Analysis Overview
SHA256
7141b4d7594262026b952176c0cc1819e28f11e43320eda2aa69d8424d920117
Threat Level: Shows suspicious behavior
The file 9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 21:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 21:42
Reported
2024-06-10 21:45
Platform
win7-20240419-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1860 wrote to memory of 2100 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1860 wrote to memory of 2100 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1860 wrote to memory of 2100 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1860 wrote to memory of 2100 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| BD | 203.76.97.63:1034 | tcp | |
| TW | 218.172.213.152:1034 | tcp | |
| TW | 218.172.207.241:1034 | tcp | |
| PT | 2.81.133.157:1034 | tcp | |
| TW | 218.172.206.201:1034 | tcp | |
| N/A | 192.168.1.213:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 16.150.140.1:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| N/A | 192.168.10.217:1034 | tcp |
Files
memory/1860-0-0x0000000000500000-0x000000000050D000-memory.dmp
memory/1860-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2100-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1860-10-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2100-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1860-22-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2100-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-53-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-54-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2100-58-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 21:42
Reported
2024-06-10 21:45
Platform
win10v2004-20240226-en
Max time kernel
155s
Max time network
165s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3324 wrote to memory of 5008 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3324 wrote to memory of 5008 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 3324 wrote to memory of 5008 | N/A | C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9c07b7fbb93700ee3309dce4d3ce6cbe_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| BD | 203.76.97.63:1034 | tcp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| TW | 218.172.213.152:1034 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| BD | 203.76.97.56:1034 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 52.101.11.10:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| N/A | 192.168.0.79:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| NL | 142.250.102.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.40.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| BD | 203.76.97.76:1034 | tcp | |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| GB | 217.44.192.139:1034 | tcp | |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.41.25:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| FI | 142.250.150.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lists.infradead.org | udp |
| US | 8.8.8.8:53 | casper.infradead.org | udp |
| GB | 90.155.50.34:25 | casper.infradead.org | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 15.136.19.253:1034 | tcp | |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.223.2:25 | outlook.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.251.9.27:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | hc.apache.org | udp |
| US | 8.8.8.8:53 | mx1-ec2-va.apache.org | udp |
| US | 34.199.147.133:25 | mx1-ec2-va.apache.org | tcp |
Files
memory/3324-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/5008-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 0083dd917dd333e764b8b46afd60a19c |
| SHA1 | 62b18cde3b760ea27876318cb81ee847ba8d3b63 |
| SHA256 | 57d61073681abebe6f70beefd7499eb1dd9ff2bddf487e9c54314292102fd21d |
| SHA512 | 37b85dc930c2a4b656373dae026a526b9b2b6563594cd2e35665681577833c90f9ec125a8da7aee0c48aa4ca2460cf295164e3bf98ad56d7f3347e7eed4a3ce1 |
memory/5008-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-30-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp39D5.tmp
| MD5 | 8cdb0bf2fffb85d6b872ab040bfe5087 |
| SHA1 | ae9141c5ebd6ec0f2fe7ae8cdc1b38854b3262e0 |
| SHA256 | 553e436a8c137e738d34c2a17dd034976f1e5b936ce0c8b109daddaaf541163d |
| SHA512 | 1ebfa25e30d11cd4131eecd9791b54a4ef67e50c182461beb12bedc375e97e1d58fb1940ff7bcb8dbb9dd40d492c8f9014b4d89c547b27f903ed005930b80207 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 06e633d6753eb9a2e5fc9f7b8074600a |
| SHA1 | a05af4720e5dba57aaeac41500335f884886cdf7 |
| SHA256 | 47be518fd066979c4d46556386fdc3247405a2c0f3ef621f7d9990f9604bff1c |
| SHA512 | 38c06212fcb4beb8de97958e5ef149c3be69c3c1f3ee647001f50031803cdab170f800a81b5a5a3ccb91e0bb1d748f0668bc5a95fc8d522a2efede7b9d43e9a8 |
memory/5008-97-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\results[3].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
memory/5008-148-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\results[4].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\Z63CIK3I.htm
| MD5 | 9dbcb3d85968f4c16eba3de096b1c198 |
| SHA1 | f779b7ee5a1f6f88361e1db3d72952d5c2961a1c |
| SHA256 | e2cba66355d41f91adc7eb215ac29c91ebba5b7901f1672681e5c73eeb555259 |
| SHA512 | 35b78e1c1e98431257593de397ef5ad524a95699e58d915c02929bfa0c2233227ae0d8e5432c7b2074b455f88538b52a07f2cacd8105a5905460d05ebb4fa9bd |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 0fca6b7ee107cf97e0acc2c30314456b |
| SHA1 | 269b187140557cadd750b71ae7e1fcec247edae8 |
| SHA256 | 2492d92f1a150b6043bcaf1a36870a34d9fbad18213bd0d68ee1c6e7f2851a61 |
| SHA512 | 11154c5b955b809e4c0e92ba3e35a3d87e5128343619708dc8749d2e20af6188834a93eca37fe0db5387a5e219a7d965a1bfc95ffa06d012cd2b0a59adca04d8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[3].htm
| MD5 | b2ef8d4a3506b9ecbd396cc159a3f0d7 |
| SHA1 | 2940ecf5cfe5d226ed9e7f9e47f8eb4190d408bb |
| SHA256 | 8244eb46dd5c295989e22ab2b5b13ccb56f0e8e777569b64229a6649f48140fe |
| SHA512 | 61f7f9cbfe527e9476b75cbf1df0cd780daf7424403bbebc9a10b6ec575f0740e2a0d3e2ecb8fc7c50393d26f6bdd6cf6f1fcdcf827bfcd78a6c7f893c47fb76 |
memory/5008-329-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[5].htm
| MD5 | 3d465334995b8a6d642b9470d55819e8 |
| SHA1 | 281cd5f10e78bdd33b9b3ac390b2e2c3fdbf9230 |
| SHA256 | a36b089de17532dfd38a5054dc38cf331e8ef2d79337449daae523de735a6505 |
| SHA512 | eafddc82753b90cc2ca5bca96be0374878390f8293d2caffe1a42404774f3624639b67d02cadeb801bbf704aaeaf2fe008308feb31341503155a41273829176b |
memory/5008-363-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | f7035a8554a7583df6b7ce4c0ceffe7f |
| SHA1 | 3a4f9f310799c42b6c32a5971817a52824fc1494 |
| SHA256 | 88bd18a79dadc4005e335760a29e23e9c319b01c4369e23f27f4f5ae902f78f8 |
| SHA512 | 19b0c198acd84a13cbf74fd2727a3e8adb4b6782dbfc7f6a446979dd3d8c7f49eeb8b6c604459cbbe8fa207ef4658069f2de9ce8e90f304f399ce03d20330924 |
memory/5008-376-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-392-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 7e248261355f24abe6fe3d62a0ba0f77 |
| SHA1 | 06f01cb9a2800a4588c1449eaf28c2fbe54d0265 |
| SHA256 | 6d02f3f3a4cef730f655c67a1db17f8cf104d02e2c44d09a0972886e22698b88 |
| SHA512 | f3ad2def668cceeaa21938d2b2046a8f2be6b30beaaa48d9626cc10a1d2fd72f3c2474a657db8ae3abf51406e7cd742055aaf8997f103dd7d13d0b236d907c7a |
memory/5008-399-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5008-407-0x0000000000400000-0x0000000000408000-memory.dmp