610baffc80f6aa5117301f165f92de339bfd46bd8106b348e9dddeaeba06f1cd

General

Target

f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe
Size

73KB
MD5

f06bbe1de79d323f9e3c3c84791038a6
SHA1

7d389c23d207e7527ab7bb0468fc2e3358be2594
SHA256

610baffc80f6aa5117301f165f92de339bfd46bd8106b348e9dddeaeba06f1cd
SHA512

7603e7b3e6d0464f04f583b3fef9d1ed5e21cd668942ce0d2bdfe6194e57a5804d2615ec9847dcc14f563edc356dd1f0993271b3571a29d7d40f7eb5173af7e5
SSDEEP

1536:9W64HFoPLB1us1/0CVCLdiMBXshbZ7+d4Xa2DYVmu+E3IjwvOLO18w00C:X4HqD1/0t8BZad4q2D+my3IjwGy18e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2320	mdmi386.exe
2740	mdmi386.exe

Loads dropped DLL 5 IoCs

pid	Process
2112	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe
2112	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe
2320	mdmi386.exe
2320	mdmi386.exe
2740	mdmi386.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	mdmi386.exe
File created	C:\Windows\SysWOW64\mdmi386.exe	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mdmi386.exe	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2320	2112	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe	28
PID 2112 wrote to memory of 2320	2112	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe	28
PID 2112 wrote to memory of 2320	2112	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe	28
PID 2112 wrote to memory of 2320	2112	f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe	28
PID 2320 wrote to memory of 2740	2320	mdmi386.exe	29
PID 2320 wrote to memory of 2740	2320	mdmi386.exe	29
PID 2320 wrote to memory of 2740	2320	mdmi386.exe	29
PID 2320 wrote to memory of 2740	2320	mdmi386.exe	29

C:\Users\Admin\AppData\Local\Temp\f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f06bbe1de79d323f9e3c3c84791038a6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    PID:2740
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:2604
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:2688
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:2592

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2600
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:2256
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:2204
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:2832
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:2688
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        8⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        9⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        10⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        11⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        12⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        13⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        14⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        15⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        16⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        17⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        18⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        19⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        20⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        21⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        22⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        23⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        24⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        25⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        26⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        27⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        28⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        29⤵
        
        PID:308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        30⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        31⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        32⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        33⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        34⤵
        
        PID:644
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        35⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        36⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        37⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        38⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        39⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        40⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        41⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        42⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        43⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        44⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        45⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        46⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        47⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        48⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        49⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        50⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        51⤵
        
        PID:536
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        52⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        53⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        54⤵
        
        PID:292
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        55⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        56⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        57⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        58⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        59⤵
        
        PID:876
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        60⤵
        
        PID:604
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        61⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        62⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        63⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        64⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        65⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        66⤵
        
        PID:892
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        67⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        68⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        69⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        70⤵
        
        PID:668
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        71⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        72⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        73⤵
        
        PID:928
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        74⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        75⤵
        
        PID:956
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        76⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        77⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        78⤵
        
        PID:580
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        79⤵
        
        PID:360
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        80⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        81⤵
        
        PID:564
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        82⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        83⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        84⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        85⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        86⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        87⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        88⤵
        
        PID:344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        89⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        90⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        91⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        92⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        93⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        94⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        95⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        96⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        97⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        98⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        99⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        100⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        101⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        102⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        103⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        104⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        105⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        106⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        107⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        108⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        109⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        110⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        111⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        112⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        113⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        114⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        115⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        116⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        117⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        118⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        119⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        120⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        121⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        122⤵
        
        PID:320
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        123⤵
        
        PID:644
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        124⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        125⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        126⤵
        
        PID:404
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        127⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        128⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        129⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        130⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        131⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        132⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        133⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        134⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        135⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        136⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        137⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        138⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        139⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        140⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        141⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        142⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        143⤵
        
        PID:716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        144⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        145⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        146⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        147⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        148⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        149⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        150⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        151⤵
        
        PID:848
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        152⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        153⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        154⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        155⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        156⤵
        
        PID:988
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        157⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        158⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        159⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        160⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        161⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        162⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        163⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        164⤵
        
        PID:984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        165⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        166⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        167⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        168⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        169⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        170⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        171⤵
        
        PID:904
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        172⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        173⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        174⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        175⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        176⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        177⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        178⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        179⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        180⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        181⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        182⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        183⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        184⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        185⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        186⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        187⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        188⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        189⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        190⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        191⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        192⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        193⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        194⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        195⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        196⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        197⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        198⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        199⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        200⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        201⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        202⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        203⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        204⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        205⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        206⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        207⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        208⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        209⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        210⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        211⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        212⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        213⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        214⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        215⤵
        
        PID:1060

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2968
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:3000
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:2820

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2764

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:3028

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:1744

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2256

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2148
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:536
- - C:\Windows\SysWOW64\mdmi386.exe
    "C:\Windows\system32\mdmi386.exe"
    3⤵
    PID:1608
  - - C:\Windows\SysWOW64\mdmi386.exe
      "C:\Windows\system32\mdmi386.exe"
      4⤵
      PID:2340
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        5⤵
        
        PID:624
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        6⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "C:\Windows\system32\mdmi386.exe"
        7⤵
        
        PID:1880

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2160

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2388
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:708

C:\Windows\SysWOW64\mdmi386.exe
"C:\Windows\system32\mdmi386.exe"
1⤵
PID:2192
- C:\Windows\SysWOW64\mdmi386.exe
  "C:\Windows\system32\mdmi386.exe"
  2⤵
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\mdmi386.exe

Filesize
73KB

MD5
f06bbe1de79d323f9e3c3c84791038a6

SHA1
7d389c23d207e7527ab7bb0468fc2e3358be2594

SHA256
610baffc80f6aa5117301f165f92de339bfd46bd8106b348e9dddeaeba06f1cd

SHA512
7603e7b3e6d0464f04f583b3fef9d1ed5e21cd668942ce0d2bdfe6194e57a5804d2615ec9847dcc14f563edc356dd1f0993271b3571a29d7d40f7eb5173af7e5

Download Submit
memory/2112-4-0x00000000002D0000-0x000000000030B000-memory.dmp

Filesize
236KB

Download
memory/2112-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2112-2-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2112-11-0x00000000002D0000-0x000000000030B000-memory.dmp

Filesize
236KB

Download
memory/2236-125-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2320-21-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2320-29-0x0000000000230000-0x000000000026B000-memory.dmp

Filesize
236KB

Download
memory/2688-35-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2740-27-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2784-121-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2916-166-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download
memory/2968-144-0x0000000013140000-0x0000000013178000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads