |
| SHA256 | 5157886dda5078eed5d3385e6d0e4a3b4fb4394c2202321567980c23ceda5def |
| SHA512 | e95a0ded9cb1042239f86c4c8b77260ec6a9d9cb9f13766104afbf1f6eb473958d5210ff340f2623cf46210feb2fe79e471d31e783697a3808b610ed56a8ac36 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQH3BVSD\search[5].htm
| MD5 | d5dcdb151fe6a6ba6948e14e8a1e6842 |
| SHA1 | 6cda4d632fb5c1eb81c0ec451e08cc98739dc1b3 |
| SHA256 | 38689cc1cfcdf4d08eb904dd6869a5d8b74052c628c1c580b34c5cdbd2a28517 |
| SHA512 | 94d66bea39a1b1d9b87a073027861fb79f9318b156db14d65f67ee765c4efede1521115e972acd70945d122a25be865201f1b31fad5f68997ccbc92097027af7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PQX1KJ9K\search[2].htm
| MD5 | f4f9b931f284defab71f9930924df26e |
| SHA1 | aae666df58a14f665aec0e9bc1e1c4302ddf895b |
| SHA256 | 369080b6d703d5c136fd9d92ab6b6ba198d61c36a60977246187717c69566cba |
| SHA512 | d36f3ba4b1e4d88953f4d75e0f0df633e9a035dbd1fdd7301c0e0e3dbc790fffc4ccc3d1c05c969dc227ae0798cb1340831f1d4bfa8d7e9298c98297ccfac259 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | ee7c4bb2d40a95e2f5fa550173dec509 |
| SHA1 | 90378453393f879749ce42a1f0f84ff62cf09cc9 |
| SHA256 | 6d31e48369282f6857cdbf5a531692cf788e38624d697bddc463188dfa4e78a2 |
| SHA512 | 2bccb84243e57bb3cb731deb9156d07df340d510de54e78accda39d3031ef405f7da62e57dba634f6e4ab2b8efbd354a20c1ea2888da33f59b064c854e212851 |
memory/2744-294-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-297-0x0000000000400000-0x0000000000408000-memory.dmp