Description

Timeline

Sat Mar 26 00:21:10 CET 2016

started win3

Sat Mar 26 00:23:57 CET 2016

Infected

Mon Mar 28 23:00:00 CEST 2016 approx

The machine stop sending TCP and http packets. Not sure why.

Tue Mar 29 23:10:00 CEST 2016 approx

The computer stop connecting

Mon Apr 4 23:16:56 CEST 2016

Restarted to see if it starts working again

It did! Something was broken withe malware?

Wed Apr 20 10:43:27 CEST 2016

Stopped the vm

Analysis

Domain: itemsuofitquestumequequi.com

Domain Name: ITEMSUOFITQUESTUMEQUEQUI.COM
Registrar: TODAYNIC.COM, INC.
Sponsoring Registrar IANA ID: 697
Whois Server: whois.todaynic.com
Name Server: NS1.NEONGIT.AT
Name Server: NS2.NEONGIT.AT
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Registrar: Todaynic.com, Inc.


itemsuofitquestumequequi.com. 137 IN    A   37.115.124.26
descr:          Kyivstar GSM
descr:          Ukrainian mobile phone operator
country:        UA
itemsuofitquestumequequi.com. 137 IN    A   212.92.224.191
descr:          WildPark Co
country:        UA
address:        Nikolaev, Ukraine
itemsuofitquestumequequi.com. 137 IN    A   178.150.24.221
descr:          Kiev , Minskiy
country:        UA
itemsuofitquestumequequi.com. 137 IN    A   178.151.235.213
descr:          Kiev , Vinogradar
country:        UA
itemsuofitquestumequequi.com. 137 IN    A   188.247.99.172
netname:        GTS-NET
descr:          DataGroup-Dnepr
country:        UA
address:        61002 Kharkov, Ukraine
itemsuofitquestumequequi.com. 137 IN    A   178.151.110.15
netname:        TRIOLAN
descr:          Kiev , Harkovsky
country:        UA
address:        Ukraine
itemsuofitquestumequequi.com. 137 IN    A   77.122.19.164
itemsuofitquestumequequi.com. 137 IN    A   95.134.166.81
itemsuofitquestumequequi.com. 137 IN    A   178.93.115.201
itemsuofitquestumequequi.com. 137 IN    A   80.245.94.25