Analysis Overview
SHA256
fcd4fc8a0534271a5ceb4c2b9abc85e30ce912f411111e164521f82818d4127a
Threat Level: Known bad
The file 865030faf454023288341463915f2570_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
UPX packed file
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-17 11:41
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 11:41
Reported
2024-06-17 11:43
Platform
win7-20240221-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2936 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2936 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2936 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 2936 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.135.189.123:1034 | tcp | |
| N/A | 10.127.0.3:1034 | tcp | |
| N/A | 172.16.1.2:1034 | tcp | |
| N/A | 172.16.1.5:1034 | tcp | |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 172.16.1.116:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.3:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.169:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.9:1034 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
memory/2936-1-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2936-10-0x0000000000220000-0x0000000000228000-memory.dmp
memory/3008-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2936-9-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2936-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3008-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2936-25-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2936-24-0x0000000000220000-0x0000000000228000-memory.dmp
memory/3008-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-42-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-49-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2936-53-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3008-54-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-56-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 09a4f5f557f3f169e10da243aa30fd09 |
| SHA1 | 85fd781de93e138444ec0e396349ed2ee9bcef4b |
| SHA256 | f3462ab101e1c2ee985edb9348b4f11f09c584a46884ab5aa6f58da50e6db4e3 |
| SHA512 | 5cf1b0415c71d99bdfd58a1c199672c9b06003682516bb5237819f5cecbfe14c246e18c5f5d25af05a50175760c34c4d4e77960a5aeb8d90613ddf9c2e8c6afd |
C:\Users\Admin\AppData\Local\Temp\tmpB81B.tmp
| MD5 | d24564a4fb54fa5f43a95607e3b7b580 |
| SHA1 | 1568bcab258730521a0c476de7b7dfae265cefe0 |
| SHA256 | c4bba967162c6b545a0c867e8895b23b9c49315e3bbee68c143cb2c9de7a4bd1 |
| SHA512 | 3ab1dc7608bffe2b83327f816c04f81c324fef42a4770ef6044fe700fa96d73f9be3528aae7f81836b959ee80ecb1fc207c0b50ca3fb1cb86926f0282c636d9a |
memory/2936-74-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3008-75-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2936-78-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3008-79-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2936-80-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3008-81-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3008-86-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 11:41
Reported
2024-06-17 11:43
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4404 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 4404 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
| PID 4404 wrote to memory of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\865030faf454023288341463915f2570_NeikiAnalytics.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.135.189.123:1034 | tcp | |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 20.189.173.13:443 | tcp | |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| N/A | 10.127.0.3:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.209:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| N/A | 172.16.1.2:1034 | tcp | |
| US | 8.8.8.8:53 | 200.131.50.23.in-addr.arpa | udp |
| N/A | 172.16.1.5:1034 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 172.16.1.116:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| TW | 142.250.157.26:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.12:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| IE | 2.18.24.10:80 | r11.o.lencr.org | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | 10.24.18.2.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| DE | 142.250.185.68:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| N/A | 172.16.1.169:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.251.9.26:25 | aspmx2.googlemail.com | tcp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| N/A | 192.168.2.9:1034 | tcp |
Files
memory/4404-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2452-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4404-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2452-14-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-24-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-48-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4404-49-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4404-54-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2452-55-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d360a59b00a53c20b66e1058cc64c670 |
| SHA1 | e306d44a6d15bc920bfc4950eb9ddc524e73bc4b |
| SHA256 | 2c0812d841409ac5e022f5c6852f39080f81052e2c9b1594339827d24b026dc0 |
| SHA512 | 8d4b31239dd8833f3a84c089e24cee8e416ca80b4e37328045517a6b9aa24ab22783fe017aed12eb64c863b71710d720d50b613d52acf95e2ea1ee3e3ffd9df7 |
C:\Users\Admin\AppData\Local\Temp\tmpB128.tmp
| MD5 | 865030faf454023288341463915f2570 |
| SHA1 | 40c6be1a3dd82dbff782a5b5c1b1b116ea4cf5d9 |
| SHA256 | fcd4fc8a0534271a5ceb4c2b9abc85e30ce912f411111e164521f82818d4127a |
| SHA512 | 4bcd00b07d511ed9900bfa57b436b7b2a55fda14cf285d307b492f08e8692af33d754cb156dd9fe66125315c2bbf3e212a39b5038e879fbafc11f6a3a4f36d43 |
C:\Users\Admin\AppData\Local\Temp\tmpB227.tmp
| MD5 | d2a77dc9a18f1b0e359b4016e5e04e2d |
| SHA1 | c402240ecdf894a143823cb05474516a6ff77ad9 |
| SHA256 | 22c27855852b325372ea6440c74b922abe7df901fbd690f9f1f05cc52fd0c3ef |
| SHA512 | f93a1b9214d20592b2f4eadad859c3bad8f436cc4ef6e909e8e98460cdbf63a19a2caca6a1240335542b3a1f10eb0f3aeebacb602c410e45368bce3d40baae8f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8Z1Z4637\ZNCPCFS0.htm
| MD5 | 85f5de03293cb8668fb8bf12de30342d |
| SHA1 | c0aef10ef401032e570c347c80a74356c7c904d8 |
| SHA256 | 9be29d26189e85548c057ce44b559ac7eed02035a6062573b91e14bb1fd96abf |
| SHA512 | 819ebfd0e990dc83b648cafe87c75f93dec37e2f92ca5edee69a3bfd626382ab9f4fa84e59b560ebec26bac4efe899bdb9aa0c43848f498fa6246f78a6cf81cc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCKU5E0S\M8N333Z9.htm
| MD5 | 2f7a19399fa92ef9aace46d8fdc35da7 |
| SHA1 | a6f29514bf601daf077c00bad0672d551ab8b1a9 |
| SHA256 | 0cc215f8d8aa95f16c91636235d3cbf8f1eaa9ab835fe156730e3dc9a7ad772d |
| SHA512 | 4dc58f2d76ac80dc7e11365af1b2acf0e39bd09fc98b842f2348d2c9eeaa134727f0ec010e1dbc52866722110baa3704e10d850c50134d7e28390e63c11ec2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCKU5E0S\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QQACG5HD\results[2].htm
| MD5 | 211da0345fa466aa8dbde830c83c19f8 |
| SHA1 | 779ece4d54a099274b2814a9780000ba49af1b81 |
| SHA256 | aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5 |
| SHA512 | 37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCKU5E0S\default[1].htm
| MD5 | c15952329e9cd008b41f979b6c76b9a2 |
| SHA1 | 53c58cc742b5a0273df8d01ba2779a979c1ff967 |
| SHA256 | 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7 |
| SHA512 | 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QQACG5HD\search[2].htm
| MD5 | fd1ddbebc7a9226923afe345fe4aeba1 |
| SHA1 | 0f198b54a38f22050816f880ef6bb63e83f6f7f7 |
| SHA256 | c911dbd78d8ef36e8dc47e1f5a3b12f39d2ff42b6f1c329810e9d357903fee84 |
| SHA512 | 3c4a559f209c003b3412c1e15b891cb36dd2654d1096bebc4bfc09b6eee2e33250c1f06af166a08cb5afaeac252f308aa59ef045fd8886432e6c083201caac8f |
memory/4404-287-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2452-288-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 7f638719bd2ec9683c5621f953d1d1f5 |
| SHA1 | 849072194309b244fe024d47a6d395e19676d29e |
| SHA256 | 85dc86477b47d7548ed27e432fda978f5b45aba2f1a38f58e8164f40848134eb |
| SHA512 | bd83d33752ed43b469284c7b7bce1405f363322eda8886d49be76dad8efe33085dd834808657d75404707d940d21fd0aa71deafeef1766ec24a2c393822f123d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QQACG5HD\search[9].htm
| MD5 | 10619eb63a18fac0d7b7a6905f7c69bc |
| SHA1 | 907dac11101a38deace4ac7d3c2283b1a693197f |
| SHA256 | 0face5b0ba62fa1272ca9f4337b87567df85781fa6ccc7482c9609fc81294a96 |
| SHA512 | b9adf12b0ec257a39ec10ac8a34e46627801e239df4625142abec8862db18fd3bdb08d3d916ee3d44a32e5c2eb2322face2d155d6cfb9eea39137d5abf61b00b |
memory/4404-334-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2452-335-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2452-339-0x0000000000400000-0x0000000000408000-memory.dmp