Malware Analysis Report

2024-10-19 11:31

Sample ID 240527-zpw52ahg3v
Target 7a7f036b921cbfaead2986023e6a920e_JaffaCakes118
SHA256 83f34d549da910df01c6db0d088d8b02ad28eaa5a102fe48e441106ccf28a6d2
Tags
microsoft persistence phishing product:outlook upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

83f34d549da910df01c6db0d088d8b02ad28eaa5a102fe48e441106ccf28a6d2

Threat Level: Known bad

The file 7a7f036b921cbfaead2986023e6a920e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

microsoft persistence phishing product:outlook upx

Detected microsoft outlook phishing page

Executes dropped EXE

UPX packed file

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 20:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 20:54

Reported

2024-05-27 20:56

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe"

Signatures

Detected microsoft outlook phishing page

phishing microsoft product:outlook

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 128.122.2.125:1034 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 16.188.113.226:1034 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 15.136.121.176:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
BE 108.177.15.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.9.24:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 search.lycos.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IN 4.240.78.199:1034 tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.26:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 99.83.190.102:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
IN 4.240.78.194:1034 tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
NL 142.251.9.26:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
NL 52.101.73.14:25 outlook-com.olc.protection.outlook.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 15.136.121.176:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 portal.office.com udp
US 8.8.8.8:53 portal.office.com udp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 portal.office.com udp
US 13.107.6.156:25 portal.office.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.250.153.26:25 aspmx2.googlemail.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 outlook.com udp
US 52.96.214.50:25 outlook.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 hachyderm.io udp
BE 108.177.15.27:25 aspmx.l.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 16.18.14.137:1034 tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
BE 108.177.15.27:25 aspmx.l.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 mx.portal.office.com udp
US 8.8.8.8:53 mail.portal.office.com udp
US 8.8.8.8:53 smtp.portal.office.com udp
US 171.64.64.64:25 cs.stanford.edu tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 209.202.254.10:443 search.lycos.com tcp
NL 142.251.9.26:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 mx.cs.stanford.edu udp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 8.8.8.8:53 mail.cs.stanford.edu udp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 171.64.64.160:25 mail.cs.stanford.edu tcp
US 8.8.8.8:53 mx.outlook.com udp
US 8.8.8.8:53 mail.outlook.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 smtp.outlook.com udp
US 209.202.254.10:443 search.lycos.com tcp
GB 52.97.208.50:25 smtp.outlook.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
FI 142.250.150.27:25 alt3.aspmx.l.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
AU 16.179.5.169:1034 tcp
US 209.202.254.10:80 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
FR 216.58.215.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 tcp
IE 212.82.100.137:443 tcp
FR 216.58.215.36:80 tcp
FR 216.58.215.36:80 tcp
US 209.202.254.10:443 tcp
IE 212.82.100.137:80 tcp
IE 212.82.100.137:80 tcp
FR 216.58.215.36:80 tcp
US 209.202.254.10:443 tcp

Files

memory/3244-0-0x0000000000500000-0x000000000050D000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1752-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1752-13-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1752-17-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1752-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1752-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1752-26-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 c925035cbcbd8829da5baf51f4629d06
SHA1 9a9bbf3e9635242133a5901a3146693ffd8f20b7
SHA256 d932f74d200b7c05b26acd0962f8b45c3a510a3031d7cd8950ee55a0a7b53a47
SHA512 4a67a73abd4cc44562370579c47002b00dee9cf00d1425f03db4f9e1eb6ebeca47f99ec014128917c04819ae669ea120230b7a6b8e1105685102fcd78bf60836

C:\Users\Admin\AppData\Local\Temp\tmp1BA1.tmp

MD5 a406e2fd8b4f6d8efc8ec95c02d7abac
SHA1 019422cb710eef3a2ad0c60878279a89bc8c1abd
SHA256 89a79075ecfb4132103eaaa7280dafeaca63ab7aee03a133d5354d20a2e76b4d
SHA512 24af855d89d1cf96ecce4e776f197b1ab292d08ab04c04b5d978b7b6a412854d5cb2bbce263ee6c2770ed9cc40f0489d2d68fb70d740b70ac05bda0e0feaff08

memory/1752-36-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\0EYI4XZA.htm

MD5 2dc732fcef5487611f2dd89245423816
SHA1 7e94663fe6a83f05268548ca297e3ddc05091d00
SHA256 5850f787309af80ec8df1567929471a37d8935b267a14617be67727d35e8de3e
SHA512 e91a6b50f3ac5b64b142d8bece7a82c51824f6988b0e178cbdc55a95df3b2fbec2f3fa8bb8f5ce6bda40d67c1c21c802d59ec26cf43c3c3051cafde76aadb31f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\search[3].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\Z5NOZQJ6.htm

MD5 8587b3265dd40043699026a60685c77b
SHA1 6bbd961cad954812b610cf8af3e58de8f200c1f9
SHA256 b1d606c60258bd1b9e2137188776e2685952a5f6a1ce238a035b7f6813cdcfaa
SHA512 b9baf2be965ba578a595609a275725897461f1da0437c030062ef28132f3c4d02d3d6f3fc08f14857e921a45d1fc84f466602edc53eaa7b3bb733b8b6f447612

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search[4].htm

MD5 00a3b661f9c7c726e76bae4e1dcaf3cf
SHA1 b94a4a105cb393b2130d88c473d10259f98c12e6
SHA256 46494a05a2bc0ef54d2930167038764e289211127e45ceda06ee2f18d1acf925
SHA512 1e43b0bb4b0d7a850d479ebf240934c158cd2e89887d6018e96152af952a5f16db8f1664a22b12a012962c6b6f46ae09128e686c2a797dbb47a49f04bbb42053

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\results[4].htm

MD5 ee4aed56584bf64c08683064e422b722
SHA1 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8
SHA256 a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61
SHA512 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search[7].htm

MD5 f9d21a432add120c0a5efd3f26b4e858
SHA1 7c8d8a2e69ffb4ba21f453a2b9ad208f2a977960
SHA256 c0207103eae7b973a25ab2605009c90add36ee29fd6f37d7d45a0693fd8d1e96
SHA512 7f4880ae8123331e8ce5242a05675b24c413b279603ff03c3b67753495917eba09ef7714a7b7a996aa68dbb1c4d5e979cc8e5bbb22b6c97e149b4f9ea3779503

memory/1752-242-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[5].htm

MD5 67aef081f81f044aeb45f8f6614db580
SHA1 50c1555778e843950a4dff8d0875db044f780e4e
SHA256 dec1d20f3fec7056d8623cb8257aa6a304f61c1fa1fa6232c04e0ccc986a9968
SHA512 06262447565df6a4d96b3c08e141655afa61af22411f2568593548a42fba571592d97dfb1eb881451c563ae865ba5d0c4f153cecbebb083b95632a92e8f109b4

memory/1752-286-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1752-290-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1752-291-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 eb27c0ee816f48e2fc1d522014aa2ee5
SHA1 fd220b24a4cf1e0d92851de3bc64925887751f7a
SHA256 3ab9d187f2dae57f750aa8c9f08389d4bccb4522fd193e577ea33c0083113d45
SHA512 efc83517473dc0daa9b52ae94c3af5557d4eb0d66f7f2cf226cb76937051c45de4598d52aed0ac740ccac2259e6be0ab4f936639a942b58d1682d88219fdc2d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search354NXSU2.htm

MD5 21100a94bd17d1f8e2b0409f0a7ca26a
SHA1 895351f42893c798bfbc92beb54a31e3fc4dde27
SHA256 706a55c435624e52f11c91bfc67529f3420bdd772795f8d222b8272b33ec482f
SHA512 dbeb5e78edf5e1d3609db4a8390acdf05d04ab6801df5cb41354c2aaa1270e0dd724bbf8e81dd7276649bf8cb3f770dc1a2dd8bf25e7bf8f61ac6d7bac454024

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\search2ZDGWC1T.htm

MD5 6460fcc01a774c0d28632dfc79047cb2
SHA1 eb08a5fa195c62d4669d88ed736625fc5a2ff7f9
SHA256 d75b166079acf5f4e3ab7ee012cd38492942276a2ae6fff66b356b9687e5a61f
SHA512 b403ac142e5c36b3d394d902031d70d91c2b5b7b08616b176f27bf5efedb144e3988b383e5690b3dc864eacbc638534a669e3f9829b21e2996a7eee87ee71b6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\search[9].htm

MD5 b0cea4f5985e888f397410cf9da60122
SHA1 940ff5034af541752dd78cab1940c3dbdfc68820
SHA256 2ebad8e2460881ed579c77b267175fc9d79cdc3ae50ee19968d48d94a6625554
SHA512 5f633856ff71345e80b23dce5f3369e1a2f52ed20effa10918ac9ad0bbc312d197da4080b619ce683e4b083b6774644ee3e1140ef460bffc1435bcde17fcf9b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\results[6].htm

MD5 211da0345fa466aa8dbde830c83c19f8
SHA1 779ece4d54a099274b2814a9780000ba49af1b81
SHA256 aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5
SHA512 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

memory/1752-397-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\default[2].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3d70a3b7554d5af0cbe75236cf093868
SHA1 48aba39dfe800a70c7a1c8034f6531e9012b3d89
SHA256 0e8c301debde298cfc0f26226e59cc8a3fdbb2d7b417e5ea6f0dd721d0205c18
SHA512 dce52d7267f37cae66ee47857f00f91324eeed49451dfbd1b164c9ec5667e0f5ed5559a90a2c539abcfc091367126fef5ee07fe9ef5d10947f6ac092545704c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\default[4].htm

MD5 ffb72ab4faba49ad441ce07db37dd8b6
SHA1 194e13c1c32ebb6e7a1dc912261cbd58a82ff71e
SHA256 7bd7c3676e98ddde8e0d5b63dd22cb9379d975bcd1d68884c97565cdd8d03660
SHA512 517be20d2442489ce39b48dc7f9f6f13f8c45d02703fb1865071f553d36b2289f5abc26c6089fc0bfad1a41fe318bf4b5a806915c5e45898ac744b7e4ed30257

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\search4G2KT7UZ.htm

MD5 26a4d3280376048106c4530ebfdabb50
SHA1 a268925edda37770c913309619408d5ea8fd5302
SHA256 139317ed1f56fbc39355580e175bb0d2b3a2ff1a9961f3a0fd156ab8bf8a6cae
SHA512 55e5aeab323e646230c0dfedca04a4386b8575f5f1c853106e6ed8e3c1dceb49158fe65987e269a2cc93d9facf40f58537f9bdc128d46850f5b0e69ba39b8783

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[3].htm

MD5 d57bd65e728eb0d5db98aef43e0a2b2d
SHA1 2f804c90669ecb94905d61e591ea716db2d73da4
SHA256 08acee67ddcc77b886ee99d19b3fb21cd0c8de4c097c425c5ca6a9f709f33475
SHA512 eb8e8bf0fc0331b5c36b6f994aedc728d6ace60eaa0b3ffb59b78d8e4a9d069a9002a3e327e41fe22619fc5357fd56553b34cc1b6af75cac27227f3bd2c01210

memory/1752-575-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\searchRLLDE0IA.htm

MD5 8e798f363e98c7f64b464b9a77dd90b3
SHA1 4249740521ca0a3bd656caa9800a01f06b2b5462
SHA256 a5077895e2aa62f0ecbc7dd7cf1aa2429b15b0c8f0d8d8c6a9ec1957c8d3de1e
SHA512 44a33347718abc15ade65c441bd6c721996a52610e7942fa183cd4af48b30bd033f8a51d4785c70c729dce2be045172755100d0464331008987b24507c131caf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\search1KFVCGY3.htm

MD5 ed6cf2fe2be40c6cec3d721a727d23f3
SHA1 8efe5f1baafa8d13ee8bc3837b1b215a8e135b3f
SHA256 0d5806591b6217e950ac7f63d78f02819a6edaaa8cfe7952b9dce6db33b9ca49
SHA512 1a37cbc46d657c99598baaba222bcb2e33712a706098d6a23915ff9cc0da01c8dcddee5b9117e590e6c97f915f5d0849a0b6bd15437b97cc5ee2d16426f41132

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\default[2].htm

MD5 14b82aec966e8e370a28053db081f4e9
SHA1 a0f30ebbdb4c69947d3bd41fa63ec4929dddd649
SHA256 202eada95ef503b303a05caf5a666f538236c7e697f5301fd178d994fa6e24cf
SHA512 ec04f1d86137dc4d75a47ba47bb2f2c912115372fa000cf986d13a04121aae9974011aa716c7da3893114e0d5d0e2fb680a6c2fd40a1f93f0e0bfd6fd625dfa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\searchPHP15TBA.htm

MD5 40532bba4c0dc305e9b22d65191cef70
SHA1 5cc768942eeb52993611330ed8596b5c9972c73b
SHA256 ee008dab900b2f814edc4387a7f0c6fe0789fca69bfb289b428a24e0dcfeec5f
SHA512 f6e964d7b2c40a2a55438e0cb418d1070a094f09abea0d77e7ab0c3a34091ace7a690b398425c4acefeef908bd855bf9d945860622e4d713759d785f23dec7a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\searchCB1M4W9P.htm

MD5 cd04e716adebd2ae5f6ff61299798047
SHA1 49a7af067518fba697298d4324f9297b4b6f5c69
SHA256 485ce1b73f853898b1a3a04a918a2602d9616dafe0a2633b314965d7227cd25c
SHA512 12bb3215575f8fbf809928780d6900f141e0d04e34525469c43705ef29d9a31b01be35c3d1c4a271270ae841a0425aa76f6d6dcd54bd6e57f0a86ee31e45f943

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 0d0b0ca2a68e67f10391094cbd654bdc
SHA1 cd0d3cda631d5c7b5a337fc787522ef760d2c931
SHA256 6a684ea1d0eafb13ab5fc2cc7816746a4c46e4bd8db8392dc622aaa3ba936405
SHA512 671ac01b778d859aed1e9c4d5daaa5d1175cb69d0814e48db916e2c7b9be204df73bd05361bd7caa2097e82226010388ae9b837865a1bdaabd151b21deb376e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\searchO09KY09E.htm

MD5 b4b5ed2fb943e6a0f2d2d98b749fdf2c
SHA1 7b84a9f7254b742e1330b74e257a268275c6f68f
SHA256 69bcc54a9773f83b3feaa89dc3eb98b0542ee83afba26fb3613bb57dfe8b5e2a
SHA512 7ae508233fbcd1c3d45deb8939effb76e6328cc6f84e4da889a9ae81ac0bbb3591c93da49855d9512da5c4c8479f24885c0cadde23e2e744c757cb4ad5ddb069

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[9].htm

MD5 3f0bc9d5e60c8a07f2e6a13d431a4e43
SHA1 e5c8ddf14ea8511c43a03ab1191740a04594f716
SHA256 0e9209a46db1680e4bd7a98f436cc5ed7720aa9af07d53d9ba6c64863dd4fc3e
SHA512 65d06cd00fb66dc4bb4dcbe93876060bf91440825cb53c82c398d6bf95d8ec0af426c4932b58ffbd707dd86cc525a9806f68b324db4783e0ad73ebe9ac93fb8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\default[2].htm

MD5 cb42662caffe525e9957c942617edf06
SHA1 615009db9a1a242579e639ee0fc7a2a765095bfe
SHA256 312bf5c9a1a122abc6361bf8ed01a44346285b962c0d273ef2de0eb796ae1b15
SHA512 3e6777f1f74f64fff6cb2bd1a81a6c08d9a64feeebc3deb7cacb8f0f41b23a5c59a8e6294b99c76dd386aaaf9043a1a252ac47910fe1801bdc2995f7b675692c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\searchVRDR3BX7.htm

MD5 423b28d3b4ff3abe97e28d633ba2ec24
SHA1 4b50263a69d0a15b7a3b7fec01381b65abf342a2
SHA256 07171164efab551494805766d3f64d5a7398ac951f34f89f762bfaa1154ca4c7
SHA512 92f72189beef05651a04fc9e665353d072c22f30d8a444514b5cd0683373a06a1e93b7b2719d74d403e34e830c8820bbc1ed68357c85c9465e241f28eb8571f4

memory/1752-740-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[4].htm

MD5 4dd7450c904f8996e8d88f0f2f69f666
SHA1 c3005c915268b90c7ccb9c7b56c80066bfb92702
SHA256 248d1cc6babb5cb686486c1da4adc540addee1217a751c28639d773f18078e0f
SHA512 3fccda729fb0e7a54cc2c64eb78935d04e4e53fd52aa8fdc8489736ae92a81feede74ab87072516c1c5801b10b15779a1103966e48ea991688a3b175fc6a2864

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 a06e8bc0e25602b84522ed096c0eb50e
SHA1 fcfbedbcd314a8fddf46223c0f6f2bba049288c3
SHA256 74c7043779fa89b4d3decd0323468359c377c0d3577019a5459a7f998fd9a262
SHA512 6724e95d23b4436eb3ec04e3377a3ed311c2879e4a28034968ad244198cf2659f1603c51992d1689309931be188c49052184be4be62f86b2e2dbfffabf8c273c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\search[10].htm

MD5 626630d89435309083c54b20680d6552
SHA1 b1419cbb46585dbb8a1824a8b378b8e997315ea1
SHA256 75e99e1ed43664fbd79be507a58ddfa6e6408678f79399447e38e0ea1af5e9ff
SHA512 9566d6b13bf01bed4258408ff02b4b86c1cce69777f32fa3257d59631904a37d9be518771792b0f3fbdaf87d3f8883abb32e8517d3225d10ce6b5516770f9d98

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\search[8].htm

MD5 613236937457758aa32caca8f27ed9d0
SHA1 9a3901a745744ead2de6b052b503403941ec2af8
SHA256 478c0e449c71d26e3c43e623ba21f6aa5c9ce7d231dfecd203354ef64a0c88b5
SHA512 d5dc7b07b2bae4aa85ac351c9e63a77cadb9dbdc6a7e294f480e40454efe3bccfe40e8ff16c3a11f1d3ae839a2b33dce0231a7eb8d84f6069f5708eb20e73080

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\results4W1AUZC3.htm

MD5 35a826c9d92a048812533924ecc2d036
SHA1 cc2d0c7849ea5f36532958d31a823e95de787d93
SHA256 0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea
SHA512 fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

memory/1752-884-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\searchDW1FBM6G.htm

MD5 e94748c533d6e339fd96a384f4da00da
SHA1 8d38c276541c7f032751d1952a9f936e4d26bffb
SHA256 49024ac070dcc5bea0a40a3238fe4705995fe594b8c5c088dd95d057e12fff99
SHA512 8acf747eb682ba45b3233837f34ca3808d4f6f98fe3b924ff1dc7c5b1f4ee07ea3660d3f18f5233f4f8a014bc614e6402adcdb49a83242c4988233c7a4b9b107

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\searchTBRVDK40.htm

MD5 b7c597fcb34f494ea1dbd54c497d8c46
SHA1 a49ac306fdb4f25e98528063abb467f7a73cdc87
SHA256 2fc99224cd716a6e6283ce358af33fb345f499cc31973a9d01608d71d0b751f9
SHA512 525cde554ea849f3f6eda4e344b0610b468afd6bbf076caf90e84c9d86a494789cc595f7236ba39274a1abd6c2268f37d3e703432c2040da60cc514316b53670

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\searchSCE9WVP4.htm

MD5 eb93da62bbe2de4795ecbd4c2e2c78ff
SHA1 22415baa0c0036fc44bbe6e964f70604ce908dac
SHA256 fb33668326615647cb0219c3231c47a6c099fe8e85f5997049b2d43d2f90799f
SHA512 f15872fb84a339b1ca834b933cd6d0d2a34c1fbd4c9782ff3ef3374c5b726f871886d690a83f588c66a89e81a990a28c31a09156f31d60ed595d776fef50ea7e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\searchRJJGZFMF.htm

MD5 a76e1b04bcdeba50a1f094d0621bd61a
SHA1 fa5ee1f5128289c377d94c90ecb6f2af52c1b0d4
SHA256 4332fcdb09aedac11f015c104318af29e34bd8b2eb2ed6efb3e249fe1bbc8c28
SHA512 83318905d26f7abd3b645c469b3d993e1842a57a2b46de346dd093162fe9710da86228260f7dd91a7ff8a86086076790ce423af29579d480e696f1f857c96916

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 20:54

Reported

2024-05-27 20:56

Platform

win7-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\services.exe C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A
File opened for modification C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A
File created C:\Windows\java.exe C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7a7f036b921cbfaead2986023e6a920e_JaffaCakes118.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 128.122.2.125:1034 tcp
US 16.188.113.226:1034 tcp
US 15.136.121.176:1034 tcp
IN 4.240.78.199:1034 tcp
IN 4.240.78.194:1034 tcp
US 15.136.121.176:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.8.32:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 16.18.14.137:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 75.2.70.75:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
AU 16.179.5.169:1034 tcp

Files

memory/1776-0-0x0000000000500000-0x000000000050D000-memory.dmp

memory/1776-4-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1776-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2224-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-20-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-24-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-29-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-34-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-42-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-43-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 26f81366c32766af9221082b9116f81f
SHA1 360dfd4b3abeea19113a6ece5643786aa51869a0
SHA256 55fd499acba611c316e9cdb73b6550bc7c595690ccf4a55f020b3ee4bc805c7e
SHA512 36e04f98d5cf388a3b449bbc5e299086f89545a3c3f4bc5b3775ff2ee22c856ecf807f1fd3fd27b76f53e2b149edfd1a7aa5e7e5ef4611b7c5a7e6efb568eabc

C:\Users\Admin\AppData\Local\Temp\tmpBEAF.tmp

MD5 d1bea22699399c754efb711e817b8db2
SHA1 e3d4cedfefa3c79d8dee23b471a7568b71790055
SHA256 568fb60e685ea924cca586623610cd484983a8e210b16f4c3b59dea765eaf040
SHA512 f1aabb5010b4ff0b2d74701f49a875e645eab83ccb1aed8c0e6e5006afef094639ff1fa906807a2321b2ecebf120f2bb74aab4f267994caf2dea02999301e221

memory/2224-67-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-71-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2224-75-0x0000000000400000-0x0000000000408000-memory.dmp