9e095511d206a5c996801a343e5ccd3a17c62bc0f0e051d31f0ca8e862e7c72f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-05-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Size

429KB
MD5

8814e8781ffe8853730635b9c2023367
SHA1

ca0212fd207ec7e3b4ca697087bf4d2a5369f762
SHA256

9e095511d206a5c996801a343e5ccd3a17c62bc0f0e051d31f0ca8e862e7c72f
SHA512

30fc1b71e3da2020ff408c0bef2e01e425d1681597149a553cd801dc6e61d3f812cf1fd93936df510797364f8f3d75da4a2496a6908c6caf45fa3383baabfca2
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bKre:Os52hzpHq8eTi30yIQrDKre

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
1960	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
1924	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
1540	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
1228	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
2268	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
1100	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
2356	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
1524	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
2588	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2164	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
2164	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
1960	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
1960	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
1924	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
1924	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
1540	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
1540	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
1228	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
1228	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
2268	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
2268	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
1100	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
1100	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
2356	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
2356	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
1524	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
1524	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
2588	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
2588	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 6b11dccbfecbdf8c	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 3036	2164	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	28
PID 2164 wrote to memory of 3036	2164	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	28
PID 2164 wrote to memory of 3036	2164	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	28
PID 2164 wrote to memory of 3036	2164	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	28
PID 3036 wrote to memory of 2548	3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	29
PID 3036 wrote to memory of 2548	3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	29
PID 3036 wrote to memory of 2548	3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	29
PID 3036 wrote to memory of 2548	3036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	29
PID 2548 wrote to memory of 2428	2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	30
PID 2548 wrote to memory of 2428	2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	30
PID 2548 wrote to memory of 2428	2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	30
PID 2548 wrote to memory of 2428	2548	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	30
PID 2428 wrote to memory of 2508	2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	31
PID 2428 wrote to memory of 2508	2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	31
PID 2428 wrote to memory of 2508	2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	31
PID 2428 wrote to memory of 2508	2428	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	31
PID 2508 wrote to memory of 2820	2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	32
PID 2508 wrote to memory of 2820	2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	32
PID 2508 wrote to memory of 2820	2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	32
PID 2508 wrote to memory of 2820	2508	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	32
PID 2820 wrote to memory of 1388	2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	33
PID 2820 wrote to memory of 1388	2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	33
PID 2820 wrote to memory of 1388	2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	33
PID 2820 wrote to memory of 1388	2820	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	33
PID 1388 wrote to memory of 2704	1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	34
PID 1388 wrote to memory of 2704	1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	34
PID 1388 wrote to memory of 2704	1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	34
PID 1388 wrote to memory of 2704	1388	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	34
PID 2704 wrote to memory of 1460	2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	35
PID 2704 wrote to memory of 1460	2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	35
PID 2704 wrote to memory of 1460	2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	35
PID 2704 wrote to memory of 1460	2704	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	35
PID 1460 wrote to memory of 920	1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	36
PID 1460 wrote to memory of 920	1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	36
PID 1460 wrote to memory of 920	1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	36
PID 1460 wrote to memory of 920	1460	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	36
PID 920 wrote to memory of 2364	920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	37
PID 920 wrote to memory of 2364	920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	37
PID 920 wrote to memory of 2364	920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	37
PID 920 wrote to memory of 2364	920	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	37
PID 2364 wrote to memory of 1656	2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	38
PID 2364 wrote to memory of 1656	2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	38
PID 2364 wrote to memory of 1656	2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	38
PID 2364 wrote to memory of 1656	2364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	38
PID 1656 wrote to memory of 1652	1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	39
PID 1656 wrote to memory of 1652	1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	39
PID 1656 wrote to memory of 1652	1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	39
PID 1656 wrote to memory of 1652	1656	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	39
PID 1652 wrote to memory of 1424	1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	40
PID 1652 wrote to memory of 1424	1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	40
PID 1652 wrote to memory of 1424	1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	40
PID 1652 wrote to memory of 1424	1652	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	40
PID 1424 wrote to memory of 2484	1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	41
PID 1424 wrote to memory of 2484	1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	41
PID 1424 wrote to memory of 2484	1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	41
PID 1424 wrote to memory of 2484	1424	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	41
PID 2484 wrote to memory of 2812	2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	42
PID 2484 wrote to memory of 2812	2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	42
PID 2484 wrote to memory of 2812	2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	42
PID 2484 wrote to memory of 2812	2484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	42
PID 2812 wrote to memory of 1960	2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	43
PID 2812 wrote to memory of 1960	2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	43
PID 2812 wrote to memory of 1960	2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	43
PID 2812 wrote to memory of 1960	2812	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2164
- \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
  c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3036
- - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
    c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
      c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2428
    - - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2508
      - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2820
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1388
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2704
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1460
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:920
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2364
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1652
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1424
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1960
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1924
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1540
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1228
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2268
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:820
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1100
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2356
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1524
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2588
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe

Filesize
430KB

MD5
dc7b03dbc001f486b5e833049cee45e7

SHA1
c00de76e73eedbf0a2bd25636654378774f4c061

SHA256
e638e8321d9b138f5394c64408ff851384e713601428e7bd202729ecd58b7db6

SHA512
e5a0c95c8d30bbc467afeea8159ac191ab55637938692fb5d05b1971fc59628f9dd7c25951f8d81e151ce3195fb07e343608f166c87174eae54ae7519f96224f

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe

Filesize
433KB

MD5
5bc6390867bea4c0e075534481be643f

SHA1
33d2bd71a462a1af4cab71ada7f418721c61e213

SHA256
a4d3e553f32be42f4cc746b65092ef77d257990c2c661ad6cc2ea4e0c8f4648a

SHA512
5d637b41910cb1bc99f6a4e5aa93aecfaf0834a5594abc28aa3e4faa649d0205acbcff867465250e1d63032d861de7c5e1ac9475678890d48560af18eb76b253

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe

Filesize
431KB

MD5
4562120e6d0671d60527ecde5fd329ed

SHA1
43587f2ecf5e63da9a6bb371064d24c6f4cac6b1

SHA256
a04d0b2faa27bd7e59fee5bd1684fc2b35544d861b5a5f3f070d2104befa9124

SHA512
9299c96b819ac22d7cce4113510f64967335b0b01ebdc1c6f972c848922052fbf73c390d0d3ed0a775db55ea7b3ed86ad760119e54adb2583a962bbabed1ad58

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe

Filesize
432KB

MD5
20563ec87058a51dda183f2a95cc8f7e

SHA1
ed6ab6f3481db1bf560e0552ebe18847d81bf276

SHA256
fd8b6950550a2bc4bfc062e828c5728612d3d4595a37f30fdd63d463ffeb72f7

SHA512
4b74357e3b618a980d20959fe74145e8fd30c790b133b94fbf1ee146419b8d145dbaa0d763aec7cd3fd682a563824472d43ec04c6630e358c0ba5b32b00f50e3

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe

Filesize
432KB

MD5
b1e001976dece3cbd1c93ece33534ddc

SHA1
0087a4a7594818f5fea3db642c156691e0911bba

SHA256
5e50490bd8d049bae3c2a4f339cc4d7b4e9a069b3ad7c99ec5973504850f10f6

SHA512
411ae2d21e5de5dc0db9b38a6c61bff07b2cc586b0f31f0287ec125316b3f1db2b6a843f50f55c3ffa2d96f191c54b0c84b7e605f36142888d9c63b05677c812

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe

Filesize
432KB

MD5
821850a72aeec5cfb0139229bc10a88f

SHA1
aa82f50f3753be4eea3e9163c9e2079186c3e601

SHA256
afa2cc5ff4d4ff8539fb172f3cc9099fc3c0178d386358944f8d6d3397b71261

SHA512
f0f80cf34db96fdea819b68a1b9d0be1c0e7b89ba96da7269b2815619223fc431a0ff3af137ecc9f66f4a584436926abb41e099263a9d41ab60326d8c704d169

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe

Filesize
433KB

MD5
3509d38a3b875bebf163942645716e44

SHA1
6457d3c595ce83255044aa84f67488fea45ca887

SHA256
b986a8701bb5317874e21060e1a05f3e97057f150f91623c82a6c1a2516db20a

SHA512
a592b26dcebb8090596f3f1721c428e1c82320c5604f4a96988078f43a091159f939cc794a0afcadd38d6041a47c9a92afe0dd82a8c7954026ec68fbb70a0898

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe

Filesize
430KB

MD5
c546f96a52d821504b752984e5a202bc

SHA1
c4dfc07c2bee7e7d98f48a23b7114a4a185f308c

SHA256
b00a948b3c17ecd585354d108486cc3425df85f6709ed195f555d80992e26d52

SHA512
52c383fd42645c573bcdc85712cac182f37b7b12d9364addd37f039e891e6040166af7a1d82b5ddace634bf8206e2c7c14731b60371cf7ee3e65bf825d983928

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe

Filesize
430KB

MD5
66313f4ef4d9cc32535259e3ff8bace7

SHA1
98c2120fb9f6377204ad51a7afad8226a0ce9477

SHA256
0dfa745076f3d913f9af9b428b180a2e1ff578060b685b66d53be687c3310897

SHA512
d933a05ffa5a911a422e974a3a46f4fd556e78c75a11fb647d4f19cde06dc98cba5e1817caca18a553c54a6a92bb9fe1b09510ad2f0f9ce3f6ee8ae179e65ee7

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe

Filesize
430KB

MD5
5a0d53d8e839b305d4359648bef5741c

SHA1
8e389457e5f14acde1ae4c34491768e5e7be6dcf

SHA256
0d226859fad56ec1656d8ad8230c0932c28f138c2a6772fd6e7999ff87b602c8

SHA512
67a6079752f02130e3f0b27f1a24ee0cd57c58e8f4074322e6a4605fdca88cf2deb276b424423503374b1ef003214b5386fad809062bc6387c600ce4114e5ee6

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe

Filesize
430KB

MD5
ecbb7b3017b972b476e470899ed8db7d

SHA1
10feb13fb88001edaf51be2e1cf856ccb3b4f63c

SHA256
55599b958194d741bddae55222658a858499704ce18c5ab9cc4884a46e86347c

SHA512
2976664c50ad323c938a0cf7b4e43934b2abcfdb1d1282e264f32026a1f61ab7781b9b64b7dc482481bfbc64f56bc56e35072fda0dd628fc563ed434d1697c5e

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe

Filesize
431KB

MD5
33d1f1e11bd2413f433004a33d9f7d1a

SHA1
78920d047afcaacdaa28bfb927a12145d4e597ac

SHA256
d7f5b7befd3d1e0e6295d3947136ea759c50fe4d66470ff78ee50845714aa881

SHA512
3dfc0f1f2e3b278106ef8269f9a4d8302eac749747eedc9c48e1be41da5ba2cf19c6cbc3e523fc8413f5d0e8ec816dbc1eda06da2263346dd3ca90558ba31e40

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe

Filesize
431KB

MD5
35b72c9b146d0b486f8135d9b6572a91

SHA1
d3f5b9aaf30a65fda11fe6f3705bda12590b37e0

SHA256
2f9d6238d65efa0796021d717dab03dc99e84a1eed4157898e485240b4fa94a4

SHA512
cd17fd51cd35e4fe90a698d2052701b894465d1a6212b2350ff8a9ad571a4d95ca6a74267c34db4ce63b14a9449399276737c08ef7ad28310e5cad1300e0f19a

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe

Filesize
431KB

MD5
9bf07ff75435072841ae734b53a49fda

SHA1
6c7e3f85e22c5cb3dc20b9b7a32d09cf63c24600

SHA256
744479871399c89543a16f5fc51d467b239bdccc7b2bd6d152796ffd120589b6

SHA512
a9d459e056b89f31be4726c6658d4532a01810cbf409e3902d2d747479077d7fdf83580c56dbe7ed554ed2a7e21cbc04a60f0a82aed48293cbd1ae2eaf5953cf

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe

Filesize
432KB

MD5
32e5d8de50e0f2c8494815fad4333711

SHA1
9b0556ce31937296eff167bfddbe3e28646999e5

SHA256
92ccc8b0b22dd38fcb3709654e8b5fb3002b676ef3e35428208a686f00b9f5bf

SHA512
cfe4a0f3716fe56bfc02cdc783ab9372320bac1361883d4304200516ea338bd1bc355d59ee99233817d1fe773193e7556e9a435b5ddafe8379a99e92c6004c0d

Download Submit
\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe

Filesize
433KB

MD5
76cfe3c792d96627ab080550f3f7b33e

SHA1
c8b42096c31fc6ac91380b659c37bf3e3b63fd88

SHA256
243d523c2f9336f6841b46f81143f3e0b87051ab778a368e39a6821f16ecd879

SHA512
9b8d685eef4ad290287f356d290efd842cbee8315fcb680e46bb5d3c3ef8d155c9c015d45ec6b4aa3a7edb1df9b9d0b1b42eb6d122c1d066010ffd4c2d3b4094

Download Submit
memory/820-328-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/820-317-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/920-159-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1100-329-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1100-340-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1228-293-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1228-304-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1388-97-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1388-111-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1424-208-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1424-223-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1460-128-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1460-144-0x00000000026A0000-0x0000000002719000-memory.dmp

Filesize
484KB

Download
memory/1460-240-0x00000000026A0000-0x0000000002719000-memory.dmp

Filesize
484KB

Download
memory/1460-142-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1524-353-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1524-364-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1540-292-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1540-281-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1652-206-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1652-192-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1656-189-0x0000000001DD0000-0x0000000001E49000-memory.dmp

Filesize
484KB

Download
memory/1656-190-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1924-280-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1924-270-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1960-257-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1960-269-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-13-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2164-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2268-305-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2268-316-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2356-341-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2356-352-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2364-174-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2364-160-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2428-49-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2428-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2484-239-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2484-224-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2508-80-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2508-65-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2548-33-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2548-47-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2588-365-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2588-378-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2588-377-0x0000000001CC0000-0x0000000001D39000-memory.dmp

Filesize
484KB

Download
memory/2588-376-0x0000000001CC0000-0x0000000001D39000-memory.dmp

Filesize
484KB

Download
memory/2704-127-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2812-241-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2812-256-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2820-81-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2820-95-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3036-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3036-15-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3036-379-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3036-30-0x0000000000370000-0x00000000003E9000-memory.dmp

Filesize
484KB

Download
memory/3036-29-0x0000000000370000-0x00000000003E9000-memory.dmp

Filesize
484KB

Download
memory/3036-381-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads