63136b321d21155107b2fbcc65c68c2ed7d39e1d008d59ce8678a617e78711fa

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Size

322KB
MD5

2e85937bc91b12e431861ed01125ac04
SHA1

f7f78c066c06a4037fb94e421d50fed35c7d11f2
SHA256

63136b321d21155107b2fbcc65c68c2ed7d39e1d008d59ce8678a617e78711fa
SHA512

af768eb95813ee7f30708107ef709309a991f4ff6300e038243a52d04f330aff3be49957a98bdcfc14229ccd39856a29122eec3a9faff542fe30ed3a8757b70d
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIg/RmMp0IddCbBN:WacxGfTMfQrjoziJJHIYHaZbBN

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
1932	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
2092	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
2380	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
1556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
2448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
2320	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
2412	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
1600	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
2936	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
3016	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
3016	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
1932	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
1932	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
2092	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
2092	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
2380	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
2380	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
1556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
1556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
2448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
2448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
2320	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
2320	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
2412	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
2412	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
1600	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
1600	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3016-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3016-8-0x00000000002F0000-0x000000000032A000-memory.dmp	upx
behavioral1/files/0x000d00000001226b-6.dat	upx
behavioral1/memory/3056-22-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3016-15-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0036000000014b58-31.dat	upx
behavioral1/memory/3056-30-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000014f41-38.dat	upx
behavioral1/memory/2648-47-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2668-46-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000015406-54.dat	upx
behavioral1/memory/2648-61-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2560-63-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000700000001552d-70.dat	upx
behavioral1/memory/2580-80-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2560-78-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000700000001562a-86.dat	upx
behavioral1/memory/2580-93-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000015678-101.dat	upx
behavioral1/memory/2780-109-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2624-117-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0009000000015c6f-118.dat	upx
behavioral1/memory/2624-126-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000015d77-134.dat	upx
behavioral1/memory/2912-141-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015d7f-148.dat	upx
behavioral1/memory/300-155-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0037000000014bca-163.dat	upx
behavioral1/memory/2328-171-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015e5b-178.dat	upx
behavioral1/memory/2764-186-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015f05-193.dat	upx
behavioral1/memory/1620-201-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015f71-210.dat	upx
behavioral1/memory/2268-215-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015ff4-223.dat	upx
behavioral1/memory/728-232-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1148-231-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000016103-239.dat	upx
behavioral1/memory/728-247-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1932-260-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2092-261-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2092-272-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2380-283-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1556-294-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2448-295-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2448-306-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/828-317-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2320-329-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2412-340-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1836-351-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1600-352-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1600-363-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2936-364-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/828-365-0x0000000000250000-0x000000000028A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 22f8019a0d5b7524	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 3056	3016	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	28
PID 3016 wrote to memory of 3056	3016	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	28
PID 3016 wrote to memory of 3056	3016	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	28
PID 3016 wrote to memory of 3056	3016	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	28
PID 3056 wrote to memory of 2668	3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	29
PID 3056 wrote to memory of 2668	3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	29
PID 3056 wrote to memory of 2668	3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	29
PID 3056 wrote to memory of 2668	3056	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	29
PID 2668 wrote to memory of 2648	2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	30
PID 2668 wrote to memory of 2648	2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	30
PID 2668 wrote to memory of 2648	2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	30
PID 2668 wrote to memory of 2648	2668	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	30
PID 2648 wrote to memory of 2560	2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	31
PID 2648 wrote to memory of 2560	2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	31
PID 2648 wrote to memory of 2560	2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	31
PID 2648 wrote to memory of 2560	2648	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	31
PID 2560 wrote to memory of 2580	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	32
PID 2560 wrote to memory of 2580	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	32
PID 2560 wrote to memory of 2580	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	32
PID 2560 wrote to memory of 2580	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	32
PID 2580 wrote to memory of 2780	2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	33
PID 2580 wrote to memory of 2780	2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	33
PID 2580 wrote to memory of 2780	2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	33
PID 2580 wrote to memory of 2780	2580	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	33
PID 2780 wrote to memory of 2624	2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	34
PID 2780 wrote to memory of 2624	2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	34
PID 2780 wrote to memory of 2624	2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	34
PID 2780 wrote to memory of 2624	2780	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	34
PID 2624 wrote to memory of 2912	2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	35
PID 2624 wrote to memory of 2912	2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	35
PID 2624 wrote to memory of 2912	2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	35
PID 2624 wrote to memory of 2912	2624	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	35
PID 2912 wrote to memory of 300	2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	36
PID 2912 wrote to memory of 300	2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	36
PID 2912 wrote to memory of 300	2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	36
PID 2912 wrote to memory of 300	2912	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	36
PID 300 wrote to memory of 2328	300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	37
PID 300 wrote to memory of 2328	300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	37
PID 300 wrote to memory of 2328	300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	37
PID 300 wrote to memory of 2328	300	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	37
PID 2328 wrote to memory of 2764	2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	38
PID 2328 wrote to memory of 2764	2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	38
PID 2328 wrote to memory of 2764	2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	38
PID 2328 wrote to memory of 2764	2328	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	38
PID 2764 wrote to memory of 1620	2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	39
PID 2764 wrote to memory of 1620	2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	39
PID 2764 wrote to memory of 1620	2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	39
PID 2764 wrote to memory of 1620	2764	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	39
PID 1620 wrote to memory of 2268	1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	40
PID 1620 wrote to memory of 2268	1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	40
PID 1620 wrote to memory of 2268	1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	40
PID 1620 wrote to memory of 2268	1620	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	40
PID 2268 wrote to memory of 1148	2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	41
PID 2268 wrote to memory of 1148	2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	41
PID 2268 wrote to memory of 1148	2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	41
PID 2268 wrote to memory of 1148	2268	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	41
PID 1148 wrote to memory of 728	1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	42
PID 1148 wrote to memory of 728	1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	42
PID 1148 wrote to memory of 728	1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	42
PID 1148 wrote to memory of 728	1148	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	42
PID 728 wrote to memory of 1932	728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	43
PID 728 wrote to memory of 1932	728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	43
PID 728 wrote to memory of 1932	728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	43
PID 728 wrote to memory of 1932	728	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3016
- \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
  c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3056
- - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
    c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
      c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2648
    - - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2560
      - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2580
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2624
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:300
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2328
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1620
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2268
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1148
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:728
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1932
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2092
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2380
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1556
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2448
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:828
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2320
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2412
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1836
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1600
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe

Filesize
323KB

MD5
19e605de2c2bb6c96072d148c9b0f630

SHA1
969676e93d9dc4d248e873ed8e6cbf7c01106c12

SHA256
4743b1319fba92651c8183368ba87063c13cdcac19c2564678ce7ddd44580dbf

SHA512
4965aee651dbc39dcddc49449ab8f69135f3b6776ae1bf36759899bacf2b628ddd22d1e9435230aaa0bd806116f68d10b32b0b4009ba56ae9c2e199863fe48ec

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe

Filesize
322KB

MD5
d46803d57204dc0dc04f16ac6c34e6e5

SHA1
74562d96328f0cc92300787da7f64b1697e7c86a

SHA256
484ef7a2ac5382c5107f605ba7fade82f74fab73f4207f49ac528d136ba0bf4d

SHA512
0b40de1265892bb44a82b2d8ac9e8923d93799c33b2c0ee4596644f95853e5d575b3aa304de25670c4e1838f9f37872d8ab907a272733af893314f24618d0a45

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe

Filesize
323KB

MD5
d2bc61bdedf99c87275fb4cc6a9e14b3

SHA1
a72d1fd09148f718eff321f68672034e785c702f

SHA256
115e4dc46d35d9309641872ffde915c7dd96a6f4dc11c1e615cdc3d3e6d4930c

SHA512
bede97a80de19c5cb591bfdc6476e8dd1b9c1f02649696eeac57e9d0574ff7050f3975e667ecd3a4228a9714c9cd733fea27c4dbb50463408afbecb56630d665

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe

Filesize
323KB

MD5
ade95711cfeff5f2ba3fef67b4b67a10

SHA1
e2fe377405bd5463a1d556ab80b11cf27335c9da

SHA256
cd17ea08e0981ace7030d60cde3cf606a8d7fbe3da99835988f7e788af436388

SHA512
a877f22ed4c51cb516fa008c860742791d368f58780858f8ae81faa85f6ea431601ee172098a4309acd1616aca8baa91b0b603fbcd87e6d1e68207f58dd1e15d

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe

Filesize
323KB

MD5
a60d4598812b7e423692022728bb078d

SHA1
16a62ef40ba549260fb3864e5e1fdd5ae36a18d8

SHA256
6bdba81d6a0b73e83084a9e5cd4e8b8725399e84527974c5d48082f8ffc5915d

SHA512
37cda7a2f26b4a1ba35ced4c61145622800557c239d2fea7c09ca48638e9b88f0023d3664ba5701b206f39ddf3723ad6da759eecfdb8dddbce4875a2da5bc4fc

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe

Filesize
324KB

MD5
538101303667653e5547c687e1554b3c

SHA1
8ecd7fbdebb3b741947872e501ba67fc17759538

SHA256
1a3c5badf512fd37060dc08c8ffa120b135ac2bf2f052550a62315d3b05d436b

SHA512
ccd97f08ee5691eaf3e36c85fe32f274a19bf4bd3037fe53cb4c6043ad0f3cc0d44a1d6b1adce6d969c2d49218cd666815ed021365e953d743e8229e1287f6db

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe

Filesize
324KB

MD5
80ed04e7f627f2be98b243c8781443db

SHA1
cbd58b3b1014285bcba86a764367cf0d4d85f018

SHA256
e06cd2250cc93e37625c797de945cad3afe61ea01c44a67439dbaeab18d40a21

SHA512
6ed7dae10f23d03169255d5dd96608070b0df874c13d36c44b337676dae7ec2c767bb31872d23f757bf5c9bdc4e2847b4100857a14b92aa27393a5f873c1d737

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe

Filesize
324KB

MD5
c6f862b39cd3dbc5eb66ab413fe467e6

SHA1
53981f2c0ef228f6ee663ed1dc155f22e01ecd0c

SHA256
e6dc630ccb1460e8b03378dd1352699160443db50d121021825614b9688dfbbf

SHA512
424c924b61f24318eafe18708cca39682e90bf741ccc8c5d37a7b10e6f1f52b186bde6213c22058ca033618592b91f056b9394e3074fc62de312c199760bee73

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe

Filesize
324KB

MD5
38c75d863728abfd0d6a8d71d26d96c0

SHA1
1b5e9b24e1045b1d6fceb226b0bea332f2f7a302

SHA256
da9367009eb6d45ea4f5ba89922b6bde05e8220f3ad48e0cbffc3b961f628d5b

SHA512
84502a72a6ecc9113c510a1c580121efbb852dbca4bff4c63edab3b3835ae782e6065562eae18725c9f1d080c84e35c8dbb2e5766a0e69af17431e985399cb9a

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe

Filesize
325KB

MD5
bce5f64793253471e7a4c0ae437974f6

SHA1
ff2c11335cc2d803645d5d68a978075cf04f0084

SHA256
c4d483ff0890f4e012a1bee65eb5febf96b75099225390de1ff8d835c9f7ea5e

SHA512
586f22b6bafdf4b2ecdde65c9586776ce9c19d56c2d03d99bec854cea4d2e3cb2838979bb874f9a02eb64282846701c5bb957fb2a4bc2a8ec9a19d6b0f533fa5

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe

Filesize
325KB

MD5
0be76266cead30384fb173f042f59291

SHA1
3b9513eff14761f86a4d0d6b0ffba4a3bfb08e5e

SHA256
158c98ba1260ab19a1bd9dd9dca3c21a9e751d223aa23668f84c9579fa8c0e77

SHA512
db946f6a80e7f3a2906d4e01c67b970b2f156719e7f2d457a72282ad4fab20966293aa75b2cf3dc297ab7ee4256f77b08fac0d5fa90533774de960a0f59d8a15

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe

Filesize
325KB

MD5
043e66482582a875149049386efb3b64

SHA1
c526c9c0fa695914f13d1252a62a6769dacf1caf

SHA256
edcc5840214250abf8a2b03aed5eeb157cd68ffe63407d0f64fa0982c6acf058

SHA512
7ebc9837fa5bc077f522c20311905d20b6a1310a6b5cb2bd46ceaa89c2a1a9012df3b6f134b1b9c97856ae4ed9ab51e12e299640b5dfa15acdf8e91c5e3df36e

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe

Filesize
325KB

MD5
9d45c47165c71df998a591eacadfa0c9

SHA1
6a53357353cef0c31e6980ee203409e9fde610ff

SHA256
b49ee81b9421c6596798460f68df2d44b1da30782ac2c61d765e9bf8477c4a09

SHA512
0a022ad25e98c696271f2152c3f605f1e9be3d044c2b9b57b0be5b39c91eab8845b405a28192bb8240287eda19f5d25e8629251bb2046590529e122a0b220057

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe

Filesize
325KB

MD5
39d4809a0be1b11a669b1da29c88edfe

SHA1
673c93ba5e46826947fa6f9fb107a76824c2719f

SHA256
17a9ee49992bdd14206edb46d135efc7dad9969e2f15d806e72aa102af976a2f

SHA512
691686c929c915634256e6e345e8df0983eb96a071ae121b84c55ebf35638f5196b035f00f15150453c45131fba56d3791a18a28308e5924e0ef54de73d82fb3

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe

Filesize
326KB

MD5
d4a13f3ecc35853eb2cbac6d21a8c2e6

SHA1
d36ed0299ba90d3cf194657be07f46971f7965be

SHA256
754d71b269e3a4bf409d05079d52cc378d9f221a374d102b5caf86a3bbcc3a50

SHA512
bd929704583b6a239f01ca71dbd41447a20e27feac74523865094e6a4f16b997ab89abdc18ed11be9b92e9072ca5208d05f096cda57b78128bb98649c5c349f9

Download Submit
\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe

Filesize
326KB

MD5
ec39ed1cd9b18e6cd154506643f277f1

SHA1
5a74d23b27f5ed4bb928893f9d1691291539edf3

SHA256
b7760ee79a4f6711ed942921215d040657745c4b4f1f4129145f336fc0e32d32

SHA512
f15bec171ab6dff09a632e7762867b623b43e1046a654d9272312e90134ea2999f9617297390b74803c0bb9188ad846c267d8c00fe7bc3d8d0dc01afe8c7a379

Download Submit
memory/300-155-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/728-247-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/728-241-0x0000000000390000-0x00000000003CA000-memory.dmp

Filesize
232KB

Download
memory/728-232-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/828-365-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/828-317-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/828-318-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/1148-231-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1556-294-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1600-363-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1600-352-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1620-201-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1836-351-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1932-260-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2092-272-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2092-261-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2268-215-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2320-329-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2328-171-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2380-283-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2412-340-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2448-295-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2448-306-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2560-63-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2560-78-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2580-80-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2580-93-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2624-120-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/2624-126-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2624-117-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2648-61-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2648-47-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2668-46-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2764-186-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2780-103-0x0000000000310000-0x000000000034A000-memory.dmp

Filesize
232KB

Download
memory/2780-109-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2912-141-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2936-364-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3016-15-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3016-8-0x00000000002F0000-0x000000000032A000-memory.dmp

Filesize
232KB

Download
memory/3016-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3056-22-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3056-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe\""	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads