Analysis Overview
SHA256
343c41bf691b66fcbf07f89059cd97d320fbf1facd0b95afd31da3e654fc4716
Threat Level: Known bad
The file bacd393c726300649bfd5eaa017516fd_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Detected microsoft outlook phishing page
Executes dropped EXE
UPX packed file
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 08:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 08:40
Reported
2024-06-18 08:42
Platform
win7-20240508-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1988 wrote to memory of 2436 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1988 wrote to memory of 2436 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1988 wrote to memory of 2436 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1988 wrote to memory of 2436 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 15.244.197.231:1034 | tcp | |
| US | 16.150.109.128:1034 | tcp | |
| IN | 4.240.75.91:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| GB | 81.152.168.204:1034 | tcp | |
| CA | 16.55.206.80:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 15.244.200.106:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| N/A | 192.168.1.220:1034 | tcp | |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| N/A | 192.168.192.146:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | unicode.org | udp |
Files
memory/1988-0-0x0000000000500000-0x000000000050D000-memory.dmp
memory/1988-4-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2436-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2436-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1988-21-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2436-25-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-35-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dnWozue.log
| MD5 | 860a0d0629460bb2157b453dd5f9aa39 |
| SHA1 | e5bf550673ec1ae534efc495cead77fdceb09703 |
| SHA256 | 06954fc8488a59afc2d8606145bfe2f49c52327f22d4b4aa225fcd2c31dbba0f |
| SHA512 | 45ba51411cda98ecd8dfcdbdaf6afd64431b5b3ff8af20c79dbfcc74bed947ee904dd998195740b40370b89b18bc59c0f58ce7d1c67353bea18c7a5e4536b3c2 |
memory/2436-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-43-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-44-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b8db9acadc1920dbdbfe4589b3584370 |
| SHA1 | ae268a03625ad4e882a1adbb1ffd357010a65013 |
| SHA256 | b9bfb9cdd904b85d7c5a662b14fe31f23a526f4f9171d5b0a550ccacfae67459 |
| SHA512 | 0f7c926a2f5606de29afded51a35120c9ac8f8c28eb605afa07bd5955168fd540f8712fad7ed60db9a02ba394d5f4419264a49bae257a67c7df8ebdb54e1dae2 |
memory/2436-57-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-60-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-61-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2436-65-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 08:40
Reported
2024-06-18 08:42
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detected microsoft outlook phishing page
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1300 wrote to memory of 3424 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1300 wrote to memory of 3424 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
| PID 1300 wrote to memory of 3424 | N/A | C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bacd393c726300649bfd5eaa017516fd_JaffaCakes118.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3856,i,5047420736443372512,9747851268033796534,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 15.244.197.231:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 16.150.109.128:1034 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| IN | 4.240.75.91:1034 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| GB | 81.152.168.204:1034 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| TW | 142.250.157.27:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.194.3:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 2.18.24.17:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| CA | 16.55.206.80:1034 | tcp | |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.24.18.2.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | hachyderm.io | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| SG | 74.125.200.26:25 | alt3.aspmx.l.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 99.83.190.102:25 | alumni.caltech.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | 4.73.50.20.in-addr.arpa | udp |
| US | 15.244.200.106:1034 | tcp | |
| NL | 142.251.9.26:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| SG | 74.125.200.26:25 | aspmx4.googlemail.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 52.101.9.22:25 | outlook-com.olc.protection.outlook.com | tcp |
| N/A | 192.168.1.220:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| NL | 142.250.102.26:25 | aspmx.l.google.com | tcp |
| NL | 142.250.102.26:25 | aspmx.l.google.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | smtp.gzip.org | udp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
| SG | 74.125.200.26:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 52.96.222.194:25 | outlook.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.192.146:1034 | tcp | |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt2.aspmx.l.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | tcp |
Files
memory/1300-0-0x0000000000500000-0x000000000050D000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/3424-7-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3424-13-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-31-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lcpitpvwg.log
| MD5 | c1acdd3f1e967ed59b2aa3cb539aeaf9 |
| SHA1 | ff3dda48264b710080d34cb784882237b253339a |
| SHA256 | 4365dc01be8a24884cb880f9c59ab60bad9ba97013b1b46dcf57a1c40b8510a2 |
| SHA512 | fd4c1440c08fc8643651505a61e7c789d17a2e763fc6e0ea59b6ea16be2de6a8e36ba30fe0db4eb5f4484529b951f26da679a4c603c716ba0d2a39b5074e45ff |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 38d32e0d926779914c4d40b87e210b84 |
| SHA1 | ea755d654789dfa524eb4e3f76b6c66b8644e685 |
| SHA256 | b8a99117cd579ccbd89727ab08de90fa1dc50f2d164a1eea24e0ea10667d686c |
| SHA512 | e6d5b831bbed6819316d2768e7e12a1da7ca1aa537a04620d17efc2ac15658f7ba4e2c4a235944bdedb0dadc01eb408e13e45fa5cbf93ac980daf82011b44ad0 |
C:\Users\Admin\AppData\Local\Temp\tmp3437.tmp
| MD5 | 07ba90ade48b515a731d173dc93ebe7d |
| SHA1 | af932459c06d46d2c30776b1a5552ff1bec906e1 |
| SHA256 | 21f838d4849cc699bddd051d6a656c805ff508f169c2965199f8c067d7d92ef1 |
| SHA512 | 77ce4167cf38eb4899b5e259b7e9d183a789dacf1ffc44c58d169aac5790e816bed716869baf4b18007caa3c2e6a5374bbc09ca5981db4068a0b8bf66d5eb388 |
memory/3424-49-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\search[3].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\search[2].htm
| MD5 | 7fd66af0237fb293f5b042b2ee7452da |
| SHA1 | 15281e6b7d4aae57695ab5cc91a7d50bb2cb9bd8 |
| SHA256 | e279bcecf2dafd24a621e9a2d6aff5d3aea1aeb6f529502188ef4140b351863a |
| SHA512 | 0fd1c162ba4c5eb868b3d01b54bf208e06312771b110939d08de25fd2c3c26e975b3d92222d8f35f77873410fe4e78bc10ae655296ace016ea85740084d5393d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\FW2KQDC5.htm
| MD5 | bf829eb177d73d25608349add33c63ee |
| SHA1 | a6ca7bef29c78e2c21ef39c9b82b5d261eeb2e5d |
| SHA256 | 8e422f0d23d757da0612e07aa8286e4234a15b37902daa0a81a706b8a1134977 |
| SHA512 | 54f7995ddcdad162708c8c4659c04289c710177f0de59adef4e15295eb2197a3d24db4c295576222711a3e9688978164db7a7c8d094ebc91cb14be6c91defc06 |
memory/3424-211-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-220-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-224-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-228-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4a04e455177bfe5483b9bd7bf53a3b1e |
| SHA1 | 18493adbea52cd2037176177e18fc6499ade698a |
| SHA256 | 91b90a5a47da3186f2c6830ffef1b63cd0356e6d5dfadb16d1ed263ac0e3bc37 |
| SHA512 | 333b92e6b1d06f261dbde0483da38a4f24ff86e1ce19af0313fea9f558fb95ec1ea1fb1310ba2c6e623bf9d7cdb8440813bf35bc8e8fe23241fe17694f7f62c2 |
memory/3424-243-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3424-246-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 2370bac887ef61a3d3d2d48088c97b16 |
| SHA1 | 716505fd23d1694a7abad496c5503a6496695cf4 |
| SHA256 | 5f281118c5802fc70bc50636c369f6c722b8913b8a5c371a1d947ff532887c92 |
| SHA512 | e963b62226ae1a8f2f8929018c898deda8bd78294193430a14281264a852f4e68e341c8f45f9a4fed565f0a5c7b0fb79f20e12e643915a21d42f275b0caa04f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\results[2].htm
| MD5 | ee4aed56584bf64c08683064e422b722 |
| SHA1 | 45e5ba33f57c6848e84b66e7e856a6b60af6c4a8 |
| SHA256 | a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61 |
| SHA512 | 058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\search[10].htm
| MD5 | fa4c3a890892487b7657380d377d2764 |
| SHA1 | 9dc1f9de75efdf795ec7f724195eae91658d7b62 |
| SHA256 | ebe65bed2d2fc1244271aa0bf73eb00398167cead0ddb7c09fe0e299d2fd9079 |
| SHA512 | 2fb922127ad9e5f099a2a37cf252389fdc6a66dc5d7a65e67973690f906525470689f6e17cbd017c484e9ed99f2cd7ea7c5d670b65593b27e7d5ad3302637cb1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\search[1].htm
| MD5 | 69e731b77ef79ce4ac6523bacb127474 |
| SHA1 | a8612c29437c3e42b750516d65a5ee1080488678 |
| SHA256 | 92d63bb01b703ff39a35ef2329c622e2b7f48db1ac9131d89e3a6552e9af6b8d |
| SHA512 | f944564cebea2423120492b8f70f1624e49f6b61bde920a032498e45bc2417377e8166c149f2c8193f56e6669672ec21bd2d1d36731f7ba9b4d32a7b63ebf41e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\searchW1V3JXX5.htm
| MD5 | 541eb3c5dc4f0dd668780760138c0faa |
| SHA1 | ef7f8c20fd3a521553ab24ff9dcb4fe167608b36 |
| SHA256 | 175c7494e4da62ae68dc2b8a386b1ca7ecdcc0ac312a6d9e472727fb92ffb2df |
| SHA512 | a52e964123db78c1f41e7c27d14c55ac12e1003590208087e93b91f6086ba6ad4a44b3f3618d99c968b6ab7206e93b83fc0b6af8a45ddb174117f7472a33449a |