Timeline

- Duration: 17 hours

Fri Jul 24 20:12:41 CEST 2015

Started win4

Fri Jul 24 20:17:23 CEST 2015

Infected

It worked and started to send HTTP request.

Sat Jul 25 13:41:43 CEST 2015

Poweroff

Analysis

Some of the info send by the malware

F=9474CF3CF13CC6D1
Host Name:                 WIN4
OS Name:                   Microsoft Windows 7 Ultimate 
OS Version:                6.1.7600 N/A Build 7600
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          Windows User
Registered Organization:   
Product ID:                00426-OEM-8992662-00497
Original Install Date:     5/25/2012, 15:44:43
System Boot Time:          7/24/2015, 10:58:40
System Manufacturer:       innotek GmbH
System Model:              VirtualBox
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                       [01]: x64 Family 6 Model 44 Stepping 2 GenuineIntel ~3204 Mhz
BIOS Version:              innotek GmbH VirtualBox, 12/1/2006
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory:     256 MB
Available Physical Memory: 58 MB
Virtual Memory: Max Size:  822 MB
Virtual Memory: Available: 554 MB
Virtual Memory: In Use:    268 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    Workgroup
Logon Server:              \\WIN4
Hotfix(s):                 N/A
Network Card(s):           1 NIC(s) Installed.
                           [01]: Intel(R) PRO/1000 MT Desktop Adapter
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.0.2.104
                                 [02]: fe80::c06e:84b6:bcb8:a750