1928c9f79e5dca4541d5a7f3cb22b34a25746f6e55d9247e5e54064c9e71e92e

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
Size

36KB
MD5

fbd6850d8e8b8f84dfe8494ac34529cb
SHA1

7ee69b3c7894ecd0fe8dc20e726c1a4b0ce3c5f2
SHA256

1928c9f79e5dca4541d5a7f3cb22b34a25746f6e55d9247e5e54064c9e71e92e
SHA512

54aeb745727687a1c7d74a5e2698c63535279fc1bbb30cf6fa94ad842aa2c4dfc17a38af46daa2ae356e863728c4b20f6e7de7dd0f0a3167585a46b40201a34e
SSDEEP

384:hRBrgQRuDWClh1jn9oXPog3bWXvDrDohDnFDGi:hXrZgbeA2bWXvDrDohDnFDG

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1748	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2700	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2728	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2768	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2512	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
3068	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2888	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2812	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2796	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2860	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
988	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1228	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2544	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
304	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
532	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
920	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1896	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1216	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2312	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2104	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1584	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2912	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2576	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2592	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1888	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2468	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2060	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2992	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2516	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1940	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2816	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
540	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1320	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1776	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1544	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2256	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1876	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2100	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1764	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2372	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2412	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2224	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1260	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1644	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2912	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2484	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1948	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
3016	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2828	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
912	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2900	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2684	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2672	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2780	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2860	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1516	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1852	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1472	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1088	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
584	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
916	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
1524	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
2348	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1748	2528	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	28
PID 2528 wrote to memory of 1748	2528	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	28
PID 2528 wrote to memory of 1748	2528	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	28
PID 2528 wrote to memory of 1748	2528	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	28
PID 1748 wrote to memory of 2700	1748	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	29
PID 1748 wrote to memory of 2700	1748	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	29
PID 1748 wrote to memory of 2700	1748	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	29
PID 1748 wrote to memory of 2700	1748	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	29
PID 2700 wrote to memory of 2728	2700	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	30
PID 2700 wrote to memory of 2728	2700	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	30
PID 2700 wrote to memory of 2728	2700	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	30
PID 2700 wrote to memory of 2728	2700	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2768	2728	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	31
PID 2728 wrote to memory of 2768	2728	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	31
PID 2728 wrote to memory of 2768	2728	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	31
PID 2728 wrote to memory of 2768	2728	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	31
PID 2768 wrote to memory of 2512	2768	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	32
PID 2768 wrote to memory of 2512	2768	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	32
PID 2768 wrote to memory of 2512	2768	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	32
PID 2768 wrote to memory of 2512	2768	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	32
PID 2512 wrote to memory of 3068	2512	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	33
PID 2512 wrote to memory of 3068	2512	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	33
PID 2512 wrote to memory of 3068	2512	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	33
PID 2512 wrote to memory of 3068	2512	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	33
PID 3068 wrote to memory of 2888	3068	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	34
PID 3068 wrote to memory of 2888	3068	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	34
PID 3068 wrote to memory of 2888	3068	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	34
PID 3068 wrote to memory of 2888	3068	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	34
PID 2888 wrote to memory of 2812	2888	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	35
PID 2888 wrote to memory of 2812	2888	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	35
PID 2888 wrote to memory of 2812	2888	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	35
PID 2888 wrote to memory of 2812	2888	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	35
PID 2812 wrote to memory of 2796	2812	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	36
PID 2812 wrote to memory of 2796	2812	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	36
PID 2812 wrote to memory of 2796	2812	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	36
PID 2812 wrote to memory of 2796	2812	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	36
PID 2796 wrote to memory of 2860	2796	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	37
PID 2796 wrote to memory of 2860	2796	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	37
PID 2796 wrote to memory of 2860	2796	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	37
PID 2796 wrote to memory of 2860	2796	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	37
PID 2860 wrote to memory of 988	2860	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	38
PID 2860 wrote to memory of 988	2860	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	38
PID 2860 wrote to memory of 988	2860	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	38
PID 2860 wrote to memory of 988	2860	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	38
PID 988 wrote to memory of 1228	988	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	39
PID 988 wrote to memory of 1228	988	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	39
PID 988 wrote to memory of 1228	988	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	39
PID 988 wrote to memory of 1228	988	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	39
PID 1228 wrote to memory of 2544	1228	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	40
PID 1228 wrote to memory of 2544	1228	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	40
PID 1228 wrote to memory of 2544	1228	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	40
PID 1228 wrote to memory of 2544	1228	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	40
PID 2544 wrote to memory of 304	2544	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	41
PID 2544 wrote to memory of 304	2544	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	41
PID 2544 wrote to memory of 304	2544	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	41
PID 2544 wrote to memory of 304	2544	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	41
PID 304 wrote to memory of 532	304	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	42
PID 304 wrote to memory of 532	304	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	42
PID 304 wrote to memory of 532	304	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	42
PID 304 wrote to memory of 532	304	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	42
PID 532 wrote to memory of 920	532	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	43
PID 532 wrote to memory of 920	532	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	43
PID 532 wrote to memory of 920	532	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	43
PID 532 wrote to memory of 920	532	fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe	43

C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        11⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        12⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        13⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        14⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        15⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        16⤵
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        17⤵
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        18⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        19⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        20⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        21⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        22⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        23⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        24⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        25⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        26⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        27⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        28⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        29⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        30⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        31⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        32⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        33⤵
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        34⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        35⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        36⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        37⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        38⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        39⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        40⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        41⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        42⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        43⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        44⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        45⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        46⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        47⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        48⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        49⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        50⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        51⤵
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        52⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        53⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        54⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        55⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        56⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        57⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        58⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        59⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        60⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        61⤵
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        62⤵
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        63⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\fbd6850d8e8b8f84dfe8494ac34529cb_JaffaCakes118.exe
        64⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2348

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads