description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lexplorer = "C:\\Windows\\system32\\lexplorer.exe"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lexplorer = "C:\\Windows\\system32\\lexplorer.exe"	iexplore.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{SJH5QQ24-ED6N-WB4H-SVU6-010843642UX7}	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{SJH5QQ24-ED6N-WB4H-SVU6-010843642UX7}\StubPath = "C:\\Windows\\system32\\lexplorer.exe Restart"	iexplore.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\lexplorer.exe	iexplore.exe
File opened for modification	C:\Windows\SysWOW64\lexplorer.exe	iexplore.exe
File opened for modification	C:\Windows\SysWOW64\plugin.dat	iexplore.exe
File created	C:\Windows\SysWOW64\system.dat	iexplore.exe
File opened for modification	C:\Windows\SysWOW64\system.dat	iexplore.exe

pid	Process
4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe

description	pid	Process
Token: SeDebugPrivilege	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
Token: SeDebugPrivilege	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
Token: SeDebugPrivilege	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
Token: SeDebugPrivilege	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe
Token: SeDebugPrivilege	2556	iexplore.exe
Token: SeDebugPrivilege	2556	iexplore.exe

description	pid	Process	procid_target
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85
PID 4436 wrote to memory of 2556	4436	97746edc28621dadc9396318e8010d95_JaffaCakes118.exe	85

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.