Malware Analysis Report

2024-10-19 11:32

Sample ID 240527-xtg6kaee4y
Target 0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe
SHA256 cd0df7a520a86076261a8c1dd79576db6791eb9e1b0c8adca992dc52a70faee7
Tags
microsoft persistence phishing product:outlook upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cd0df7a520a86076261a8c1dd79576db6791eb9e1b0c8adca992dc52a70faee7

Threat Level: Known bad

The file 0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

microsoft persistence phishing product:outlook upx

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 19:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 19:08

Reported

2024-05-27 19:11

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 172.16.1.2:1034 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 192.168.2.17:1034 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
N/A 192.168.144.131:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 74.125.71.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 52.101.41.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 www.google.com udp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
N/A 10.91.78.131:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 52.101.41.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 acm.org udp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
N/A 172.16.1.3:1034 tcp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
NL 52.101.73.20:25 outlook-com.olc.protection.outlook.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
N/A 10.93.103.153:1034 tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 199.89.1.120:25 mail.mailroute.net tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
FR 216.58.215.36:80 www.google.com tcp
NL 142.250.153.27:25 aspmx2.googlemail.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 smtp.gzip.org udp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.222.194:25 outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
N/A 10.65.120.153:1034 tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 104.17.78.30:25 acm.org tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
NL 142.251.9.26:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
US 8.8.8.8:53 smtp.outlook.com udp
FR 216.58.215.36:80 www.google.com tcp
GB 52.98.145.82:25 smtp.outlook.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
N/A 10.87.149.58:1034 tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 tcp
FR 216.58.215.36:80 tcp
US 209.202.254.10:80 tcp
IE 212.82.100.137:80 tcp
US 209.202.254.10:443 tcp
US 209.202.254.10:443 tcp
IE 212.82.100.137:80 tcp
IE 212.82.100.137:443 tcp

Files

memory/2948-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/5092-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2948-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-14-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5092-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5092-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5092-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-30-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-31-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 67066f9d5dcdbfba570b36d7376edaa4
SHA1 c359c3eb4e42a54e74dccc6673a29f0a362e6803
SHA256 70aab7e2a7a774c6e72d13977328e819614850833d765bee6d2bd2816c94dd14
SHA512 4351a4c168d925a5fb5a4153cdc58174b8a1c4be38a6f7cfd0997ae072f7a380c72391fe7f7a07608b7f089a73795d52a9fcfa3aa700ea86c377d65be85ccc8a

C:\Users\Admin\AppData\Local\Temp\tmp2BFD.tmp

MD5 7a282396c7c2f40b3ded4a2eb5108a67
SHA1 2dee9512d50149b21a67b652a8c165d02becc427
SHA256 ee32cc55e633cf5ffdfada746c2c30e73bec35aeffec769464f0df855974f858
SHA512 4ae71f2d1778ac4a0cecd663df7cf697d3b6ab39231526d6db227010eb8937131be14d70aa53f771c782b8c3d3d93faaad3d00d0b5bbaa0957f80f3c910db364

memory/2948-86-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-87-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\P0ZN6D15.htm

MD5 94ddf7283fc1c58cd768d490f22baa96
SHA1 6abf1083c25c6a9453bf0b63d218d26d7eea7fec
SHA256 6d17964e69fa064d8e78b4ceef648154520039c564f5d39c66148006f8c89dc8
SHA512 b2bbd5491192d7857053d642b21bc2d0aba9be40308c470ae23f6a4f35b4e06f0872df4a11a7d366a255c71afd3a401bace6f3f726aeddd12b09678200d5a330

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search[3].htm

MD5 2e0a8ce9d6dd59bffca0abd3b00f4bf6
SHA1 b946786bfb31cdde8c1f60d9505c386170d5ebc6
SHA256 a333b65a5be28b7757fa57a964a551c8c925a9ad494430678fa3e7f61281137c
SHA512 aa65ed919dc961880b9972e71bf63a42bc15a56f926a0447c4c7f1401cae35729d24606ba818c6643df22ae167c49a8506cfcba091defc6ab0a5ff85314170a3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\results[3].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

memory/2948-240-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-241-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-277-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-278-0x0000000000400000-0x0000000000408000-memory.dmp

memory/5092-283-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2948-284-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-285-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 f5ca128b17e8d404992d2bee011c0600
SHA1 438796766b9eb26de1b0594ae2448d1a90aebb7c
SHA256 5558ac944113a3582d6bbd02633feca4bcb546b54b0b81b4b10cc29e14949aee
SHA512 b4510f1411dbd94424a83bf8bedbed40a48da2fd938ac43576156cf547fd8aad9433dd5a5c664be48cdc2aed4fcc02f6c9986b242b331b961c9428270a51198e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\search[8].htm

MD5 66dddc9928bc1a01d1fcf7fbe66eda29
SHA1 8d9b6d5924c8080b7d2e969765db9f1f105a6758
SHA256 e0a246ec37db6e1a964f18f6b81b1ae18061e14917893752d8b662632ddf0c34
SHA512 97d3ddf4912c7716969b2a0ba963c2e68d184b21ea18cc6a10a03d6855bc6dc065c26e19cf8126cf33c2e91fdde861905d84709d6831e41ff8ce6278c3defd57

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\search[2].htm

MD5 af74568671f8ebd0e8342790d2a8297d
SHA1 b582262bccd9712ca865b5602011d9eca50d09e0
SHA256 cb3a03bdca2b8f93f861095053ff88fe79a71f1782a7e40241e6440c3881307d
SHA512 4de09d06d9d92db380dc8d18de0ff12ad44d24b0a0b8b715de39967e9ce23d9d7b304e90c807ebd99268a5045a65a15d4fdcea50e779a93e136669e659cdb19b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchUMFPK8Z7.htm

MD5 be8a455a9d24845a1d6cacd178bb5402
SHA1 6bc51bcff5f9f96c7cdd464efded33f0f2c112b9
SHA256 998bc02c9a31982d50e762ec2593ff9897d6d5bb0a847665e903608271d34704
SHA512 4617c4a9afa6ed1e7d13a46709fded57b57876e1a34dadc01e75ab06d2889ab3a16b8fb6d30ba5cf4e8aea43dd70048301a5a404ae0339ce3fb2758c2601a09f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchQM3DW12I.htm

MD5 14ebc711da867b87a9d0f297d689b330
SHA1 89c357669eeeda85e2b37de234c8eeda069d4c6a
SHA256 cd68b1b95add161d417a10cdff269d292092d92b64509e517142861df67bd04b
SHA512 2252237401cbd81900c5fba7f1c13de455d6517ca337114c1ce4d21713fe290699e96ea7193248d4f1b5d2870223486fa4b033a79ea7935501477b45263c1107

memory/2948-432-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-433-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search[8].htm

MD5 24eda926e7072ff2e9c989945403e2af
SHA1 3fc3c66e127357e264be015c56f955d879dbecf8
SHA256 959195df5389933d533bba525de59b60ff48e3e1ca6b94f38392564a391db63f
SHA512 7e1aae226749f3510fe3d8b97e5a47396fb4784268a5f625a359e11d8ed527e3dd24de42d7ff5d744d8de3ef6faee2cd966f2f3b945833ff80f1ca6efa198fc3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\searchRSX103WN.htm

MD5 ffd4ae2c4530e2d6a6aa77226ee5bf69
SHA1 8443a909c727f08f49d8fee3e8b79f3ae7a3c680
SHA256 12f9287dd4193c4b6fe257b5f0e680cbb6139c9fdeb256b555404068157948a2
SHA512 285dbf72a0a50b8ca5c4528ffd1b01f1d70c658eb0915fe17a64003b61d45ea5cf6eec581c604b92b39487a16558ae020da971a0570d86dc57999faf6198997b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\searchTFOV6U2F.htm

MD5 d209061e51697cf3ebcbb6e70427c2cd
SHA1 977d9e1df0e18372f104bdbcf6b06da6f5bdb787
SHA256 45a5b494e78886b9201a2c134bb98e108ce554e51e8563d459fddcc17eef49bd
SHA512 44e55ff51bb49045cb639ba5ebdf3e040c288fd9e485519749ef35ffa6c08cf86b59f6adb05158ee1f24161d92b44442bc9d8e94c93d57a9118f67d05ee6708a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchKMALNC02.htm

MD5 f7937680626b9a5e317e9e65709f3719
SHA1 198ce3bfc17665b24595fc65b34c635be0c1f36d
SHA256 b35a6caf11822bd0c9a954b007e3860948f41b38009f452628aa40e2e435a24d
SHA512 54e817d60c6e1e9fd6fc207a4ec5703ba77e802567142d65ce1cc92059fea3d81ed67a1bfbff79b7c9be1f10a6ac8a4ac33687d5c4f6458254663031de007eaf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\searchDNNAVCP3.htm

MD5 0535a21692df9b5d0bf89cd8ceecf25e
SHA1 1eb61b0206be075f9f7b02a7ae279282f2c0b5bb
SHA256 1c1346cad74e0e4688dd1a9fbfd85f8de3ea6c82c0a8d5b1905ed510a78be8e2
SHA512 c2805531efb54394feb049108d3abf97279a2052f993e9b76db44527b2ff602e176cee458d12e42c59512338d2ee40099ed90f434676bf7a840bfbacf468e979

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchGV4P7GOQ.htm

MD5 b14a6e9dd469418bc02fc2f8a0415272
SHA1 50530feedf9f1b9cd88bc9534060eec9b6648ef3
SHA256 fde60442acfaa3299a6ad5dda2028124f546b775732684617a8cb11b7370f51c
SHA512 d5add179eec5c08dad775a68ae16f2e7350d752b2a041b7100965e1ba9e3ea4a9aad47953abbc866d3ccc082eac3828b10922400648f5cf6881142f06e8ca29d

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 f0d7461e2ba7b72c51d1f4e19b49bff4
SHA1 ed92b2e53efd23637751927a13a8b9b8ab2bd2fe
SHA256 d454a4927335d7fa83063af5e927efdc80ca4b908cb5a3310a0b992efcb9cc3e
SHA512 80eeabb49452b77f1b1062fe4757e68e70bd54e526197d34e701e76c880b070eb29570e800ebb3ead17c238d0d799ba409e3e57c1ee8f550b62ebf8090984820

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\search[4].htm

MD5 919b5ede011d426257e8d35c9fb842a2
SHA1 e8b7e0f1373540155a1431028346c7f6c1b8d3ec
SHA256 9fc7d5bc7c7bd42d73954e98c1959b4cb4aa83b897bfbed03016e024b278b70a
SHA512 3e2715fbfba532df9441727235805e50c195cf8328fa34fe8d41e42c311f17041ac0bfe0e7f5487a071668e388f469a654ec82d1965c33295d0a591b12f4e5c0

memory/2948-626-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-627-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\default[5].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\search08HNDAVD.htm

MD5 f446b202727df6a62f8b196bdc70ebbf
SHA1 1b6a12d57bdeb3cc6cfb4dc3fc9b3f40ba99feab
SHA256 49609164ca59f0e3b15160af6280ea7befdb1874bb17be3b02ed64863823b0a3
SHA512 49c272292f7da310633c44cb3da87cabd804137507691a80ce7ff83f5a3d12dde09a15366998116017d3043acef13a4f17d529fdc295e74f87e0988acba75b6c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\results[8].htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\search[8].htm

MD5 cfc1c1893db49cb5121ed7075fb529f0
SHA1 de677b1a254973fdbc6a25f148a59f67d681899c
SHA256 09b090a23bab2c0a467367c80b48ade5b5db2fce25248c6a61b363c1d9ad1fd8
SHA512 369a71200cade976efa064961b9412082d7c6cd27c5fbc4a1cfc97ad5e1690189f29bc6b3452e218a276e152452ea2ff75e281fb42c0cfeee98c62343294d97b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\results[7].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\searchX9189U81.htm

MD5 befbb11df63f8951c0f7e2500bec482b
SHA1 e86fbb0ed3bed9930efb9ba65233a7cdd44cea2f
SHA256 8b8c8db359ab8b63d7facbecd88c8ef5b86b6135100852c0ba472cab7f935d30
SHA512 a6b556f78e452515d1ac3408352a1308a5b688fdac1966d5125b76b20d89d0b5c9f044d051b5763bf5b7a13b11c0b3e59b9e3ce4c45a089a323c94eb38fbd6ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\default[3].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

memory/2948-784-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-785-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\searchS1GTHQL6.htm

MD5 16873ed0f4720d1d10ebfcb5bc54bcda
SHA1 9ac8f3f14af564b8bc79c225171d26b516e8e0ad
SHA256 84e55d43b17b86944ae1f6dfee4e3af6a7546a1fdebaf31b2d66b413a7cd9a61
SHA512 4ff710facfa2894f54d00fe4f10f79421e7cbfa3881834e832f64463f6bcb687cf538cd41606bc26a37a067b01e7dec36c5872fba5b96f715f056fa524b11a7e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W5OVUPOF\results[8].htm

MD5 3482ab4494f2d9844af5c8d5dadd1908
SHA1 4fea19f5beeb74d22babbfb970954ea32ef9735c
SHA256 7d7feca72092e807f6f3e3dbcb08759a3f509277b43b4929f491a8c0e568b5f6
SHA512 ac3c3503aff86ccbeefe8939ae02d48db19d8c78b3bbf031996c29b5605bb1e128cc434bead88a6affeb6063477acfc91093a18a8a63096c7f03de5ea5c61afe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchJ9VCETBL.htm

MD5 af4d04a39dce1b8cde1626b39c346c09
SHA1 8748671d6b6a16514a9d627674aa4365effdefb0
SHA256 da77c199b63885b8d12229cdcf6789b2eafa6e041734dda29b30f901ba73c46e
SHA512 4243915275c101bfdc1bed30ab4717644f05e984887400f4d82c6b03554f396cd782890472cdbcb5bd39e8774c1d603a87b96d13a982bc6d9db83061da570514

memory/2948-941-0x0000000000500000-0x0000000000510200-memory.dmp

memory/5092-942-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\search7OL6QEJX.htm

MD5 50eb6d551b6f6021908a7ee27da41681
SHA1 1c834daf5fc1424ce7076f1fc18f0b41a63265d3
SHA256 eb5cb4b964490536d8d19445bb67b9d1f59712487c194704110849893e408a2c
SHA512 2f4d924f4fd99f6e9f7382e4deb9a9792ef141ae322f47a59ebc9c8c4aba163eca649b9e43efa30b7b3b308e811fe85d0f9c8b34c41b671bf54583b87cb36f79

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DL7YY2B9\default[5].htm

MD5 cb42662caffe525e9957c942617edf06
SHA1 615009db9a1a242579e639ee0fc7a2a765095bfe
SHA256 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15
SHA512 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NA35E2FV\searchACYY74V0.htm

MD5 526585e3bc355faa8191905f8e42a2d8
SHA1 35a0c6ccb583971e6e47fab1ea00bd04b1ac845d
SHA256 508f1e0d5c7328bc999c42afef1c9a237cd9044a987258c10ed290534983c110
SHA512 7f2000f56582420a38c8866eac9d6d2c9f85c45954ee49e9a5a368f92c871e704042de1c97c6db1021cb771688eb41802f059b8ccbe47e19d0f50c509c6084fe

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 19:08

Reported

2024-05-27 19:11

Platform

win7-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0f3674035c44ae13c771b6a97d800950_NeikiAnalytics.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 172.16.1.2:1034 tcp
N/A 192.168.2.17:1034 tcp
N/A 192.168.144.131:1034 tcp
N/A 10.91.78.131:1034 tcp
N/A 172.16.1.3:1034 tcp
N/A 10.93.103.153:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.41.22:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 10.65.120.153:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 99.83.190.102:25 alumni.caltech.edu tcp
N/A 10.87.149.58:1034 tcp

Files

memory/2180-2-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2180-4-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2140-10-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2140-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2180-16-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2140-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2180-23-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2180-24-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2140-29-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-36-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-41-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-43-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-48-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-53-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2140-55-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2180-59-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2140-60-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 01337d2daa69cfe205a7e4f69456b4be
SHA1 006d87c359ffaec7a3a24c25957e4db5c86ed37a
SHA256 6cb5f1accb7ba4b1cf6539e9be3d240c459df45dccaff76ef637706562e2b10c
SHA512 0def00a3dc6e3c9f8bd9950cfed6341cf01a4208fb5f164a5471c0e6203e21c074dcdea7073301ac7febbf39cbf61d1d436dd143469949068d49929b10fc6883

C:\Users\Admin\AppData\Local\Temp\tmpDD8.tmp

MD5 69eda17dc8662368502ffb8e3416e207
SHA1 392c964e9b18fd8573737cb3f12a24f5f09064f7
SHA256 4fea8c627b94da362d2c4509eb85d8a1bfbd710fa9aa1922c1208934fe7d3c15
SHA512 3aa54cd19592c7e873f88ba545ee10054f77d6e8c49e2551a2663603be42873a6739934dcdb0da678e9cca3786289c04a11959bd7627562ff96f9338dc31006f

memory/2180-84-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2140-85-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2180-86-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2140-87-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2180-90-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2140-91-0x0000000000400000-0x0000000000408000-memory.dmp