63136b321d21155107b2fbcc65c68c2ed7d39e1d008d59ce8678a617e78711fa

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Size

322KB
MD5

2e85937bc91b12e431861ed01125ac04
SHA1

f7f78c066c06a4037fb94e421d50fed35c7d11f2
SHA256

63136b321d21155107b2fbcc65c68c2ed7d39e1d008d59ce8678a617e78711fa
SHA512

af768eb95813ee7f30708107ef709309a991f4ff6300e038243a52d04f330aff3be49957a98bdcfc14229ccd39856a29122eec3a9faff542fe30ed3a8757b70d
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIg/RmMp0IddCbBN:WacxGfTMfQrjoziJJHIYHaZbBN

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2812	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
3876	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
3008	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
4312	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
680	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
2816	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
2724	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
1756	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
1404	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
2252	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
3100	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
4828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
536	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
4448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
4248	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
868	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
3556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
1956	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
4120	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
464	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
1640	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
2064	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
2208	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
3572	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1076-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/memory/2812-19-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1076-18-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2812-15-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023402-20.dat	upx
behavioral2/files/0x0007000000023406-28.dat	upx
behavioral2/memory/3008-37-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3876-31-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023407-39.dat	upx
behavioral2/memory/3008-41-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023408-49.dat	upx
behavioral2/memory/4312-50-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023409-58.dat	upx
behavioral2/memory/2816-62-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/680-60-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002340a-69.dat	upx
behavioral2/memory/2816-70-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002340b-78.dat	upx
behavioral2/memory/2724-80-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1756-82-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002340c-89.dat	upx
behavioral2/memory/1756-91-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1404-102-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002340d-99.dat	upx
behavioral2/files/0x000700000002340e-109.dat	upx
behavioral2/memory/2252-112-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3100-113-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3100-121-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002340f-120.dat	upx
behavioral2/memory/4828-123-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023403-130.dat	upx
behavioral2/memory/4828-132-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023410-140.dat	upx
behavioral2/memory/536-142-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023412-151.dat	upx
behavioral2/memory/4248-154-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4448-152-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023413-162.dat	upx
behavioral2/memory/868-169-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4248-168-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/868-173-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0004000000022ac3-171.dat	upx
behavioral2/memory/1836-182-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023414-184.dat	upx
behavioral2/files/0x0008000000023416-191.dat	upx
behavioral2/memory/1956-200-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3556-193-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023417-202.dat	upx
behavioral2/memory/1956-205-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2560-211-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023418-213.dat	upx
behavioral2/memory/2560-215-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023419-223.dat	upx
behavioral2/memory/4120-226-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002341a-233.dat	upx
behavioral2/memory/1640-242-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/464-235-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1640-245-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002341b-246.dat	upx
behavioral2/memory/2064-253-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0005000000022abb-256.dat	upx
behavioral2/memory/2208-263-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000d00000002336c-266.dat	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5c4cb9d8ce344abd	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2812	1076	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	83
PID 1076 wrote to memory of 2812	1076	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	83
PID 1076 wrote to memory of 2812	1076	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe	83
PID 2812 wrote to memory of 3876	2812	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	84
PID 2812 wrote to memory of 3876	2812	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	84
PID 2812 wrote to memory of 3876	2812	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe	84
PID 3876 wrote to memory of 3008	3876	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	87
PID 3876 wrote to memory of 3008	3876	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	87
PID 3876 wrote to memory of 3008	3876	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe	87
PID 3008 wrote to memory of 4312	3008	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	88
PID 3008 wrote to memory of 4312	3008	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	88
PID 3008 wrote to memory of 4312	3008	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe	88
PID 4312 wrote to memory of 680	4312	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	89
PID 4312 wrote to memory of 680	4312	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	89
PID 4312 wrote to memory of 680	4312	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe	89
PID 680 wrote to memory of 2816	680	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	90
PID 680 wrote to memory of 2816	680	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	90
PID 680 wrote to memory of 2816	680	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe	90
PID 2816 wrote to memory of 2724	2816	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	91
PID 2816 wrote to memory of 2724	2816	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	91
PID 2816 wrote to memory of 2724	2816	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe	91
PID 2724 wrote to memory of 1756	2724	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	92
PID 2724 wrote to memory of 1756	2724	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	92
PID 2724 wrote to memory of 1756	2724	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe	92
PID 1756 wrote to memory of 1404	1756	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	93
PID 1756 wrote to memory of 1404	1756	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	93
PID 1756 wrote to memory of 1404	1756	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe	93
PID 1404 wrote to memory of 2252	1404	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	94
PID 1404 wrote to memory of 2252	1404	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	94
PID 1404 wrote to memory of 2252	1404	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe	94
PID 2252 wrote to memory of 3100	2252	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	95
PID 2252 wrote to memory of 3100	2252	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	95
PID 2252 wrote to memory of 3100	2252	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe	95
PID 3100 wrote to memory of 4828	3100	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	96
PID 3100 wrote to memory of 4828	3100	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	96
PID 3100 wrote to memory of 4828	3100	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe	96
PID 4828 wrote to memory of 536	4828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	97
PID 4828 wrote to memory of 536	4828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	97
PID 4828 wrote to memory of 536	4828	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe	97
PID 536 wrote to memory of 4448	536	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	98
PID 536 wrote to memory of 4448	536	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	98
PID 536 wrote to memory of 4448	536	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe	98
PID 4448 wrote to memory of 4248	4448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	99
PID 4448 wrote to memory of 4248	4448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	99
PID 4448 wrote to memory of 4248	4448	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe	99
PID 4248 wrote to memory of 868	4248	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	100
PID 4248 wrote to memory of 868	4248	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	100
PID 4248 wrote to memory of 868	4248	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe	100
PID 868 wrote to memory of 1836	868	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe	101
PID 868 wrote to memory of 1836	868	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe	101
PID 868 wrote to memory of 1836	868	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe	101
PID 1836 wrote to memory of 3556	1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe	103
PID 1836 wrote to memory of 3556	1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe	103
PID 1836 wrote to memory of 3556	1836	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe	103
PID 3556 wrote to memory of 1956	3556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe	104
PID 3556 wrote to memory of 1956	3556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe	104
PID 3556 wrote to memory of 1956	3556	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe	104
PID 1956 wrote to memory of 2560	1956	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe	105
PID 1956 wrote to memory of 2560	1956	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe	105
PID 1956 wrote to memory of 2560	1956	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe	105
PID 2560 wrote to memory of 4120	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe	106
PID 2560 wrote to memory of 4120	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe	106
PID 2560 wrote to memory of 4120	2560	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe	106
PID 4120 wrote to memory of 464	4120	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1076
- \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
  c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2812
- - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
    c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3876
  - - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
      c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:3008
    - - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4312
      - \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:680
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2816
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2724
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1756
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1404
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2252
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3100
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4828
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:536
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4448
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4248
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:868
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1836
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3556
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1956
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2560
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4120
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:464
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1640
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2064
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2208
        
        \??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
        
        c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe

Filesize
322KB

MD5
93314276e0f698af085eb6d491a70359

SHA1
e8507d93dbcb7cb78ea6b314ecab95bb025f20f7

SHA256
b04d7a9c6ddcda8baecac87e1acfad18af6e2d14172379c017d683072b7d5033

SHA512
1d5960378d2a6da3fee7152a5a1264f6355b967d07375ba9ec193fa96f246a953f19baddbf0dfcdb78e3d7a0a3fe4e66ce444e1773fc2952af7b159b49fd007b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe

Filesize
323KB

MD5
3e291467976d359acbb9367061e7d91b

SHA1
70625d27b3db6ec085d25bb467f23a8fc37fbb6e

SHA256
06f6a2fcc43afd305d98af05073d465227fa954b84b9872cca91b83ec3859515

SHA512
abd79e4ae7422b358aebf659326cf4934cc86de4554afb55cf7bf8d6096e5441629163c605945de60d6ba4c1eedb10f068c1df7abfa2e55dfbbc5cbb6b130f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe

Filesize
323KB

MD5
02aa47838f5d4090ad16722fa0a4fb0a

SHA1
5cdceb9440a933a8d066298d8c432afebcd40ce9

SHA256
220595ac3be264a8ea7ae3400c24e7a8ce45d8404708c9a83b54c7f243a15155

SHA512
a632e88b64f3ee2093ca8972b5e6093fdb06ddfb1ceefdf0d22862519f8779b592477180ae9e791ff60ace7106af0359d34e689ef361caeed474484e2937d41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe

Filesize
323KB

MD5
84d0be53fa6578e8a9ef71400135e57c

SHA1
b5745a16135653efceae2ba331877dea3a540761

SHA256
ecd9e20adfc4d4946a9f8d267157b22c1067e11675d212021a8408b39e8501d2

SHA512
e80433a4d02adc320d4f529149454605bf85df226e4253e6a4e42bde3e5981671fba6dca3733a8e8c8fc268e423d07bcd22d06fe0db2bf58b4da5601edbca78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe

Filesize
323KB

MD5
31f7df49a13746d382b9811770fe7168

SHA1
6b9609b18d7df0a48aace9a47dc6be6d29ccc381

SHA256
2a81ff4b9043038b1a51d81a10717f1534d42a52cae0e0a2da9c8e41bfd037e0

SHA512
dfecbb59f2b2118356e7cb77b135f41e5afeacd43faa00b999145fb1cccccdaf2ba3ad17a26d4bec06b7f1c5b65dd3b9dc73cdb9cee9ce530cbe0fc6332c0777

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe

Filesize
324KB

MD5
e6461535800d81c65505278fd93e2531

SHA1
04ce433509a719928daae553a3d2fbfc5b347ee0

SHA256
e75ebccc442180dc7c632c95dfe747f938222a9f0bc68d9523a0068c1148edca

SHA512
6074c1ba86b6d280a7e6b710785f5a6790b95fc287249bddc79e0565aac96923db11d9ad3fe51042d25f603f25ce0f38a443d599d322c2a4455109ccacebfd35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe

Filesize
324KB

MD5
9058fc0448e491c8fd3aeb45d6a11e11

SHA1
68ee516db399f7b8cfb3c21be70c27ebfc88cd21

SHA256
f4cf0daa9dfeb8e3452d08d44c311c1b47551e540f9d5fe645727f88e09b2322

SHA512
aab59898c0ad3d32b6d388448b3f6ad788e194e4b34f120f3120103e5e0fe766d43cdcce1420c7cb25453bdced769c91311f2f0b9b5089963229c8d4dd9efb99

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe

Filesize
324KB

MD5
81964c92f20c15492031392661dbe66f

SHA1
6b6bed277b42695e3767506359ee7abac2f83df3

SHA256
86a8e68edbc8fa44c51106cb851b2021439f9be550c56cfdbcbe292e78ea9d21

SHA512
c97e161ce3505da586359dcb9de36d0891ec03892c9f9742cf5f760d67f60ff2009e06a865b987ecfeafe3eb69dc9cb30d9ec4216be06f9917c5db34ca935964

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe

Filesize
324KB

MD5
ceade843a31bd2207e6bc593f873828b

SHA1
2204c08ccadda820643add33690ba7bb3dce863e

SHA256
7ee5c230a119c33f41b981f4b36241d25c0a92ccc9cd425d6c0f52bb85f5015d

SHA512
aceeee106fbc25f2135d6130c8c48cd34094f788553ab56533de005422ad3ceecb923b7c1820deb8c788408f4e79e2ebc3924fe4972f9734f82c746e2981adef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe

Filesize
325KB

MD5
082c920bd6fb848ee4b0ee6b3b9d75cf

SHA1
58d1d480f914a4652da222efec38b54df07426b0

SHA256
e1ba19dda1ef69e6f753251ed8df01a8293d48c57b88071831c49f4b17ae0bee

SHA512
9a12334ec9eed06783a76d2aceb4700316070da453bac0c09bb45ad4ef9f19ae8a53df7e92036ebc52935ceb618e0d58eded9b37b0ed7ddd4b01546bfa16e8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe

Filesize
325KB

MD5
d0a75cee1f4cf28ca772f373457885d3

SHA1
b89840698b0383ec7c2568b0b5a4733dc094e285

SHA256
2144d9a140903b26ddecf1db535fde3fa33292137505e1e80b3732d8b277d159

SHA512
50fc6bf0f6964c66a981a58b6aef83fd8ed522de2bd0a3b56d0a63452b0acc4a1ae7814a76bec29f76c250c985100f0d493a72899b93513cb6881e8cd0f44bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe

Filesize
325KB

MD5
ecefec4061fa01c44a0c927633d88f5c

SHA1
6214de4353eb5f1f8a38acdbefce7c35120ef590

SHA256
7053c0d14538e3f82b600c5211cc93bdccc235df510002e43e1be2d0ec9bca2c

SHA512
5de773d47e37816e8eecce31763369b1fa74802c3f3957f578b1d8f241b143482aa6b007aaf7adb9ac1cdea4ec5d58f2d4a4e6ea42d79956a9b8e52697b6c651

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe

Filesize
325KB

MD5
427a249cb981c37d694edb5aecb73962

SHA1
213fd2e81e8870dc164160b814fab3282f3a111a

SHA256
0decbf5ff97153dfb067c9755b6f1943d2275b05b5b5f8fffa5849be9fdb0dae

SHA512
c839b37403c542f8dea99623f3c3d4319b502b44523ac047a15c6c8b0009434d884c074d15e43ddd4f204b90db9aa7f7eda9356a4b91577b7449957e5421833c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe

Filesize
325KB

MD5
9aa97c4955cbc5ab370ec91c5bf0d8bd

SHA1
6479e1688d9803633ba791f57ef3cbe07557fc32

SHA256
56802445b8b0d42caffcbb05f5aadbdfc3f1f48d238bf94cba13bef178485618

SHA512
d2ea57267551935e99e01db952ac4dbf36b78ee244aff5826620d4cbc65d33b44a516792736f8359bc89fd4813ee60dea6f520856c90800ed7c3603dcf40746b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe

Filesize
326KB

MD5
0720c81c54bb3fde144e468159f4e6ff

SHA1
b6a467620e1c24c82a43b0f8fe6631c1ed706119

SHA256
60dda55920301ccfebc2f4c6552eacff977bf722d7c78295362e96858b49f0b7

SHA512
f5f9304fe5aa0c461c4acc8ce6c0e9ecaf6b6b1abbc27e021d27b230fd0bfa62615fd82f79440e5a575625483ca1091c62c9ae6a88e6f0e80b992a55d15d106e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe

Filesize
326KB

MD5
ff16baad20c1165426d6b20d1e1cdafd

SHA1
4966480b62980c249ce209e56fb87edf74981a1d

SHA256
859b6316bce3704c0c3aa392e4a6a4aee4ad131f17a94265496ff03ba9951519

SHA512
a78064bd4295315ed21aa5057159e971dab0c611c32ff47dc6a8532dc40873fc0d0086d276e477ee9a07acefcc123ea65620d8cbe421303a31cf33931244c1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe

Filesize
327KB

MD5
642567f5930d2e02706d97b64ae298fa

SHA1
db25fa836c6da8487801ea1ffc99a0b9837c2b89

SHA256
4ce7f82253ce36f9db4892a1eb436fc64497b304fde35163f642d3aab5833366

SHA512
c4930a0b1205b4c92cfbe6d223287c47c8de93c8f1501476408e84b86909f76aa242e0da56257b26d4a9184efda20bdbc4f633c42c44c4e4a7c55a4a6397a74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe

Filesize
327KB

MD5
31aaba2e3c564b63a42666d7470770bd

SHA1
0d3cc5a9fc0fbb96826e2f53de0a577ec14c6aa1

SHA256
87acf7bae2dc0bc4ee2e0022daa4c786a31c303196ca62f97c812dfa078703fc

SHA512
f665e1537387ae7fa39bf5cc74db07d26f9ad1c2a6841185e6f3bd98337500743e1c72e58d3be96c38a2c91ae0f44eab024fa8a7da77510f3939100d79124ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe

Filesize
327KB

MD5
4a58ec94ed7f6a8083a47539c3d5413f

SHA1
3c86446d4fea72b3250098124d6688dd59820e37

SHA256
3c6ccfb23ba717a631576c4f81a42f8db94ce1b0a27087833c3ba7ff210baee2

SHA512
9a5346fe63a26b1eb9f5f540ecd6bca45c2eef3d8840da39fe209f8362b95b558cb2013441a596c1ad171ec219e5d63b5c9b23179966fed3da9857a95ddf9185

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe

Filesize
327KB

MD5
495e3046d934fe59b3c868da21e253aa

SHA1
370ced890a823b66ff9efa9ee932c788233a918a

SHA256
debcb50f6b1aad9be61b62ad565be529d9d19c6c903445c4589c096d9c7d4a57

SHA512
b3d2cc1ffc202efd6c1c989881dbe192034ee0483733eb7fae7bcce8c622a4fae19faa1464d58c085ed3f083fc450906d1f47ebd0dcdce372d371c4fc0d83fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe

Filesize
328KB

MD5
1417dbf40b73e76da9d933449cd1d876

SHA1
59c82f4b5cbcc08fff612a0772c906b7a2d5fee0

SHA256
9b5247d6495c2c2d8563d5c6b1605f30a55b9618a7f9e5bc944b153a2feda25f

SHA512
d1699d35feefbd6b7dc1bb974a12c3df9040bd1973e85e37aa9ed0829097c1c194425538ccb96bedcca7b9336461537b5a827ed9c7306444306b841c8d138c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe

Filesize
328KB

MD5
dc836688b8047a61e2087a821c29f50a

SHA1
e350c4313ae8ecf1812aa27b1081dd18eaf37d33

SHA256
1dbe41123d6a3bd55fd80c2984e800c29670e152b0e248a44d407b2780e18f6d

SHA512
badaa9a6824b50ee9bd09f25bcd3f9d7f79c8f5e985d568788c993f136b6c67584ccd55e943cf0612bc99babc12593f26663a884cb2ae73f8d6dcd27873bb0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe

Filesize
328KB

MD5
46c4c6838a9ba191e6b7c83475f03704

SHA1
0b6d4e3628c7683be45f85b27978d133a957d494

SHA256
97b374f1e2f9651207382119334dc8c8f6b1e10baf1a520f1a84f376aab97ec1

SHA512
ec0b9207ae1147e8037181fe888a71019c61e9e6a008432e5e589308c1b0729d56e6fd42f8a56dfd5630f0a5147465604d17c0d40301d0c018e430ef7ecf05a9

Download Submit
\??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe

Filesize
326KB

MD5
0aa36e8372261c44dff4c36918294eae

SHA1
3f446682e4622356b78e885a42cb420b8477ff6a

SHA256
f159a99f7eb9465631c96a1db11020301da4c1824c713ebd24353463769371df

SHA512
1c5ad9e6b2fe19f25726a91ade453ea74719b340c0bc763a13df8f3a688412367244f2a2e909ea259240e291c3f0827777a85c8bdef856abf220fdb2939e6c5e

Download Submit
\??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe

Filesize
326KB

MD5
608611c4ca91fce521380f61789a9c2f

SHA1
b404779897d80168cc32296ba1313531b57a4b92

SHA256
69dbed7d1c420151a4d2e91b55c00b1de125d6211d150725259ec3d68726e22d

SHA512
2c38ae683870a8a60e2d1887805e932b71300fbc4908eeee6818bfaf81aa20efc5bac9e8fe6fe89f09146e0d45d6a2f627d8b02447ca036f390b8c8206b9119a

Download Submit
\??\c:\users\admin\appdata\local\temp\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe

Filesize
328KB

MD5
17363bb68453ed5984a0ec145ff03dea

SHA1
00e921bf10d1d3ccb4b5793814dca07d5ebecda6

SHA256
27ef0c703e1c773797c6d8f5bf5f42d2636c0042b6093fc99cb25023f0712fed

SHA512
53a7c9abf2d5258aef517daa1064edff29584b5abf2ec091d58df6b5d035e3edc243c632d403f07079944d8bb068d2801c908a586db7b0942e4c2b507e2158f9

Download Submit
memory/464-235-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/536-142-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/680-60-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/868-173-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/868-169-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1076-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1076-18-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1404-102-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1640-245-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1640-242-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1756-91-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1756-82-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1836-182-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1956-200-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1956-205-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2064-264-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2064-253-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2208-269-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2208-263-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2252-112-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2560-215-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2560-211-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2724-80-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2812-19-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2812-15-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2816-70-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2816-62-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3008-41-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3008-37-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3100-113-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3100-121-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3556-193-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3572-270-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3572-272-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3876-31-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4120-226-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4248-168-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4248-154-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4312-50-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4448-152-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4828-132-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4828-123-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe\""	2e85937bc91b12e431861ed01125ac04_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202k.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202y.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202c.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202f.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202j.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202o.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202q.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202x.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202b.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202i.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202u.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202s.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202h.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202m.exe\""	2e85937bc91b12e431861ed01125ac04_jaffacakes118_3202l.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads