a0484390275835b8c462aad34d811fcafbed7c033a21ced84c7c66dbe8ca268e

Analysis

max time kernel
55s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe
Size

310KB
MD5

026531a5a8d9eff0e2f21fea6473aa22
SHA1

a31dd409c72de42f90d3a475e0a8896700232a6c
SHA256

a0484390275835b8c462aad34d811fcafbed7c033a21ced84c7c66dbe8ca268e
SHA512

17d6510a268be4d00fd79dc2b4acbeb995dae7ff583effbe3bb7725404b59ff7b6dc433885ed183997417acc3f404c6a77f07dc1310c1be54280b6154bf4063c
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIg5OC843RVR6:WacxGfTMfQrjoziJJHIe843RW

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3644	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe
968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe
2772	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe
2816	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe
4800	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe
3076	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe
4992	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe
4616	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe
4548	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe
5104	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe
3960	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe
3000	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe
2968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe
4780	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe
3064	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe
3996	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe
8	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe
2428	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe
2672	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe
3388	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe
2128	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe
3716	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe
5020	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe
4884	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe
4008	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe
3984	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3136-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000d000000023b25-5.dat	upx
behavioral2/memory/3136-10-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3644-16-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3644-19-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000b000000023b8b-20.dat	upx
behavioral2/files/0x000a000000023b90-30.dat	upx
behavioral2/memory/2772-32-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/968-31-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b91-39.dat	upx
behavioral2/memory/2772-41-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2816-48-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b92-50.dat	upx
behavioral2/memory/2816-53-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4800-59-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-61.dat	upx
behavioral2/memory/4800-64-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3076-65-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-72.dat	upx
behavioral2/memory/3076-75-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b95-82.dat	upx
behavioral2/memory/4992-83-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4616-90-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4548-99-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b97-104.dat	upx
behavioral2/files/0x000a000000023b98-115.dat	upx
behavioral2/memory/5104-114-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4548-111-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4616-101-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-93.dat	upx
behavioral2/files/0x000a000000023b99-123.dat	upx
behavioral2/memory/3960-125-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3000-127-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b9a-134.dat	upx
behavioral2/memory/3000-135-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2968-145-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000b000000023b8c-143.dat	upx
behavioral2/memory/4780-154-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b9b-155.dat	upx
behavioral2/files/0x000a000000023b9c-163.dat	upx
behavioral2/memory/3064-165-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3996-174-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b9d-173.dat	upx
behavioral2/files/0x000a000000023b9e-185.dat	upx
behavioral2/memory/8-184-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2428-187-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2428-196-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023b9f-194.dat	upx
behavioral2/files/0x000a000000023ba0-206.dat	upx
behavioral2/memory/2672-205-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3388-213-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023ba1-217.dat	upx
behavioral2/memory/2128-224-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3388-216-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2128-227-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023ba2-228.dat	upx
behavioral2/files/0x000a000000023ba3-238.dat	upx
behavioral2/memory/3716-237-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023ba4-248.dat	upx
behavioral2/memory/5020-247-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4884-255-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a000000023ba5-258.dat	upx
behavioral2/memory/4884-266-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4008-264-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 2e51bb5f772d155b	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3136 wrote to memory of 3644	3136	026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe	83
PID 3136 wrote to memory of 3644	3136	026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe	83
PID 3136 wrote to memory of 3644	3136	026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe	83
PID 3644 wrote to memory of 968	3644	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe	84
PID 3644 wrote to memory of 968	3644	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe	84
PID 3644 wrote to memory of 968	3644	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe	84
PID 968 wrote to memory of 2772	968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe	85
PID 968 wrote to memory of 2772	968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe	85
PID 968 wrote to memory of 2772	968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe	85
PID 2772 wrote to memory of 2816	2772	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe	86
PID 2772 wrote to memory of 2816	2772	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe	86
PID 2772 wrote to memory of 2816	2772	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe	86
PID 2816 wrote to memory of 4800	2816	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe	87
PID 2816 wrote to memory of 4800	2816	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe	87
PID 2816 wrote to memory of 4800	2816	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe	87
PID 4800 wrote to memory of 3076	4800	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe	88
PID 4800 wrote to memory of 3076	4800	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe	88
PID 4800 wrote to memory of 3076	4800	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe	88
PID 3076 wrote to memory of 4992	3076	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe	89
PID 3076 wrote to memory of 4992	3076	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe	89
PID 3076 wrote to memory of 4992	3076	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe	89
PID 4992 wrote to memory of 4616	4992	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe	91
PID 4992 wrote to memory of 4616	4992	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe	91
PID 4992 wrote to memory of 4616	4992	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe	91
PID 4616 wrote to memory of 4548	4616	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe	92
PID 4616 wrote to memory of 4548	4616	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe	92
PID 4616 wrote to memory of 4548	4616	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe	92
PID 4548 wrote to memory of 5104	4548	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe	93
PID 4548 wrote to memory of 5104	4548	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe	93
PID 4548 wrote to memory of 5104	4548	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe	93
PID 5104 wrote to memory of 3960	5104	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe	94
PID 5104 wrote to memory of 3960	5104	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe	94
PID 5104 wrote to memory of 3960	5104	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe	94
PID 3960 wrote to memory of 3000	3960	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe	97
PID 3960 wrote to memory of 3000	3960	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe	97
PID 3960 wrote to memory of 3000	3960	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe	97
PID 3000 wrote to memory of 2968	3000	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe	98
PID 3000 wrote to memory of 2968	3000	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe	98
PID 3000 wrote to memory of 2968	3000	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe	98
PID 2968 wrote to memory of 4780	2968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe	99
PID 2968 wrote to memory of 4780	2968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe	99
PID 2968 wrote to memory of 4780	2968	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe	99
PID 4780 wrote to memory of 3064	4780	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe	100
PID 4780 wrote to memory of 3064	4780	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe	100
PID 4780 wrote to memory of 3064	4780	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe	100
PID 3064 wrote to memory of 3996	3064	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe	101
PID 3064 wrote to memory of 3996	3064	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe	101
PID 3064 wrote to memory of 3996	3064	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe	101
PID 3996 wrote to memory of 8	3996	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe	102
PID 3996 wrote to memory of 8	3996	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe	102
PID 3996 wrote to memory of 8	3996	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe	102
PID 8 wrote to memory of 2428	8	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe	103
PID 8 wrote to memory of 2428	8	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe	103
PID 8 wrote to memory of 2428	8	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe	103
PID 2428 wrote to memory of 2672	2428	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe	104
PID 2428 wrote to memory of 2672	2428	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe	104
PID 2428 wrote to memory of 2672	2428	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe	104
PID 2672 wrote to memory of 3388	2672	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe	105
PID 2672 wrote to memory of 3388	2672	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe	105
PID 2672 wrote to memory of 3388	2672	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe	105
PID 3388 wrote to memory of 2128	3388	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe	106
PID 3388 wrote to memory of 2128	3388	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe	106
PID 3388 wrote to memory of 2128	3388	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe	106
PID 2128 wrote to memory of 3716	2128	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3136
- \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe
  c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3644
- - \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe
    c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:968
  - - \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe
      c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2772
    - - \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2816
      - \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4800
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3076
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4992
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4616
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4548
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5104
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3960
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3000
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2968
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4780
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3064
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3996
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:8
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2428
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2672
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3388
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2128
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3716
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:5020
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4884
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4008
        
        \??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe
        
        c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe

Filesize
310KB

MD5
ef473f9a287704628e8825b2375d665b

SHA1
99c5a9c2b8079f773656f3ec78c9af4a2ff1bcdb

SHA256
10a87561bc8e7289ebf4232d736ee16268c738841c4d4144d6991f238ded76ec

SHA512
46ce6dc5cfa649d9603c3dbf0721fe850ad5b18deecbd98c828f268f4ca985bc1a43dbcbc808e1743ab24337e2ccbca9ab1951e18be88cd19f82cac63b454ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe

Filesize
310KB

MD5
4a4f97c5e369d84e4b484432bc99b3da

SHA1
39a06621f03de4a270133ac0d256565916ff186b

SHA256
3fd3b3d341c21325cb7aae38b023d1cb03c9579e9066c83649a5aed41cc15074

SHA512
d1a074dd6c0155413c4215d1f4a48a642f41807c98fa8971ba9fb376eb04df6cbb9e10e0611b5155a09a6ae3850cfe5fd0cf69dc51ad88fed6a8a05a237ed930

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe

Filesize
310KB

MD5
360bcb02bea99f6da16dc3965bef73aa

SHA1
a3de713f7cc896ce3198a167fe3518ffd7e63297

SHA256
3ee8722548cfc21e1cedfab2c8ebb80b60ab25988452cb1223b9662b83763451

SHA512
f50eb1099dc87d923b7d38ea5742ed064b59178d1ebde1f0f5309867f77f0c7349b3e4819a1c9ca86c6abbbb5a3161f4505fc7fa3325234dd66ced36793aead8

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe

Filesize
310KB

MD5
6c7a08008d09e4ab85af6b909abc847e

SHA1
ac503e1ab293a1149f9bc7422ea650a51321b408

SHA256
8524184f5dbb894e32f489c6daae3901bca195720acdb1d2858a47766e682f9c

SHA512
0bad71f9adf43176ae0a185ece4e634ae4e486623d0ea16f8e868b1c1d297a169555efb61ec02fc8bf217d2057b83f4c0008956c8cee77a7abdbeb91e3c625b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe

Filesize
310KB

MD5
0fd77fbb4f61be6fc8fd7ca081490e0d

SHA1
e3c0baad1b94bc8bc654cf9ca1117a848468bfa9

SHA256
6effc469121a65110ba2289bb48fccbb687be466c7eadf62b91904fd3cedb770

SHA512
c6def8a2d68e041cf29f2130ccadadca163767d9b4e4b8e4a3b03d3443cecbf40427b88b3c0587a0a9c1bd77fe9d1b0e3fd9387f6682857588e34f9d043c0e74

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe

Filesize
310KB

MD5
2780dc1e7d5a03e0a761b1e72778e1af

SHA1
019e117cda4244af8d860a06be6dc1193a1b5762

SHA256
b7c82bd248ec2f291c6bebd42dede058fe0dd8a3b485845912a5ebff467f4d77

SHA512
6f0265bdede24415e64ef527ad5fc1d4db5ab025776eb7d71b06e93890569e2e0fdf392c4cd1009d716a78d1dce85391a74a09c495b87d2d203a34366e69c026

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe

Filesize
310KB

MD5
db2b2ad378295f5b7f87c8b9218f822b

SHA1
098b8d7482abb0801cfdcc7e18366fae518a8ccf

SHA256
bfc4a7a092a93d92e506ba5bad0e0c5e5f724f244e8190c8e5972602731f2a22

SHA512
25296dca2a200f7ac931401de6105c771390bcabe48759d07c1e329cc403c359a14409aabb4a5debca2af50ed4886d0bb29442c76649d8095880839c858c5da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe

Filesize
310KB

MD5
e9f8dc52c03287d524671373856b05f1

SHA1
fc7f5249c787b3e6c7d29499f5aeca9210edf963

SHA256
6fb5dba956a63f4ed7b2a9bb6dd82e6ff72e45e442a8770f237ef5a12b0bda88

SHA512
29ea222cff647dfb43d2bc13b28e26cdd0c1d329db34ca86c33897ddc7571c518cba9cb19b33c5c2c4c228d605b55869991c0fceb53405e79db063c9b7cda2e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe

Filesize
310KB

MD5
3e86dd1d04689ee2182b0f702938b66f

SHA1
d4834600ee88c317b692deac3f14fbe45949610c

SHA256
5ee831ee96ee6efd7b1b47e02de4bf9e1318317adb84bab8e9b33c5d910abb23

SHA512
d7f224641ccd373721d7069a250d0ddff9b596e3eaad2e8db37ff70479489453d99666718585044b5580347e7aa0ef0646ceb12a909b91273d638bd488788194

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe

Filesize
310KB

MD5
421d46e64473da075fff61e04bfbe4b2

SHA1
211c2a9e801085d4d03e0e3b511e3dcd3a5f105c

SHA256
763ac98437ea5a1bffbab92bd01fc0235c0b3f5b6371d85495ebd97a07ec89f0

SHA512
eeca8110af63d5ebd5741462d5bb6ee943ae1e929d5064ef33c853915c9f160465dbc7b6e0675ef8947c6b73b6e634380c360c97f8f656640742a619e891c671

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe

Filesize
310KB

MD5
52c5db84669e7a18c582e0fb0ff72050

SHA1
88a14894c00d637fd24b94111b40b864a6e226ba

SHA256
99c5b8c7e9a6d6781b5c2745087f2a2f94caf28b9754aab68041c67da1388d4b

SHA512
a9e44d82838876226264172869f4048880ce02d199c709803139058181529a804209362f1ec80eeebfc55e802e44794faff3ca865a24a4270756029138d5aa51

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe

Filesize
310KB

MD5
6a91344bcbbc781cb5d1f23119109ed8

SHA1
98bd5aa8e113f49cfb70ea2ee5fad2a9b409d240

SHA256
658f179abb945b85466e8638b53fc4347f65c02db7b186466cd2938fec7130ce

SHA512
854869be50216b805e314b51b81c6092b07afed1c37df355c262fc390fa7039b28a7ed2740b17c01e428175c2d77aff9c6f20064db5ba2489260928c8cfbbddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe

Filesize
310KB

MD5
63071c73f381b2ee671f6a26e11985bc

SHA1
5e6ac43deffeb809ea7f8a5c4e2bf68900c975a5

SHA256
929cc0aaf754781f9816791aff84e4ead1603ee4effe2eb71ac189e92fdd2fc5

SHA512
89f3e8047daa707f195aaa01c2653a6777287c5920eaa3401864cc0e7c5e17fb5d0c6499252e2a500ff461525f12bfd422bfb338a2d9d1ce8cdddcc02175c0ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe

Filesize
310KB

MD5
9e83e92c8602995db9c659df5e75e53f

SHA1
e9b814bd9aa4fa104a2c68e9a23e8971b1024ddc

SHA256
21244878778f9eb5edf2cb5a9593955acad560a3fc0d034ee7fa6dfd2157f8c7

SHA512
978a050a6759df8d53aa72c947229a7e03b4eb27b269de25c7c49c44660480b089d14329e631201027f7ca2302e350232b02504f1f51e3a0f806774b5f81b504

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe

Filesize
310KB

MD5
b6a0de11162a0308d77d341ca573ea4a

SHA1
39d545c8b7a5485d637dc2e2d96c9977122bdaea

SHA256
e1437bc6ff72e999a1bf08ca479a41e11e74eefd9eb70df135398cb25f3469ce

SHA512
40a183c188ec7ba906b0611569e12c3a089ba1313e2499ba68829bd9de38750d3f6cfe8653e8ef9212d58dc9130dc922cc8c2d4c1e266a93050b204f54ea70e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe

Filesize
310KB

MD5
a152740c7894217323c7013a58a89f5f

SHA1
9216bdba07d0a4e3edf905af51e2477742aa1a3b

SHA256
6b4dfb8ef1b346fa32032994f206209b5dd2d18ce43e753c68ce17540144cec4

SHA512
b3912a261d22e4d18b4de86b04220cb85967090d01253c39c6135d1558e9fc8a4c0a45d379f410aad0143a24e40f88d7074c37bf742e0d96457861abdb5c488b

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe

Filesize
310KB

MD5
7b1c4bcb3d65051af4b790daaaa48734

SHA1
035baf716765fc67340a9bf8d8a561aed5855fca

SHA256
db24074b31540e98a76b4a7c206948bc3dd9ddba6cdcda9d7d26358b78f0d21d

SHA512
ccac2302e2b6ec2fe8178ff888f0c142ae221c632e16aa2b66d0908ce3eea509884b3fa723a483483fcb34026a508aadf3bd2615ce82e7c46dbc3a0a83d97e36

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe

Filesize
310KB

MD5
680bc305598ee9a4f97770762b940034

SHA1
e04914a18f10e1baae9238d7ce2ae8bc3d58468a

SHA256
a97b0064bc79fa49a5912e894ee46184b8224662128b58d02632013957d85406

SHA512
e0728694e57e5cd33f37a50539ccec955e450e459c67fd7928fbd1d5424a1a2a953afa7af8de8e51b5febf677bfa5e5cf50ed6fc7f6f0d7f42ac17359e4d9194

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe

Filesize
310KB

MD5
d358f82529518e900accf6f9c6fc35b4

SHA1
15870644f9b412bc3c0e55b15428bb3a31aeb2bc

SHA256
a5f85474334bcd58156f0219cbe791ace62fe79fcf78a85eaa137742230bec1d

SHA512
49ef702b4d6b2e3528290ac25478fbf7121e279a9d76649a142f1b017276e88516221deac9a525782373f09bfbc3de5cfde380b7bfe65de58d88eb9898be39fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe

Filesize
310KB

MD5
3f3d7d478c2ea06c35898df8bcbbd2e1

SHA1
a2ffa78021e99b7264bd42376f08c97257c1c04e

SHA256
06b0eafe01b88e4ec47f89a408b1b8bcd1f2fdda47b6cf4acee5c88932325dc1

SHA512
b04bbfcb3856b0b63ceedea6bc17f02c17eedac1afb697407351a3f9234915903f5d8470f499e729f228a7ce7e2a76d983d1e54c5b2289262300d16b0eab1719

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe

Filesize
310KB

MD5
e42dd5ab5fa4faae5b406c9e38327dc5

SHA1
bfc6f89db98604afe6e3bb1c4f967a8d85d7f842

SHA256
0b81572ff7acdc5b912603b03bef83de4bb1efc1be908958e9d8d613279064e9

SHA512
6f747ecfd91decb172b2dd1bf50ef13dfd27badfd08a34d7a50746f4bc923fcdb045e448eb899db83b6e8f4a4cac74f835e2b03d36eb527061fb410b690093d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe

Filesize
310KB

MD5
eb29057d144f1ac2429aa9fb60549fb3

SHA1
19e0270bd2211098b66aeb7970e6d46611701f15

SHA256
9839842c37fa11112dffd3eb6187c847f5ebea17129a29ae046b141a7ad1e6f0

SHA512
a4c2723249054071b135d29270caf54f479890b7604a8c7f35b66326380320047a4d079507ff8c7011ee322423cb4ac8133646ef87fdb69ba6c85a34085bf691

Download Submit
\??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe

Filesize
310KB

MD5
39a518772a13228fda98ba7c906ad84c

SHA1
31618eade72dc747e5fbbbadd3dc18ad3b42e60b

SHA256
5ada5c5722e39e2e0d793a90f69a39d8111fb2736481b64cb64c2127259e1b77

SHA512
8d67af75ac6691520fea0ab7d85e802e620c3bb7dcc5fd9ab84f0c93356fe511368d5bc1257c425a82e3755e711f3659cb81a7435dec2105d25868ff902ff30d

Download Submit
\??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe

Filesize
310KB

MD5
6876260c3d0de18177ef5a0aca912c72

SHA1
2eb131ca5434d37ba468c8beb6ee93c7d08c7678

SHA256
f9e44fe4444b0ea2cd91f037c6e536ec16427ce4fa0aaf9e960d349369aae6f0

SHA512
96496f293dfaf64552cca93d053acf647cf89aa13de802f9034354839a7cd88d8bdb44af08116240049b31d63ffa83abf85dc67fb27e986cf0e0a4a10a921db6

Download Submit
\??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe

Filesize
310KB

MD5
d1c119bfc8989994fcf9719eda9dd17d

SHA1
023b5296488da8b02f94d4c1ae8ac3084188478d

SHA256
9a95d5252874d16f2ea2307b4adc02524ef80686197cfcb8936a82dc92559d81

SHA512
c1727c2b6d16b2086f65c776cf331a60f0f46e87dd9cf00c701958838573f4b4cdf9bb2ba86f9678a884054a910cf2c934c57cb4bbf8b8f01cceee420e7c9240

Download Submit
\??\c:\users\admin\appdata\local\temp\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe

Filesize
310KB

MD5
252195eeb570555f22a79b83a372b787

SHA1
8f92d3259740ba7607e26ef936c1af8cd1634e16

SHA256
8fd79eb7eb63d9377f97a1f564424e7304587fa168e45229daffbefc8628ac62

SHA512
722fa130381d832fbf28e5b558a12a071a11d8943a6cad5aaa9f30f8677c094819e1f6fe39f864e2e6f15f68a5861eb27ba436945b3242fb63297e298d58074c

Download Submit
memory/8-184-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/968-31-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2128-227-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2128-224-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2428-187-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2428-196-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2672-205-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2772-41-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2772-32-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2816-48-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2816-53-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2968-145-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3000-127-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3000-135-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3064-165-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3076-65-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3076-75-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3136-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3136-10-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3388-213-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3388-216-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3644-19-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3644-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3716-237-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3960-125-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3984-272-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3996-174-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4008-264-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4008-269-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4548-111-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4548-99-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4616-90-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4616-101-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4780-154-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4800-59-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4800-64-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4884-255-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4884-266-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4992-83-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5020-247-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5104-114-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202.exe\""	026531a5a8d9eff0e2f21fea6473aa22_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202f.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202o.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202q.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202w.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202c.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202n.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202m.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202y.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202h.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202j.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202u.exe\""	026531a5a8d9eff0e2f21fea6473aa22_jaffacakes118_3202t.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads