Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 19:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ebdcaad63e5018cef8fa194273c62d8a_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
8 signatures
150 seconds
General
-
Target
ebdcaad63e5018cef8fa194273c62d8a_JaffaCakes118.dll
-
Size
736KB
-
MD5
ebdcaad63e5018cef8fa194273c62d8a
-
SHA1
c9dbd480b263822786dd8d8180e5edb73d054c48
-
SHA256
e48fcc2929ddd6fa905074dbd657e907e62a98928d7c4fbbe9ad7640b06d44ce
-
SHA512
5b20191b5d3306090df23a1f7e022919a6072f3f3fb41e725677cf0bd0b9558c2169a273134b0b67212ae93a145a1e01fd7df5a15f7116f6eaebc27fc40e4a31
-
SSDEEP
12288:VpFaeMhcyY44UuX986MryYxI0BwqIvOaznvd:/FoHZ4986Mry1rqIGmd
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 29 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe -
Suspicious behavior: EnumeratesProcesses 60 IoCs
pid Process 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe 2764 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2876 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 2408 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 848 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1516 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1184 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 1988 explorer.exe Token: SeShutdownPrivilege 540 explorer.exe Token: SeShutdownPrivilege 540 explorer.exe Token: SeShutdownPrivilege 540 explorer.exe Token: SeShutdownPrivilege 540 explorer.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1988 explorer.exe 1988 explorer.exe 1988 explorer.exe 1988 explorer.exe 1988 explorer.exe 1988 explorer.exe 1988 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 888 explorer.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2876 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 2408 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 848 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1516 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1184 explorer.exe 1988 explorer.exe 1988 explorer.exe 1988 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 540 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1108 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 1940 explorer.exe 888 explorer.exe 888 explorer.exe 888 explorer.exe 888 explorer.exe 1224 explorer.exe 1224 explorer.exe 1224 explorer.exe 1224 explorer.exe 1224 explorer.exe 1224 explorer.exe 1224 explorer.exe 1224 explorer.exe 2520 explorer.exe 2520 explorer.exe 2520 explorer.exe 2520 explorer.exe 2312 explorer.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2084 wrote to memory of 2764 2084 rundll32.exe 28 PID 2084 wrote to memory of 2764 2084 rundll32.exe 28 PID 2084 wrote to memory of 2764 2084 rundll32.exe 28 PID 2084 wrote to memory of 2764 2084 rundll32.exe 28 PID 2084 wrote to memory of 2764 2084 rundll32.exe 28 PID 2084 wrote to memory of 2764 2084 rundll32.exe 28 PID 2084 wrote to memory of 2764 2084 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ebdcaad63e5018cef8fa194273c62d8a_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ebdcaad63e5018cef8fa194273c62d8a_JaffaCakes118.dll,#12⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2764
-
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2876
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2408
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:848
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1516
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1184
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1988
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:540
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1108
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1940
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:888
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:1224
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:2520
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:2312
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:1548
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2640
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2676
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:1248
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:1724
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:296
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2220
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2256
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:1216
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2780
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2168
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2672
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2696
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:1660
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:2948
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:1680