Malware Analysis Report

2025-03-15 00:47

Sample ID 241022-z4kesavapg
Target 3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc
SHA256 3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc
Tags
mydoom discovery persistence upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc

Threat Level: Known bad

The file 3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc was found to be: Known bad.

Malicious Activity Summary

mydoom discovery persistence upx worm

Detects MyDoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-22 21:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-22 21:16

Reported

2024-10-22 21:18

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe

"C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
N/A 10.127.0.6:1034 tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 10.152.243.207:1034 tcp
N/A 192.168.2.9:1034 tcp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 acm.org udp
DE 142.251.9.27:25 alt2.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.11.17:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
N/A 172.16.1.165:1034 tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
US 8.8.8.8:53 acm.org udp
FI 142.251.1.27:25 aspmx4.googlemail.com tcp
US 104.17.78.30:25 acm.org tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 aspmx.l.google.com udp
BE 142.250.110.27:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 smtp.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
IE 212.82.100.137:80 www.altavista.com tcp
US 52.101.11.8:25 outlook-com.olc.protection.outlook.com tcp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
GB 142.250.200.36:80 www.google.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
N/A 192.168.2.13:1034 tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
NL 142.250.153.26:25 aspmx2.googlemail.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 8.8.8.8:53 mail.burtleburtle.net udp
US 65.254.250.102:25 mail.burtleburtle.net tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 8.8.8.8:53 outlook.com udp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 52.96.111.82:25 outlook.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
N/A 192.168.2.10:1034 tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 tcp
US 209.202.254.10:443 tcp
US 209.202.254.10:443 tcp
GB 142.250.200.36:80 tcp
IE 212.82.100.137:80 tcp

Files

memory/3840-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3880-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3840-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3880-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3880-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3880-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3880-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3880-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3880-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3840-39-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-40-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fjhpfcypbl.log

MD5 8c7d50bd75dccea525f6106354615780
SHA1 dd21633dc98ae7763688ddfb9718da74eaf52487
SHA256 430cc2f9b1c40ccf7ae85f4eef530ce477ca8610eb3c8ba87dc357518c9ebddf
SHA512 3bb0610ed18f5de0de59f63884011e7105aadea7b788d237dea48302a0ba9e617aee87bafd6fcbfca13a9c2d7fd671ca156c111709cfbcd2ff7bd77674d39743

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 6492c11907daaecd708ae3e44572812c
SHA1 54a15dad4f3e7bd48914fb723fbf1d52f8e7e199
SHA256 4141dc3533b9eaeff7f1305cbed3fb8c097c95274de174686766c67bc15c7617
SHA512 f1d29fd830cb7571b307749d896f2cfce6d7b7fae63b11e0dac27e9937d74f1d021ed2491be457a461df93f0bdd5ea9e8a4753f8e4fa5d7da0260020f92c8679

C:\Users\Admin\AppData\Local\Temp\tmpCEE6.tmp

MD5 831c4bcad6779e63b7fb39c8b560fb20
SHA1 0409d816823b5cb423dcc0cb189994d006e5e65b
SHA256 9c458b942ce39f243c1843e5cc323d54076921bf3e635cf5284cc66c6bda3b3b
SHA512 c9941f99d60e93571763b4d58c8dde32fbcccb802acc618b2de1afd9b0fdfd25cb0f9a59a21a0d102422f7feb6865b8ba20daf3cf96552cd2806bee0ad3b44ee

memory/3840-117-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-118-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X3JA8BBM\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/3840-167-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-168-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3840-169-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-170-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3840-174-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-175-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 e83a270468e5de8ca260837ceab03a6d
SHA1 a68a20cf16207c0f96dda12108e15eb852b8becd
SHA256 9b6b12851f05467baeba6379cda9d4d8d6e7954095d564deac2e6dae815f791b
SHA512 0fafd3345fea9fc8f2fa43d02779d102505958f7da7296fc260faf526ed66417c19efa70056fe1a2bdffdfa2d76262573b8bb795edc17f56e5a52e21b2ff07cf

memory/3840-188-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-192-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X3JA8BBM\default[2].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

memory/3880-223-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3840-222-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3880-257-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3840-256-0x0000000000500000-0x0000000000510200-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 21:16

Reported

2024-10-22 21:18

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe

"C:\Users\Admin\AppData\Local\Temp\3f5b6dca2b137d5ff34a48ac6a0a9bd8814323c90e5edf5810983c67a54c07dc.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
N/A 10.127.0.6:1034 tcp
N/A 10.152.243.207:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.10.12:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.9:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
N/A 172.16.1.165:1034 tcp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
US 8.8.8.8:53 unicode.org udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 apple.com udp
BE 64.233.184.26:25 aspmx.l.google.com tcp
US 8.8.8.8:53 mx-in.g.apple.com udp
DK 17.57.170.2:25 mx-in.g.apple.com tcp
N/A 192.168.2.13:1034 tcp
US 8.8.8.8:53 smtp.gzip.org udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.altavista.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.74:80 r11.o.lencr.org tcp
GB 2.18.190.74:80 r11.o.lencr.org tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
IE 212.82.100.137:80 www.altavista.com tcp
DE 142.251.9.27:25 alt2.aspmx.l.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 mx-in-vib.apple.com udp
DK 17.57.170.2:25 mx-in-vib.apple.com tcp
N/A 192.168.2.10:1034 tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.200.36:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.200.36:80 tcp
IE 212.82.100.137:80 tcp
GB 142.250.200.36:80 tcp
IE 212.82.100.137:80 tcp

Files

memory/2384-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2384-4-0x00000000001B0000-0x00000000001B8000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3056-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2384-9-0x00000000001B0000-0x00000000001B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2384-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-20-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-25-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-30-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2384-36-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-37-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2384-41-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-42-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpA2A5.tmp

MD5 814e9d6b8a3e6652d78983a4b8ea1f98
SHA1 9a418ebec9fe3a5d359ac73b8f5d51d72e77f327
SHA256 0084908913c140ffd0e17f3160cf979af6e7ed84788c089833e28897f6b32450
SHA512 491970a315d9fdab6fab67c6bdea2d91bc49fc77fa6e6d260cb9dbd3184f4f2faa04b0298caf34913cc5c8cdcd039b780d9eb9650d1b227a99e94d5b06c55d1d

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 9a6c222ab63f8939f0132be0a5b967f0
SHA1 aae57b3ba406cfccc8867261a38aec0492d64362
SHA256 7c682de615248ff18d14685fa0bdd81c8f9d7a7ddadc6ae3eda67e61628d492d
SHA512 3233ec6fc1c1c84c9aa6fc417f86705e5ed4b9988dc11e5c8d5c96fe72b459085f96fbc4c312c15aef28cabc333b3d99500082e4237d8db6899ed4c8cd672f66

memory/2384-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-61-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\valyETpypq.log

MD5 c7121204871ec8b9070b00347a880232
SHA1 914fa985bb8ade4d53af9293d9c61046798f9cae
SHA256 4192a1917805aea4741cf489cc0a66f20d0f611bb9699d6a7138406b81cce0a2
SHA512 664413c239827ca1ddc39a927cd99eded4b818ccf6cd17d525563514538d225b55d18fdb262a4a92f8e2e78d4217c51a62651bad82f791b16eb06326c3eaa548

memory/3056-65-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2384-69-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-70-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2384-71-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-72-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2384-76-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-77-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3056-82-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 efb8100971a0b22cc30f94a7d87455d5
SHA1 cd6c305c05da2d01eeef60a5cef754f676a4e222
SHA256 9f334393540141013abe03bd0e72ce53a574c9bc0449e48f12e7f94b145bc77b
SHA512 cb65594532813b812383d63abd86ac738a6c395beda78a7a69409705fb15a6e3de38187dde16f9315e1aadedef44d39397387e8255df66655e733211fa8273fd

memory/2384-105-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-106-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabAE62.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7565c69b345c8f257a627590760c79
SHA1 17253f79598cf0b2eac6237277b226715e972ba5
SHA256 f509ec10c0cf04f1b04b3ee3ddc63016e898530d0077bc5284c21f5b4d5cdc96
SHA512 6860e57b38844eea40eb69e95e949bc26c8989d3f3e726972ce89b6b3f5560468d2c8279ab1385fe302fe2262bbf637c5a701e5632797e64ccd72074fc670d5c

C:\Users\Admin\AppData\Local\Temp\TarAEF1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4533c483387ec767b9922f4ed9b56bb
SHA1 99363383a86fce5e2f93f67540aefe462a39e307
SHA256 cc408d1e76939ac4d6d796ca923a6f8ce5611988e9550fc9dfeb80d24e3ffc02
SHA512 48f0697d502bceece8974dd372672de21ebe4496b90844e0ef99881c22995148934b4bea52740491896e2d4bd8fea104997f0b92c994843e5ac5165e440c9c18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc023201c84f351b0ee0f63f608e5d42
SHA1 e336fa5f8d9e020ee94bbf758ec52513cbc5f9fc
SHA256 152550a07efe6055c7d385e06c1e6f90cfef3f7c2b5a38589237c1103074a0f0
SHA512 4a112c550dd17e2262eb29e4e42d09367b97e1938786c437732749a20b8a9d12178e49f1a5ba23ff562f80a9141e0aec62b0528d67866f0f3a15a2136d6734eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

memory/2384-300-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3056-301-0x0000000000400000-0x0000000000408000-memory.dmp