Analysis Overview
SHA256
4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb
Threat Level: Known bad
The file 4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe was found to be: Known bad.
Malicious Activity Summary
MyDoom
Mydoom family
Detects MyDoom family
Executes dropped EXE
Adds Run key to start application
UPX packed file
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 15:05
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 15:05
Reported
2024-11-17 15:07
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
| PID 2232 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
| PID 2232 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
| PID 2232 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe
"C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.128.8.216:1034 | tcp | |
| N/A | 10.93.103.153:1034 | tcp | |
| N/A | 10.150.78.55:1034 | tcp | |
| N/A | 10.202.221.84:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.11.2:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.124:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| N/A | 10.226.153.157:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2232-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2744-11-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2232-10-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2232-9-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2232-17-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2232-18-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2232-19-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2744-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-22-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-27-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-34-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-39-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2232-43-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2744-44-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-46-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | da73797fcf421c1cfbf8f25cdc44c6c8 |
| SHA1 | b98109d43f0f523cea38dfd1932ee90f4f246f2e |
| SHA256 | 8c7ed9ff3dc89ce51913bbc241449c23697fd20397dc2f6c742183caa8b623fd |
| SHA512 | 69b2981b601ccb4e89bcbbbb9cf0f95e7bb8a0fdabe993d9c573462bf90e00cdb57281a68ceae5ff73fe93cd383d3ad6f8783dcffa201046f3fc6b739f36fb2d |
C:\Users\Admin\AppData\Local\Temp\tmpA17F.tmp
| MD5 | 53f4027878af421f7b7ce318c008ef20 |
| SHA1 | ddcbc129d8f7a6316d69a6507cc805d500118696 |
| SHA256 | 5cc14e3902a09f50a1e301e9209b8b863c1eac853728d7fc4b305eff443e9d42 |
| SHA512 | ce7d389205d72cab7fb1bcaa8f9f2249134d2cfc5f98847aa1d76ccdf1ad65ef48894f7d917b9bd04d412b7c603c02de28c02adb96fe9c3478c58505d548d645 |
memory/2232-64-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2744-65-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2232-68-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2744-69-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2232-70-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2744-71-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2744-76-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-17 15:05
Reported
2024-11-17 15:07
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1872 wrote to memory of 640 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
| PID 1872 wrote to memory of 640 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
| PID 1872 wrote to memory of 640 | N/A | C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe
"C:\Users\Admin\AppData\Local\Temp\4231cbf6cfa7a3c534b8ed947f06b1e328e4e7ba3afd08b66f2a090bdf1031eb.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.128.8.216:1034 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 10.93.103.153:1034 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| N/A | 10.150.78.55:1034 | tcp | |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| N/A | 10.202.221.84:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| BE | 64.233.167.26:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 52.101.11.2:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | 125.21.192.23.in-addr.arpa | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| N/A | 172.16.1.124:1034 | tcp | |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | aspmx5.googlemail.com | udp |
| SG | 74.125.200.27:25 | aspmx5.googlemail.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | acm.org | udp |
| US | 104.17.78.30:25 | acm.org | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 171.64.64.64:25 | cs.stanford.edu | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| N/A | 10.226.153.157:1034 | tcp | |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| DE | 142.251.9.26:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | outlook-com.olc.protection.outlook.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 52.101.40.30:25 | outlook-com.olc.protection.outlook.com | tcp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| US | 8.8.8.8:53 | mx.acm.org | udp |
| US | 8.8.8.8:53 | mail.acm.org | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | smtp.acm.org | udp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| N/A | 2.18.190.73:80 | tcp |
Files
memory/1872-0-0x0000000000500000-0x0000000000510200-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/640-6-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1872-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/640-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/640-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/640-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/640-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/640-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/640-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1872-37-0x0000000000500000-0x0000000000510200-memory.dmp
memory/640-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1872-39-0x0000000000500000-0x0000000000510200-memory.dmp
memory/640-40-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b43c0aeec9a7c7743ff7e08b46d17e72 |
| SHA1 | 91f90654b95118659f3c1cefaf11afb7be904d63 |
| SHA256 | 8b44102163b401307db472a2444879b8ea06a9ae32849d73a4486519ada1ea92 |
| SHA512 | 03ac040f5cb7eeb29bca09c8cd70ddf6c2a9d1ad88c5a955f5ab77f052711cf1c4e4ef400aa7f6e973d7ef2165debb314377974658ccfbefe51ed7fa6b4fb952 |
C:\Users\Admin\AppData\Local\Temp\tmpB87D.tmp
| MD5 | c771fb06612e72a33b6dfdafa4c311b3 |
| SHA1 | db1acb1648152f85a642ed3ba99f522c6d5cf8d1 |
| SHA256 | 1047ecf463f23dbcaeefabf99b3a8fd7ef35379ac6c8ab36037eda3efb61e9dc |
| SHA512 | 94295f252e127fc2ce8d896afe478a9c8d5f5b5d68a8b1348c406f088a1d49920ac6195abd39b9fdd1470997d80b2787f72f63d443c0ba9bbf7210b011d20d73 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | ee77dfe137a2c128f17a514e0a2d67ff |
| SHA1 | 5d01ae464165ccbbe5e1395d3f0cd30b3eb1f5d2 |
| SHA256 | 7014535f5c89a04b3682af5c34f4bf580673599ce0a18083d93f1c4fd9dbbabe |
| SHA512 | 6c812040f80f9f07929425f4cc3e65084853e025869e0dd231fe656b6ccb9cc4c4a0832a84cae41d02e8b7f7ffa90d113ca6ad6e4e91416056f91c3571f019ef |
memory/1872-113-0x0000000000500000-0x0000000000510200-memory.dmp
memory/640-114-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1872-129-0x0000000000500000-0x0000000000510200-memory.dmp
memory/640-130-0x0000000000400000-0x0000000000408000-memory.dmp
memory/640-145-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1872-149-0x0000000000500000-0x0000000000510200-memory.dmp
memory/640-150-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | a177a7e89d401a6d0909c9e3a8f5db31 |
| SHA1 | 54eff7057880ccdd4c36deec34c60edd5c6d14a2 |
| SHA256 | 3265a6eb78e4b8616f20c7376a49801af1ac9787aea737c11cec82f3ab63e44b |
| SHA512 | c6921baf14110ac0a99b2e3ced594785a1b132928270deeb59f22b837a814431cfdf91572969a6b9c5558bb0d605a9058ca388e809a96b7a5c2cdcfd1ffe873b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0GUUC90F\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IQ93NPJ1\7ZBUQCIS.htm
| MD5 | ecc0a811e3aa4c69b086abf9da20032b |
| SHA1 | 452e3956768d083a1f360a1ba0325d8391e8b50f |
| SHA256 | e82986f649146d44d1da2f393bd72fb081072a8123ca0bde434739afbb4bd5fc |
| SHA512 | cb42d919c2678143c5dd3870bcb0fb0caa890750b124a2445fbc67a8af1a607c5cbcf5417672ed99dba40c1d1db7adf5829b57adb255d65d83d247ae01fbbc0a |