Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 23:19
Static task
static1
Behavioral task
behavioral1
Sample
e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe
-
Size
5KB
-
MD5
e61866162c18fa984730aceb2c9601f5
-
SHA1
7f420d8e77155a53f6c65a37446b6f472eba4d58
-
SHA256
c610c1d543f43e3502411f32ed9f7f406474041a996371c0d1e12f35adda6565
-
SHA512
661e98c650ce93c179aafbb8a21d59f8091990586983a28356e3ac420ace197a984849f6728d321c12ed4a0e4c805cea4610437f61ce812c651c2b413f754658
-
SSDEEP
96:Z1DrSJKS7VXBSW57DOpIiSe/6tOeY8mxmu2y5lMA:3rNwVRS8aG/eCFuL5lMA
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2124 cmd.exe -
Executes dropped EXE 64 IoCs
pid Process 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 848 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1068 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2572 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 616 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2700 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2024 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2220 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1764 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2740 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2940 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2768 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 3056 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1804 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 684 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2868 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2264 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2040 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2784 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2032 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2012 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1396 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1612 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2684 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2620 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2504 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2592 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2120 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2472 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 752 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2848 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2348 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2224 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2688 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2004 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2236 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1176 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2336 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1088 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1536 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2280 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2436 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2964 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 548 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1908 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2140 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1816 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1380 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1648 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1344 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2264 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 3036 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2784 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1872 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2160 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2488 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2536 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe -
Loads dropped DLL 64 IoCs
pid Process 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 848 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 848 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1068 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1068 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2572 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2572 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 616 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 616 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2700 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2700 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2024 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2024 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2220 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2220 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1764 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1764 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2740 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2740 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2940 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2940 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2768 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2768 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 3056 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 3056 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1804 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1804 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 684 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 684 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2868 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2868 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2264 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2264 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2040 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2040 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2784 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2784 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2032 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2032 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2012 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2012 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1396 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1396 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1612 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 1612 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2684 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2684 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2620 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 2620 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Deleteme = "\"C:\\Windows\\system32\\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe\"" e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe File created C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1500 wrote to memory of 2276 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 28 PID 1500 wrote to memory of 2276 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 28 PID 1500 wrote to memory of 2276 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 28 PID 1500 wrote to memory of 2276 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 28 PID 1500 wrote to memory of 2124 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 29 PID 1500 wrote to memory of 2124 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 29 PID 1500 wrote to memory of 2124 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 29 PID 1500 wrote to memory of 2124 1500 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 29 PID 2276 wrote to memory of 2608 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 31 PID 2276 wrote to memory of 2608 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 31 PID 2276 wrote to memory of 2608 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 31 PID 2276 wrote to memory of 2608 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 31 PID 2276 wrote to memory of 2656 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 32 PID 2276 wrote to memory of 2656 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 32 PID 2276 wrote to memory of 2656 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 32 PID 2276 wrote to memory of 2656 2276 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 32 PID 2608 wrote to memory of 2544 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 34 PID 2608 wrote to memory of 2544 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 34 PID 2608 wrote to memory of 2544 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 34 PID 2608 wrote to memory of 2544 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 34 PID 2608 wrote to memory of 2652 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 125 PID 2608 wrote to memory of 2652 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 125 PID 2608 wrote to memory of 2652 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 125 PID 2608 wrote to memory of 2652 2608 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 125 PID 2544 wrote to memory of 2404 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 37 PID 2544 wrote to memory of 2404 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 37 PID 2544 wrote to memory of 2404 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 37 PID 2544 wrote to memory of 2404 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 37 PID 2544 wrote to memory of 2120 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 127 PID 2544 wrote to memory of 2120 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 127 PID 2544 wrote to memory of 2120 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 127 PID 2544 wrote to memory of 2120 2544 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 127 PID 2404 wrote to memory of 2508 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 40 PID 2404 wrote to memory of 2508 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 40 PID 2404 wrote to memory of 2508 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 40 PID 2404 wrote to memory of 2508 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 40 PID 2404 wrote to memory of 2460 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 41 PID 2404 wrote to memory of 2460 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 41 PID 2404 wrote to memory of 2460 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 41 PID 2404 wrote to memory of 2460 2404 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 41 PID 2508 wrote to memory of 2832 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 42 PID 2508 wrote to memory of 2832 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 42 PID 2508 wrote to memory of 2832 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 42 PID 2508 wrote to memory of 2832 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 42 PID 2508 wrote to memory of 3012 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 135 PID 2508 wrote to memory of 3012 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 135 PID 2508 wrote to memory of 3012 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 135 PID 2508 wrote to memory of 3012 2508 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 135 PID 2832 wrote to memory of 1480 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 142 PID 2832 wrote to memory of 1480 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 142 PID 2832 wrote to memory of 1480 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 142 PID 2832 wrote to memory of 1480 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 142 PID 2832 wrote to memory of 2376 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 47 PID 2832 wrote to memory of 2376 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 47 PID 2832 wrote to memory of 2376 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 47 PID 2832 wrote to memory of 2376 2832 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 47 PID 1480 wrote to memory of 848 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 49 PID 1480 wrote to memory of 848 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 49 PID 1480 wrote to memory of 848 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 49 PID 1480 wrote to memory of 848 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 49 PID 1480 wrote to memory of 844 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 342 PID 1480 wrote to memory of 844 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 342 PID 1480 wrote to memory of 844 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 342 PID 1480 wrote to memory of 844 1480 e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe 342
Processes
-
C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:848 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:1068 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2572 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:616 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2700 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2024 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2220 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:1764 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2740 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2940 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2768 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:3056 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:1804 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:684 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2868 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2264 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2040 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2784 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2032 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2012 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1396 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:1612 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2684 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2620 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"33⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2504 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"34⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2592 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"35⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2120 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"36⤵
- Executes dropped EXE
PID:2472 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"37⤵
- Executes dropped EXE
- Adds Run key to start application
PID:752 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"38⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2848 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"39⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2348 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"40⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1480 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"41⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2224 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"42⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2688 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"43⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2004 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"44⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2236 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"45⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1176 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"46⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2336 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"47⤵
- Executes dropped EXE
PID:1088 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"48⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1536 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"49⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2280 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"50⤵
- Executes dropped EXE
PID:2436 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"51⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2964 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"52⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:548 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"53⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1908 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"54⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2140 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"55⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1816 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"56⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1380 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"57⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1648 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"58⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1344 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"59⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2264 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"60⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3036 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"61⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2784 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"62⤵
- Executes dropped EXE
PID:1872 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"63⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2160 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"64⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2488 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"65⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2536 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"66⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2772 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"67⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2544 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"68⤵
- Adds Run key to start application
PID:2556 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"69⤵
- Drops file in System32 directory
PID:2412 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"70⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2844 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"71⤵
- Adds Run key to start application
PID:752 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"72⤵
- Drops file in System32 directory
PID:576 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"73⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1016 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"74⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2384 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"75⤵
- Adds Run key to start application
PID:1592 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"76⤵
- Adds Run key to start application
PID:1976 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"77⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1884 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"78⤵
- Adds Run key to start application
PID:1704 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"79⤵
- Drops file in System32 directory
PID:1696 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"80⤵
- Adds Run key to start application
PID:2024 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"81⤵
- Adds Run key to start application
PID:1988 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"82⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3016 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"83⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1536 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"84⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:792 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"85⤵
- Drops file in System32 directory
PID:1900 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"86⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3000 -
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"87⤵PID:1052
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"88⤵PID:340
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"89⤵PID:1784
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"90⤵PID:1560
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"91⤵PID:1792
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"92⤵PID:2100
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"93⤵PID:2948
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"94⤵PID:2036
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"95⤵PID:2052
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"96⤵PID:1388
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"97⤵PID:2584
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"98⤵PID:1616
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"99⤵PID:2616
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"100⤵PID:2520
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"101⤵PID:2684
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"102⤵PID:2652
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"103⤵PID:392
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"104⤵PID:2472
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"105⤵PID:2556
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"106⤵PID:2372
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"107⤵PID:752
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"108⤵PID:2468
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"109⤵PID:760
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"110⤵PID:2008
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"111⤵PID:1912
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"112⤵PID:2308
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"113⤵PID:1604
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"114⤵PID:1896
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"115⤵PID:2212
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"116⤵PID:1180
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"117⤵PID:1988
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"118⤵PID:3052
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"119⤵PID:2284
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"120⤵PID:1628
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"121⤵PID:436
-
C:\Windows\SysWOW64\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"C:\Windows\system32\e61866162c18fa984730aceb2c9601f5_JaffaCakes118.exe"122⤵PID:3064
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-