Malware Analysis Report

2024-12-07 02:47

Sample ID 241114-l9ngqsxjby
Target 1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe
SHA256 1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607
Tags
mydoom discovery persistence upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607

Threat Level: Known bad

The file 1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe was found to be: Known bad.

Malicious Activity Summary

mydoom discovery persistence upx worm

Detects MyDoom family

Mydoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 10:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 10:14

Reported

2024-11-14 10:16

Platform

win7-20240903-en

Max time kernel

120s

Max time network

115s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Mydoom family

mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe

"C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.93.103.153:1034 tcp
N/A 192.168.0.255:1034 tcp
N/A 10.159.126.116:1034 tcp
N/A 10.213.60.59:1034 tcp
N/A 192.168.56.176:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 52.101.11.7:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.0.255:1034 tcp

Files

memory/1480-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/1480-8-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-11-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1480-7-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1480-18-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1480-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/1480-19-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-22-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-27-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-32-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-34-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-39-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-44-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-46-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-51-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2992-56-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1480-55-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2992-58-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1480-57-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 777ded697cdc003529b4104e9a5382a6
SHA1 0e1444748586db64118332572b5dfc2e3ec1c7a8
SHA256 eeda897da5f4f11864f11c0efa014bf7f1d0ddc1793da0e0f3ae017ecc4958d3
SHA512 068e960039fdecb491c2f5522469d4d8aa049df2b89ae7c4c574732cc0e0180b2ec3ac13e6ff18e99192e870fa38ee1ea635888c793bd08b661f404aae0861fe

C:\Users\Admin\AppData\Local\Temp\tmp5A81.tmp

MD5 0d3d25238c10028103e5793f56e89aa5
SHA1 9057b25b83eda28a0f080c0f6263c9ca9f75b923
SHA256 fbdb244a97ac9fe92f6724ed86a9dde425acef84d8b6e627a7d1de9e5aa946e2
SHA512 0029f482b7ba73e55951718968cb109d91ae6a0d851fc6d5ebc580c3d25cc408e0e7fe3945a0846a161457de284b8d8847e5d8c349e6dfed1ba708c34f5d0a15

memory/2992-76-0x0000000000400000-0x0000000000408000-memory.dmp

memory/1480-75-0x0000000000500000-0x0000000000510200-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 10:14

Reported

2024-11-14 10:16

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Mydoom family

mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe

"C:\Users\Admin\AppData\Local\Temp\1010cc6d493b3c80e2a3cfb035e812edab6103bf88d0c5d1b402ffa30ced4607N.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 10.93.103.153:1034 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 192.168.0.255:1034 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 10.159.126.116:1034 tcp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
N/A 10.213.60.59:1034 tcp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 acm.org udp
DE 142.251.9.26:25 aspmx3.googlemail.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 8.8.8.8:53 cs.stanford.edu udp
US 199.89.3.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 smtp2.cs.stanford.edu udp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.8.36:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 search.lycos.com udp
US 8.8.8.8:53 www.altavista.com udp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 www.google.com udp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 142.250.178.4:80 www.google.com tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 125.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.26:25 smtp2.cs.stanford.edu tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
N/A 192.168.56.176:1034 tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
NL 142.250.153.27:25 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 acm.org udp
US 104.17.79.30:25 acm.org tcp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 65.254.227.224:25 burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 204.13.239.180:25 alumni.caltech.edu tcp
US 85.187.148.2:25 gzip.org tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
N/A 192.168.0.255:1034 tcp
US 8.8.8.8:53 aspmx4.googlemail.com udp
FI 142.250.150.27:25 aspmx4.googlemail.com tcp
US 8.8.8.8:53 mx.acm.org udp
US 8.8.8.8:53 mail.acm.org udp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp.acm.org udp
US 171.64.64.64:25 cs.stanford.edu tcp
US 171.64.64.64:25 cs.stanford.edu tcp
US 65.254.254.50:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 outlook-com.olc.protection.outlook.com udp
GB 142.250.178.4:80 www.google.com tcp
US 52.101.194.5:25 outlook-com.olc.protection.outlook.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mail.gzip.org udp
US 209.202.254.10:443 search.lycos.com tcp
US 85.187.148.2:25 mail.gzip.org tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.178.4:80 www.google.com tcp
IE 212.82.100.137:80 tcp
US 209.202.254.10:443 tcp
GB 142.250.178.4:80 tcp
GB 142.250.178.4:80 tcp

Files

memory/3996-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/3648-6-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3996-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3648-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3996-37-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 3d48701a47bd3775863093bd947df511
SHA1 71b4f55932127f2ee113894b0c16ccf3f35a1623
SHA256 3f0ea3251fdb5dab61b957d6d7482018ad40b79aeb7a82fdd013774a2050845c
SHA512 a25ea28f4f03ae284450b72c305dd77c753946c6d8ccaa0a7d003d369c8ed0a3fa4f77732c5f9f1c1aa15a6034e428662e7058411458064b045b74000b175c51

C:\Users\Admin\AppData\Local\Temp\tmpCA90.tmp

MD5 64e134468015976f2da5bb6f3e37068c
SHA1 040d0ba370600e0f4d4f75fd9696bf257574483d
SHA256 d6bc2fc7dc2fef88f5b0c93cdf352728a124494dba8989241746bf90c0234f2b
SHA512 d2fd03e3d0810b3d5bcde332f24f9e05ee55bde628987d231ab1e07e66eb49448c8d8d26d61ada176d93b4f336c03160ce69b8a21a8e6d28ba43362d5a4cc867

C:\Users\Admin\AppData\Local\Temp\tmpCB83.tmp

MD5 c3095f6981728197742e8e577d59b79c
SHA1 3eb725ed68caf4dcb8aadbd056f4921c9e0fe2f0
SHA256 0d532968d32d5ff950548703b0c9814948e29ab491d250347db1df85f325da61
SHA512 5445623cdd787f8594e748856e0b1d5b97e74f53d9f5ac691f58242623ea976fea80e9e91fbb3698182cc11e4595bd865039ef92ff322eec3274e43c60c9dc5e

memory/3996-109-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3648-110-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\search[1].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 57fee3918393b2c2f1ad19b73981b712
SHA1 add4fcdcc22997ad7569d9ecb77753e9af421016
SHA256 f9555f98bebc950b07825cb302cd3aa14b6b11a75e7478b010faa8f412290ab9
SHA512 1b500704171ba404bc053233195e8dd41f1d899c1ccd2c73af79107276d590f65961ed5c1670ae198d5fd2613f21d4f5c7e6d0192192f3531839c21ef51a7686

memory/3996-158-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3648-159-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3996-162-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3648-163-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3648-165-0x0000000000400000-0x0000000000408000-memory.dmp

memory/3996-169-0x0000000000500000-0x0000000000510200-memory.dmp

memory/3648-170-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 98f212671e98bb571f703b3ec42ad707
SHA1 535d27f7505d4057f00c2932569e3b7da7cfef93
SHA256 0d5f3ae4c5869ebfe6c49cb3efecfb8411522a2c7deb644319e77e737ba32e05
SHA512 4c7c8a5af6e1dc5b68800d57f8188abc1618282986f65d05044df2225c69e33cd797c111dae658d856bd7d2372c7baa34d9adb8424149ab4c072f427d4d7c0ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\default[4].htm

MD5 c15952329e9cd008b41f979b6c76b9a2
SHA1 53c58cc742b5a0273df8d01ba2779a979c1ff967
SHA256 5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA512 6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296