Analysis Overview
SHA256
991c0ac120fd780a8acacfca0ce77c161fc8509fddbe6f9cc74cbf1a8ccfd372
Threat Level: Known bad
The file bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 06:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 06:12
Reported
2024-06-18 06:15
Platform
win7-20240220-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2468 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2468 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 2468 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 169.254.109.155:1034 | tcp | |
| IN | 4.240.78.237:1034 | tcp | |
| IN | 4.240.78.175:1034 | tcp | |
| IN | 4.240.75.94:1034 | tcp | |
| N/A | 192.168.0.32:1034 | tcp | |
| US | 15.136.121.176:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 24.196.145.49:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 208.189.196.18:1034 | tcp | |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
Files
memory/2468-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/836-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2468-10-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2468-9-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/836-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2468-22-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2468-23-0x0000000000220000-0x0000000000228000-memory.dmp
memory/836-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-36-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-41-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-46-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | cc5b7ab757276e93780180778761bafd |
| SHA1 | 414e9dcda0658191693b62176fd1a113c650438e |
| SHA256 | 008cee54ac90fdc28eff0591bd4b06403ca78e004fff34bfa3536cc9f2351ab8 |
| SHA512 | 11732d3388e278de35cd3d17520faaaa5f0876fbb55a472857c08d8df8a73e8b3999f23047e229327f54141f894a5c38eac977367849d831246cf042387e9247 |
C:\Users\Admin\AppData\Local\Temp\tmpB1D2.tmp
| MD5 | 0d64cfaa651245887e9446e2f5629acb |
| SHA1 | 307c8195d9bd2614853aa1131490092d7a0a5250 |
| SHA256 | 14ae9e5abb5acb15f5526412d3d865bc4a29a8f9df3daf1c58dac695f8d9c4e1 |
| SHA512 | eb71f344e02ebec0efa593514275d71d4a08b73be263c823a86b9fc4e84993b80020afd0732718bba1bb1a647d43791ea2ca88ad6a4c9cb65a1d1ff62ac05523 |
memory/836-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-64-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-65-0x0000000000400000-0x0000000000408000-memory.dmp
memory/836-69-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 06:12
Reported
2024-06-18 06:15
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4488 wrote to memory of 5012 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 4488 wrote to memory of 5012 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 4488 wrote to memory of 5012 | N/A | C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bb10d2680402f7c8bde578b901ca58ca_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 169.254.109.155:1034 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| IN | 4.240.78.237:1034 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| IN | 4.240.78.175:1034 | tcp | |
| IN | 4.240.75.94:1034 | tcp | |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| N/A | 192.168.0.32:1034 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx3.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| FI | 142.250.150.27:25 | aspmx3.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.10.8:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BE | 2.17.107.153:80 | r11.o.lencr.org | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 15.136.121.176:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.251.9.26:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 75.2.70.75:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alt4.aspmx.l.google.com | udp |
| TW | 142.250.157.26:25 | alt4.aspmx.l.google.com | tcp |
| US | 24.196.145.49:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| SG | 74.125.200.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.51:25 | mx.burtleburtle.net | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| HK | 52.101.132.29:25 | outlook-com.olc.protection.outlook.com | tcp |
| FI | 142.250.150.26:25 | alt2.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| SG | 74.125.200.26:25 | alt3.aspmx.l.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 208.189.196.18:1034 | tcp |
Files
memory/4488-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/5012-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5012-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-31-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-39-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | f960463cefde2766067ae49b2ecd7ea0 |
| SHA1 | f4f6bac1e46b794ebcec48f4d20398c29bb112c2 |
| SHA256 | 10874caf9159e2565fa7d5d73386fc6cb7e27ab4310e08aa441572aa37d4c26b |
| SHA512 | c23fe547c0b11865551e08d4ed67c07cfcd06d479453d62f7baeb7274b0b964d77f02e957bbaf7005c1cc5a1eb3d42e818ebd976e964bcce7f4f6c3ab8d737be |
memory/5012-49-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpC531.tmp
| MD5 | 7fe52bbce6ff74f999653749cc3e4536 |
| SHA1 | 850baeebb7dd69b3360e65e5eb8ec2f4262c6d6a |
| SHA256 | 70a815e41209eee950f22eef6ed4974f96cf4d9f563ccc9ba06c3bd7aee6d8f6 |
| SHA512 | 46a576f29b2dee48fd84c6679af08ff84aff7bc55eb1aeed0944826bf2afc61fed22df65437a99998a9a1bf62b7dd2f551430db9b872d807c0af6cf2e009fd38 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\A927FWYH.htm
| MD5 | a0a80f56efc07952148e3cdcd95ba760 |
| SHA1 | d2e91adb69da154ce27c0bc273f65d28083c20ef |
| SHA256 | 1cfd740662b45a2202cadcf92010f2cd48d980943b2e85557709427bcba8e558 |
| SHA512 | 8a8df02a08f942caa89a5a0628720150dfe8af48532c0eec62f151ae864f74966d568d61e7a659407b1c8aa6c528f7344b34e2263547e846379bb34fe322b9a3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\search[7].htm
| MD5 | cd62d05ca04ffcff59fcf4af369ef469 |
| SHA1 | 9e5938d6f0f257adf09da9200de4aed1694abe80 |
| SHA256 | a6880bedc146498d64723ccfaae7f1b8b34b2a130863c204de166cef83971142 |
| SHA512 | 8fa4a5e119463d7d9bb533ca900e3d9de9a83eee3c98ea719ed37737ba5e70c034b7120acc40948fbf5c1b903e228f2aec1ba7185a17b73ec37bf8e119b79995 |
memory/5012-336-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\search[10].htm
| MD5 | 09f277f58c73b95b88e0c964e5d99c82 |
| SHA1 | 841eb66b710aab080f7c3b2077c88050b35838a8 |
| SHA256 | 6583fc4ef7ab6a1dbd6b38bcc16a67126f33187b14e45a41bfc9c2283f936e36 |
| SHA512 | 33d251f879f30b9e31958c1e817d4eaa4aef34362e583f365bad9daef3d0eaa9f265767f2aa2bd2ec89614b46a614441aea740ea8ae110fd26bbd3a32f96011b |
memory/5012-368-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-369-0x0000000000400000-0x0000000000408000-memory.dmp
memory/5012-373-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 8b4e52a6df3bebf882ba4bd9c25204ca |
| SHA1 | ea90bae99f003865fbaaf69c210ebce235bcaac4 |
| SHA256 | 2221af24d5fe88a675773c9edcd580072898d6251d5ee5fa495d121619b0a102 |
| SHA512 | 3f4bf158dcb2fb9e4dce6e4fb3bdecd5a670d81d08047e1dfe302ab1b4d1c1d745d24faf17a1ecf3453eab5c434a91b70ff8c51def5e9c9cd004e4065bdbcc1e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7AAJOBN\search[10].htm
| MD5 | 236e7427ffe374ceb0406f7522edcf8f |
| SHA1 | e848b9f3a2232b562f1322948d43f2872a1cee2d |
| SHA256 | ee5855851cf6ecde95a01dbf0a3ca27242e6cafb893728796dde66e281cb1987 |
| SHA512 | ffd5cc00957e7a83e2d4228397c3f9c4dd69ce7597563e3e3069495f471f8944a563c7dc91720920fb5e81ddcca3160f968bfcc901d78c9085f717e4e556f344 |