9e095511d206a5c996801a343e5ccd3a17c62bc0f0e051d31f0ca8e862e7c72f

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Size

429KB
MD5

8814e8781ffe8853730635b9c2023367
SHA1

ca0212fd207ec7e3b4ca697087bf4d2a5369f762
SHA256

9e095511d206a5c996801a343e5ccd3a17c62bc0f0e051d31f0ca8e862e7c72f
SHA512

30fc1b71e3da2020ff408c0bef2e01e425d1681597149a553cd801dc6e61d3f812cf1fd93936df510797364f8f3d75da4a2496a6908c6caf45fa3383baabfca2
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bKre:Os52hzpHq8eTi30yIQrDKre

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 25 IoCs

pid	Process
4876	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
2168	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
804	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
3204	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
3372	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
1964	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
2756	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
4140	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
4496	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
4036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
2256	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
2572	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
4364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
4444	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
1380	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
5000	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
744	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
3536	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
2676	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
3436	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
1484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
808	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
1988	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
1148	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
2192	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52831b4063edf919	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 553865c52a096759	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 4876	2196	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	85
PID 2196 wrote to memory of 4876	2196	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	85
PID 2196 wrote to memory of 4876	2196	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe	85
PID 4876 wrote to memory of 2168	4876	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	86
PID 4876 wrote to memory of 2168	4876	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	86
PID 4876 wrote to memory of 2168	4876	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe	86
PID 2168 wrote to memory of 804	2168	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	87
PID 2168 wrote to memory of 804	2168	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	87
PID 2168 wrote to memory of 804	2168	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe	87
PID 804 wrote to memory of 3204	804	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	88
PID 804 wrote to memory of 3204	804	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	88
PID 804 wrote to memory of 3204	804	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe	88
PID 3204 wrote to memory of 3372	3204	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	89
PID 3204 wrote to memory of 3372	3204	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	89
PID 3204 wrote to memory of 3372	3204	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe	89
PID 3372 wrote to memory of 1964	3372	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	90
PID 3372 wrote to memory of 1964	3372	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	90
PID 3372 wrote to memory of 1964	3372	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe	90
PID 1964 wrote to memory of 2756	1964	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	92
PID 1964 wrote to memory of 2756	1964	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	92
PID 1964 wrote to memory of 2756	1964	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe	92
PID 2756 wrote to memory of 4140	2756	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	93
PID 2756 wrote to memory of 4140	2756	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	93
PID 2756 wrote to memory of 4140	2756	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe	93
PID 4140 wrote to memory of 4496	4140	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	95
PID 4140 wrote to memory of 4496	4140	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	95
PID 4140 wrote to memory of 4496	4140	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe	95
PID 4496 wrote to memory of 4036	4496	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	96
PID 4496 wrote to memory of 4036	4496	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	96
PID 4496 wrote to memory of 4036	4496	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe	96
PID 4036 wrote to memory of 2256	4036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	97
PID 4036 wrote to memory of 2256	4036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	97
PID 4036 wrote to memory of 2256	4036	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe	97
PID 2256 wrote to memory of 2572	2256	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	98
PID 2256 wrote to memory of 2572	2256	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	98
PID 2256 wrote to memory of 2572	2256	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe	98
PID 2572 wrote to memory of 4364	2572	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	100
PID 2572 wrote to memory of 4364	2572	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	100
PID 2572 wrote to memory of 4364	2572	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe	100
PID 4364 wrote to memory of 4444	4364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	101
PID 4364 wrote to memory of 4444	4364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	101
PID 4364 wrote to memory of 4444	4364	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe	101
PID 4444 wrote to memory of 1380	4444	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	102
PID 4444 wrote to memory of 1380	4444	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	102
PID 4444 wrote to memory of 1380	4444	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe	102
PID 1380 wrote to memory of 5000	1380	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	103
PID 1380 wrote to memory of 5000	1380	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	103
PID 1380 wrote to memory of 5000	1380	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe	103
PID 5000 wrote to memory of 744	5000	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe	104
PID 5000 wrote to memory of 744	5000	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe	104
PID 5000 wrote to memory of 744	5000	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe	104
PID 744 wrote to memory of 3536	744	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe	105
PID 744 wrote to memory of 3536	744	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe	105
PID 744 wrote to memory of 3536	744	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe	105
PID 3536 wrote to memory of 2676	3536	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe	106
PID 3536 wrote to memory of 2676	3536	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe	106
PID 3536 wrote to memory of 2676	3536	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe	106
PID 2676 wrote to memory of 3436	2676	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe	107
PID 2676 wrote to memory of 3436	2676	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe	107
PID 2676 wrote to memory of 3436	2676	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe	107
PID 3436 wrote to memory of 1484	3436	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe	108
PID 3436 wrote to memory of 1484	3436	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe	108
PID 3436 wrote to memory of 1484	3436	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe	108
PID 1484 wrote to memory of 808	1484	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe	109

C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2196
- \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
  c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4876
- - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
    c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2168
  - - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
      c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:804
    - - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3204
      - \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3372
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1964
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2756
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4140
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4496
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4036
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2256
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2572
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4364
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4444
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1380
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5000
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:744
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3536
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2676
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3436
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:808
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
        24⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:3548
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1988
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1148
        
        \??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
        
        c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe

Filesize
430KB

MD5
dc7b03dbc001f486b5e833049cee45e7

SHA1
c00de76e73eedbf0a2bd25636654378774f4c061

SHA256
e638e8321d9b138f5394c64408ff851384e713601428e7bd202729ecd58b7db6

SHA512
e5a0c95c8d30bbc467afeea8159ac191ab55637938692fb5d05b1971fc59628f9dd7c25951f8d81e151ce3195fb07e343608f166c87174eae54ae7519f96224f

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe

Filesize
430KB

MD5
c546f96a52d821504b752984e5a202bc

SHA1
c4dfc07c2bee7e7d98f48a23b7114a4a185f308c

SHA256
b00a948b3c17ecd585354d108486cc3425df85f6709ed195f555d80992e26d52

SHA512
52c383fd42645c573bcdc85712cac182f37b7b12d9364addd37f039e891e6040166af7a1d82b5ddace634bf8206e2c7c14731b60371cf7ee3e65bf825d983928

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe

Filesize
430KB

MD5
66313f4ef4d9cc32535259e3ff8bace7

SHA1
98c2120fb9f6377204ad51a7afad8226a0ce9477

SHA256
0dfa745076f3d913f9af9b428b180a2e1ff578060b685b66d53be687c3310897

SHA512
d933a05ffa5a911a422e974a3a46f4fd556e78c75a11fb647d4f19cde06dc98cba5e1817caca18a553c54a6a92bb9fe1b09510ad2f0f9ce3f6ee8ae179e65ee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe

Filesize
431KB

MD5
33d1f1e11bd2413f433004a33d9f7d1a

SHA1
78920d047afcaacdaa28bfb927a12145d4e597ac

SHA256
d7f5b7befd3d1e0e6295d3947136ea759c50fe4d66470ff78ee50845714aa881

SHA512
3dfc0f1f2e3b278106ef8269f9a4d8302eac749747eedc9c48e1be41da5ba2cf19c6cbc3e523fc8413f5d0e8ec816dbc1eda06da2263346dd3ca90558ba31e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe

Filesize
431KB

MD5
35b72c9b146d0b486f8135d9b6572a91

SHA1
d3f5b9aaf30a65fda11fe6f3705bda12590b37e0

SHA256
2f9d6238d65efa0796021d717dab03dc99e84a1eed4157898e485240b4fa94a4

SHA512
cd17fd51cd35e4fe90a698d2052701b894465d1a6212b2350ff8a9ad571a4d95ca6a74267c34db4ce63b14a9449399276737c08ef7ad28310e5cad1300e0f19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe

Filesize
432KB

MD5
b1e001976dece3cbd1c93ece33534ddc

SHA1
0087a4a7594818f5fea3db642c156691e0911bba

SHA256
5e50490bd8d049bae3c2a4f339cc4d7b4e9a069b3ad7c99ec5973504850f10f6

SHA512
411ae2d21e5de5dc0db9b38a6c61bff07b2cc586b0f31f0287ec125316b3f1db2b6a843f50f55c3ffa2d96f191c54b0c84b7e605f36142888d9c63b05677c812

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe

Filesize
432KB

MD5
32e5d8de50e0f2c8494815fad4333711

SHA1
9b0556ce31937296eff167bfddbe3e28646999e5

SHA256
92ccc8b0b22dd38fcb3709654e8b5fb3002b676ef3e35428208a686f00b9f5bf

SHA512
cfe4a0f3716fe56bfc02cdc783ab9372320bac1361883d4304200516ea338bd1bc355d59ee99233817d1fe773193e7556e9a435b5ddafe8379a99e92c6004c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe

Filesize
433KB

MD5
90aec3b706e3cc97d16534a11b9aa99f

SHA1
0fbe92010de569f033d0ec85ba1f493eb769b122

SHA256
84298847265a4c2cadf273a756d52903dc9bc3a95d546371bab2e62c13f4a193

SHA512
ef8dbd16647cd10f0f1c85db963d5d40d3eb410c41715237d4e9ce4924c0ae41b15b51ac4683d554779aadfaed04ccf0960415d812921ce7f38ff2a52d664d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe

Filesize
433KB

MD5
2f83e37923f8d0e3a45b29af81961022

SHA1
9ce53865f8c46a5b438a78f3428eec39bd58c338

SHA256
318636ef09d10724f411b3e30735fd0193cbcf09965a24ef8264d8a95747b247

SHA512
a0e4d99f263aa578bde4daf715a2e6535be0d503e27b7905323590ec49d0d2cbdc08c3f633a117835cc3cd4ecb710b59045a7213daf6e2149a7e7487a8f47e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe

Filesize
434KB

MD5
1c6c6ee4462cf9f7fbc5f4eadafdb223

SHA1
bace4927a33b8b79c71affa0ed9bb46eb8710b42

SHA256
4fa8e2275697b55132d4731088d5b90fd4a1e967e04f3580458c8953e1776b45

SHA512
d9dbbd3b13370de6a7685d4c8b13c4fceb60e1c8f882d1957ca9e76b77f53d0fd141d7a05a3d0c162e455d8f6c33d74a5fba5740545a0089a4dce3c61d459635

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe

Filesize
434KB

MD5
0d52fcda82fb0e9355638d4b6f13526d

SHA1
d4c709d3fb7f3629ee0ba33686c33808eb159c1b

SHA256
032422477076a6b2fdc9aae118bbbf8cd6723b6fc181de2fd715b1ce19190af8

SHA512
db2155bcec75e277862eb914c94a35f7474e9253dbe7a3c32088c95a857225e044070cf2ac4b706b5f7a525cbdb6e5d5ae36e45b42f5584bde19fa45d542b4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe

Filesize
434KB

MD5
c33a29063decc32c97d21a6ee772c593

SHA1
3eb52fe1f001468edc0bdc99645b0be8810399a4

SHA256
014b8e2795ba16d3eb38be687fc8dce9ab6542e27dce9fb5250017cc0efbe864

SHA512
98634f8f55a33c88366da57ba26387c30fe7b305d07c9f1ec1dece64e1dfa6e7732b2e4e15a1b3e51729acf00901845a0d727edaeca0cbda36bbe9b3d4dc3815

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe

Filesize
435KB

MD5
bb73a17bf1ec57a75b2ff081e657a13f

SHA1
83746b4ebc3f058f4df2dd121d7c2d6973be93a2

SHA256
4c62db44ac4d5d289a0a4fca32c7c64842173f421234adae8f508f5976c0d89a

SHA512
f12d3d292434f73e5c33b60cf1cf6c0091fb06c4e73fb3c0032b9e3456a1ee222611c5f167f5dac165f4b12c4e4693954fc40a2dbab8a544c77f33023ee96884

Download Submit
C:\Users\Admin\AppData\Local\Temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe

Filesize
435KB

MD5
c21c529d1927accabb9dfd2ce8a3ac35

SHA1
07d46b100e1eac48e49426a9be04989717e41d76

SHA256
194db9fa4817f9cce06b906d5641d7bbafc80c742ed968a5e96a49a2c5ac4bb8

SHA512
8a1b4ee9f119c5469c73648dc72474c43b67fcb11ca3cc3681e02f43de6be00e326040c5863e123b5b93d864f7ad9c394b068faa6d769ed65df1d8a5e83de978

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe

Filesize
430KB

MD5
5a0d53d8e839b305d4359648bef5741c

SHA1
8e389457e5f14acde1ae4c34491768e5e7be6dcf

SHA256
0d226859fad56ec1656d8ad8230c0932c28f138c2a6772fd6e7999ff87b602c8

SHA512
67a6079752f02130e3f0b27f1a24ee0cd57c58e8f4074322e6a4605fdca88cf2deb276b424423503374b1ef003214b5386fad809062bc6387c600ce4114e5ee6

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe

Filesize
430KB

MD5
ecbb7b3017b972b476e470899ed8db7d

SHA1
10feb13fb88001edaf51be2e1cf856ccb3b4f63c

SHA256
55599b958194d741bddae55222658a858499704ce18c5ab9cc4884a46e86347c

SHA512
2976664c50ad323c938a0cf7b4e43934b2abcfdb1d1282e264f32026a1f61ab7781b9b64b7dc482481bfbc64f56bc56e35072fda0dd628fc563ed434d1697c5e

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe

Filesize
431KB

MD5
9bf07ff75435072841ae734b53a49fda

SHA1
6c7e3f85e22c5cb3dc20b9b7a32d09cf63c24600

SHA256
744479871399c89543a16f5fc51d467b239bdccc7b2bd6d152796ffd120589b6

SHA512
a9d459e056b89f31be4726c6658d4532a01810cbf409e3902d2d747479077d7fdf83580c56dbe7ed554ed2a7e21cbc04a60f0a82aed48293cbd1ae2eaf5953cf

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe

Filesize
431KB

MD5
4562120e6d0671d60527ecde5fd329ed

SHA1
43587f2ecf5e63da9a6bb371064d24c6f4cac6b1

SHA256
a04d0b2faa27bd7e59fee5bd1684fc2b35544d861b5a5f3f070d2104befa9124

SHA512
9299c96b819ac22d7cce4113510f64967335b0b01ebdc1c6f972c848922052fbf73c390d0d3ed0a775db55ea7b3ed86ad760119e54adb2583a962bbabed1ad58

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe

Filesize
432KB

MD5
20563ec87058a51dda183f2a95cc8f7e

SHA1
ed6ab6f3481db1bf560e0552ebe18847d81bf276

SHA256
fd8b6950550a2bc4bfc062e828c5728612d3d4595a37f30fdd63d463ffeb72f7

SHA512
4b74357e3b618a980d20959fe74145e8fd30c790b133b94fbf1ee146419b8d145dbaa0d763aec7cd3fd682a563824472d43ec04c6630e358c0ba5b32b00f50e3

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe

Filesize
432KB

MD5
821850a72aeec5cfb0139229bc10a88f

SHA1
aa82f50f3753be4eea3e9163c9e2079186c3e601

SHA256
afa2cc5ff4d4ff8539fb172f3cc9099fc3c0178d386358944f8d6d3397b71261

SHA512
f0f80cf34db96fdea819b68a1b9d0be1c0e7b89ba96da7269b2815619223fc431a0ff3af137ecc9f66f4a584436926abb41e099263a9d41ab60326d8c704d169

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe

Filesize
433KB

MD5
3bc637b13c7457bb4a313a85ef7ae8a1

SHA1
553382108dd58837fd0a0f875f9ce4ad9b3d6ab4

SHA256
514c70d42ad48d3a044e5f396f79a33ba2b84ae13934bc8ee7c24257c206f183

SHA512
50f52dcd9ec764ea934c256237f25b3f0e8e500207bf2c7fbda34a9da334569924b0b887222e64ff61b6df2a282fdb3fd9aebdbbeff68c29068071843c74346f

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe

Filesize
433KB

MD5
6a0efcd0bc51762e2ed0afb57f302e6d

SHA1
45b695d7ab43bd01e941d722be628571e597696b

SHA256
26ccc1147b839c9c655defce1d80e9ad762f8e1bca1f0c798607e1ac6a7ef8e2

SHA512
bde18d1e3facfd65e0588f3242cbc22fb7d87fd90ab3fc5e90d1b9323e0cdf2003138cb97a5d5394386c8f9b690a513bebfa5a2ce02592698c5ac002716f7a3a

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe

Filesize
433KB

MD5
62b6043488c8325193cdd163e30b76db

SHA1
57763aa83e3dbaae06ca723ea00de73bb7484e33

SHA256
4e9a7725e40d71e08a54aa4db90cfc7105352983b1aea499ed8504664e99d572

SHA512
aa5479555040e20a8f43c999adecf1a138cb066b113442f87078f61ecb01cca566bace85e1a6ef61148d03064f492c0720bf6a6ac127f112b5e51acd673baf58

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe

Filesize
434KB

MD5
062dc5f2ac01c67d6054b8af677f176a

SHA1
887d8d54953431f6c799134d898a59a124d848c0

SHA256
c3114d8b34bbe087e6c14ff2a59008a862459ff8b76a340a4ad7cf939912b8c4

SHA512
c482ae57a8a5827c5f00533484df5ab2437d008201022e2743b7c5ad7b909a3c1ab74ff063ceaf244719cddebedd9d22e9ba01b8f05b862684db68ff20e82bf1

Download Submit
\??\c:\users\admin\appdata\local\temp\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe

Filesize
435KB

MD5
ccc87ba382a738510d52aff7fca0fca8

SHA1
761adc3194892840c894712b393d4e82885fe96f

SHA256
50bd15a4920c8c351db0a52857eec68552a26d75c36dd0751b69c34482bf3f7e

SHA512
f496e35831915c68821048c72779e2060ea0fc9922310eece9867c1dea98731816954877a5988097297ac4615a1cbcf79242250e9b63d13c83dd757dcf01f931

Download Submit
memory/744-185-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/744-190-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/804-41-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/808-231-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/808-234-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1148-264-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1380-159-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1380-166-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1484-229-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1964-74-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1964-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1988-253-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1988-245-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2168-30-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2192-267-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2196-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2196-10-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2256-124-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2572-135-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2572-125-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2676-201-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2676-211-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2756-83-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3204-52-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3204-42-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3372-53-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3372-63-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3436-219-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3536-200-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3548-244-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3548-232-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4036-113-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4140-85-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4140-95-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4364-136-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4364-144-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4444-165-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4444-147-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4496-103-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4876-20-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4876-11-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5000-174-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5000-179-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202y.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202x.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202s.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202f.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202l.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202n.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202r.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202v.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202c.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202j.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202a.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8814e8781ffe8853730635b9c2023367.jaffacakes118_3202e.exe\""	8814e8781ffe8853730635b9c2023367.jaffacakes118_3202d.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads