Analysis Overview
SHA256
8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49
Threat Level: Known bad
The file 8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N was found to be: Known bad.
Malicious Activity Summary
MyDoom
Detects MyDoom family
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 17:42
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 17:42
Reported
2024-10-23 18:01
Platform
win7-20241023-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3032 wrote to memory of 2160 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
| PID 3032 wrote to memory of 2160 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
| PID 3032 wrote to memory of 2160 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
| PID 3032 wrote to memory of 2160 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe
"C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.16.1.3:1034 | tcp | |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 10.0.77.20:1034 | tcp | |
| N/A | 192.168.2.155:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.9.21:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.128.8.216:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.127.0.6:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
Files
memory/3032-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3032-3-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3032-15-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2160-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-37-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3032-36-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3032-41-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2160-42-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 0f716581a70351060f6a11c308cab9bf |
| SHA1 | d655eb24a20ca06230ce728cb8d5b9b86cc0a896 |
| SHA256 | d53cf0dee73116ae8174e9798f1dfbf435bdb7dfb50c4f6a4518239820c051e1 |
| SHA512 | 21d0826e9c6e7a92455c299f8de26e5f65fe10f53c210e064eec25e42cb281603bce5c6f8c6d2cd01549f66a8912cb04df1f1888ff443f34eac269483f27119b |
C:\Users\Admin\AppData\Local\Temp\tmpD4AD.tmp
| MD5 | 1d880fcb2140b694c104369bf9e64288 |
| SHA1 | 19a44b15d418a4337150654e124b64d64624044b |
| SHA256 | abfea9c23682d88d129e06fb94ab01047056608938af52462b421f265a3b24b5 |
| SHA512 | be8820d1c54ec9398a1a831c3e5529f8c84c594c8493de5b612b683fcca5e7bca73bcff90da9f4a127b48c6bbbf32ec3f442adf74e5ac1075f2ceeac3bbf2017 |
memory/2160-63-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3032-62-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2160-68-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3032-67-0x0000000000500000-0x0000000000510200-memory.dmp
memory/3032-69-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2160-70-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2160-75-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 17:42
Reported
2024-10-24 10:52
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3844 wrote to memory of 4552 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
| PID 3844 wrote to memory of 4552 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
| PID 3844 wrote to memory of 4552 | N/A | C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe
"C:\Users\Admin\AppData\Local\Temp\8dba599b863e224fe8a0d5a839bfddbc6a43823fff895678668168394852fb49N.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 172.16.1.3:1034 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 10.156.133.4:1034 | tcp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| N/A | 10.0.77.20:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| NL | 142.250.153.26:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.28:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | caltech.edu | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx1.caltech.iphmx.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 68.232.147.192:25 | mx1.caltech.iphmx.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.2.155:1034 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| SG | 74.125.200.26:25 | aspmx5.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | mx2.caltech.iphmx.com | udp |
| US | 68.232.147.192:25 | mx2.caltech.iphmx.com | tcp |
| N/A | 10.128.8.216:1034 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| DE | 142.251.9.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| IE | 52.101.68.2:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | caltech.edu | udp |
| US | 52.26.125.194:25 | caltech.edu | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| N/A | 10.127.0.6:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| FI | 142.251.1.27:25 | aspmx4.googlemail.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 52.96.111.82:25 | outlook.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mail.burtleburtle.net | udp |
| US | 65.254.250.102:25 | mail.burtleburtle.net | tcp |
Files
memory/3844-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4552-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3844-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4552-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4552-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4552-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3844-27-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3844-32-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-33-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | ab6dd5478a363247d4779e93e8849c47 |
| SHA1 | e34a85caf20723181eb9ab407d5fc5b629026009 |
| SHA256 | f6932482f92b35ba5b3ff8dec2071de51924c3c3611970bf71c14c6c2e7e4c40 |
| SHA512 | a30d007bf6162a3d33d2f1beb53fc7f69ee81a4c5c4684997c836f4755f47f07d79d9007f6e7c67e7c115b51c6530087551bae4f64cb32f2b9eb013cdaded27e |
C:\Users\Admin\AppData\Local\Temp\tmp24FB.tmp
| MD5 | f0024fc25b30fc9751a4c8a5d1f7bb68 |
| SHA1 | e3aad6c61642d2b173e943a53e173f22d010802c |
| SHA256 | cdd91bfec1b4095b54614891e00f8956f9d6472cf4fde13139bd0b99adecbbf6 |
| SHA512 | a40464ce7a4890dcaf5d4c54bb5c765aacdb33ff4d201d0c97561bdd44de7c5c768a7bb8fd8eeaf798bb81ea05ef0798b6a91cc3d3536ddb1d67f97e8001f787 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3DWZNJ32\72BLSBWB.htm
| MD5 | e35eb77d62de84192138612f2504ce77 |
| SHA1 | 3d343b9054d9c08a624c04fb4d02ddc8f3d392c9 |
| SHA256 | 720e41c0a10b0738e63ff0cc8ad03690eaf1f63d54e88c1436bb03835094a8fc |
| SHA512 | a6cdd229e8a649b2f13708ab42fa80debd70c9785e82e40609985f380a8271315a8c42c28e477a96983ca62001ecdbf13223c57e9a87b6b4ee1a7ffc445f50bb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OIPZWEW8\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OIPZWEW8\search[3].htm
| MD5 | d3ca7e7a8fb8f14854c845e073bcb779 |
| SHA1 | 53aff0da7a902d5e01b065a07f1833feb0ef4996 |
| SHA256 | 68958d22ff1755cad5aa41cd32191e9646290b4f3831a25dee90cd4ccb371885 |
| SHA512 | 98ae6c8fcbc21667caae0a5176ee1b399444f3c8c2b3409f40c3df2f23d5aba80ecba50cc60d2045335654b4bb4c74eb88f67e8541380812d95ce83e5508dc7c |
memory/3844-256-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-257-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3844-258-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-259-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4552-264-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3844-268-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-269-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 2b96f4b1b69f1b6c5103bf6c4b477e47 |
| SHA1 | b7a2980380ad183b588a6168504e929dd83160b4 |
| SHA256 | 4da54bf66567409eaab0b3323eb314880b9a0c92cbaa419ccdf9f5d95bf1ba8f |
| SHA512 | 5eb8cd2bcf25de8540f0f8f2a13f42f64b027129f6f74ccb6df86bd58093c6c8008bb079e8204ab470f3daf755cde5ea5e48fc9a68ab33bee1007c7e3d82ea10 |
memory/3844-295-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-296-0x0000000000400000-0x0000000000408000-memory.dmp
memory/3844-299-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4552-300-0x0000000000400000-0x0000000000408000-memory.dmp