Analysis Overview
SHA256
c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d
Threat Level: Known bad
The file c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d was found to be: Known bad.
Malicious Activity Summary
Detects MyDoom family
MyDoom
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 05:18
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 05:18
Reported
2024-10-25 05:20
Platform
win7-20240903-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2968 wrote to memory of 2852 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
| PID 2968 wrote to memory of 2852 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
| PID 2968 wrote to memory of 2852 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
| PID 2968 wrote to memory of 2852 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe
"C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.156.133.4:1034 | tcp | |
| N/A | 192.168.2.18:1034 | tcp | |
| N/A | 10.152.243.207:1034 | tcp | |
| N/A | 192.168.2.9:1034 | tcp | |
| N/A | 172.16.1.165:1034 | tcp | |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.26:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 192.168.2.14:1034 | tcp | |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| N/A | 192.168.2.13:1034 | tcp |
Files
memory/2968-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2968-4-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2968-15-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2852-17-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-18-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-23-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-35-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-42-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\valyETpypq.log
| MD5 | d971bd453a97d84ad8bffa572cf0b8e5 |
| SHA1 | 46de8ff0f3cc73f898675e73260ea7f2fb5fa774 |
| SHA256 | 81d1c91ff794eff4f2d71990c34573cfa0bf8170a2cfbfbfbc342761f75a350c |
| SHA512 | b4e76eacd8d4b68fd7ad6d163ef3cb18f0e050b05f90155e8cce79908f52af156ba3564890888e7aa36a631540a4ee82484509b10e17aa1936079385727385a5 |
memory/2852-47-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2852-54-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2968-58-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2852-59-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 4150c3b87ae23784ffbbcf78192bfaeb |
| SHA1 | 1b099912cb3ca1b74e198b77b9049f615c5a4458 |
| SHA256 | af3c9e360220f27fc7b7d7359093a26ed6c1b58b90f528b3dcef04e78c4199c8 |
| SHA512 | 44b058d565d1c951cc9aa53512ec6943f5ba9097f0a00c5954f203f6254bb41df66cc22bce4bc64dd76168c88d9fc7758a9fed3ddac6bfbe84c2313de6a4e0ef |
C:\Users\Admin\AppData\Local\Temp\tmpCDCA.tmp
| MD5 | de4e7f5181e4edcd9bfbc74e7a28627d |
| SHA1 | f772aa8829ba2cb0dc47270fd31f9f85bcbf9db1 |
| SHA256 | 516d55e96ac41e9f32acafd43879249e960faad7234c7acad73e70e1aafce1e0 |
| SHA512 | 0caa58ca80b9b016113847baee5cccab97011a2e323b7428b4924a98c53b59e8b7c585ff86d09d56862cc5e2029786456041b4eb0d832a00b504621c368b2b9d |
memory/2968-76-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2852-77-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2968-78-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2852-79-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2968-83-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2852-84-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 05:18
Reported
2024-10-25 05:20
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4512 wrote to memory of 4808 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
| PID 4512 wrote to memory of 4808 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
| PID 4512 wrote to memory of 4808 | N/A | C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe
"C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 10.156.133.4:1034 | tcp | |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 192.168.2.18:1034 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 10.152.243.207:1034 | tcp | |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| N/A | 192.168.2.9:1034 | tcp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| N/A | 172.16.1.165:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| NL | 142.250.153.26:25 | aspmx2.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.3.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.52:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 52.101.40.4:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| N/A | 192.168.2.14:1034 | tcp | |
| US | 8.8.8.8:53 | aspmx4.googlemail.com | udp |
| FI | 142.251.1.27:25 | aspmx4.googlemail.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| N/A | 192.168.2.13:1034 | tcp |
Files
memory/4512-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/4808-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4512-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4808-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Crxeuokzi.log
| MD5 | 299d53f4ac06edc35b6d4139bb5a0794 |
| SHA1 | 2d5de84abfe090f50823de62e7e97cb52174b187 |
| SHA256 | 077967d487365bcbea1268f0e28e1681f228440be53ba43e8b593709e94716de |
| SHA512 | 71ec38adb3c531d3a59ae193967d969f3c5c23b0eba9d9c0d242ba707c99b0c6e2d1133e966b0432dab8897d80d49218621be417b790f472695024069b439c46 |
memory/4808-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4512-51-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4808-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4512-56-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4808-57-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 9b41e1e62f0a17d36361efa844e4b447 |
| SHA1 | 0544afb2a56d53a21955c40c73bb236faa77059a |
| SHA256 | 7703cc0bab8ed9f316967f6d9c48f5ae7c87f82f2e5d784337c8fcbba041f238 |
| SHA512 | 93d30f04c0d9b382ae18fb477227e53273a23fecbe703fe3594f6149856b36c28a116dd9a179a8ca52578368bce582417b4b89e058f20c4ed0e2a8102e776194 |
C:\Users\Admin\AppData\Local\Temp\tmp335E.tmp
| MD5 | f401ef1d53baf91c06552f2014050cc0 |
| SHA1 | d3b6cf6a612007352e91d5632aa4823379d9723b |
| SHA256 | 4e18e97b4c31667c379013454089bc8252dcc4c74968143aa06871ba310f6551 |
| SHA512 | de9e1025b255147a266048fb9e61814814d4f5df59f109ecc121e0d190454bf869a281fd1d82fb32fbc46b7556dc2aa9ca08380c14befea1089286f6cfeb8a90 |
C:\Users\Admin\AppData\Local\Temp\tmp335F.tmp
| MD5 | 78e68b9a00042b782521b745dee12d6c |
| SHA1 | 225b8ad2c5c5e263f0089ccf98445e24d8cc3166 |
| SHA256 | c668f348a045d855e4c579efd5e596a90d1f64795d58873b43e0957448c89fbc |
| SHA512 | 58f78add881837c172bf681d0462bd24b433a436b1b0921467f08f6f222a0d59653286d08b54e0965c5f8b94885e2ca09cb70dcdd12749226e4d5f46ebd3fc87 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\84KCLP1T\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FQRZN8O7\search[2].htm
| MD5 | 24186c5536549c9d963b30327c6f41eb |
| SHA1 | fc17ba68363e5a7355e2c82e94d02c3cf8ba02ce |
| SHA256 | fb87b846391448bbc499e5f7f082aa9e92bf1e44490abf67a267d30aebcd7244 |
| SHA512 | 269a32985321bb585d4bb2ed87b4435be29cc744f3ae634b56aee1c1aaa13b6db1eba898686f5123b61207681a98d532b8d96d6825b334f29ae49a3baa7135ad |
memory/4512-164-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4808-165-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 81aba4e4a5a3c1fb79672ba828069497 |
| SHA1 | ef11d9425b7a4aaca833886be59638f918be4bff |
| SHA256 | 34b8dd69d3cdba226080e694d577faefc5562eb048d5afc8060c1014497fcce4 |
| SHA512 | 0221e22f9af6106a8d4a7b535f1399b5881b47a7d8a5511dde0cb33e874f406b95268aff3ea738e6b1f7bfb7229653b85e275415fb315a37c8bfc275019b3d87 |
memory/4512-190-0x0000000000500000-0x0000000000510200-memory.dmp
memory/4808-191-0x0000000000400000-0x0000000000408000-memory.dmp
memory/4808-195-0x0000000000400000-0x0000000000408000-memory.dmp