7367472e95d1c1893984de3a2fb912d3a750094214341f22e9561dcfe4d39f1e

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe
Size

262KB
MD5

9e761aa1bbf006794f5b23076a30d259
SHA1

40cadf11533cf0059a72a83e7e00b39a4fbb3cda
SHA256

7367472e95d1c1893984de3a2fb912d3a750094214341f22e9561dcfe4d39f1e
SHA512

5c69727268cd96d8b1c8efb85e6f31ba981af98612c2e03d2b3e93cc8753a82f7f410a9d1735d202b5dfe80ef33182886d6c22fffc09434548cf832f081c5bb4
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIgR4Zfjv:WacxGfTMfQrjoziJJHIjfjv

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1344	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe
4560	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe
116	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe
2900	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe
2368	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe
3928	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe
4512	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe
1456	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe
3016	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe
932	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe
8	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe
1260	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe
4448	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe
4444	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe
3792	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe
3296	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe
4852	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe
5028	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe
3468	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe
3652	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe
2456	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe
2248	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe
4768	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe
3220	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe
4032	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe
4056	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4700-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023305-3.dat	upx
behavioral2/memory/4700-9-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023462-18.dat	upx
behavioral2/memory/1344-27-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023466-29.dat	upx
behavioral2/memory/4560-38-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023467-41.dat	upx
behavioral2/files/0x0007000000023468-52.dat	upx
behavioral2/files/0x0007000000023469-63.dat	upx
behavioral2/files/0x000700000002346b-74.dat	upx
behavioral2/files/0x000700000002346c-83.dat	upx
behavioral2/files/0x000700000002346d-93.dat	upx
behavioral2/files/0x000700000002346e-103.dat	upx
behavioral2/memory/932-120-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023471-132.dat	upx
behavioral2/files/0x0007000000023472-143.dat	upx
behavioral2/files/0x0007000000023475-173.dat	upx
behavioral2/files/0x0007000000023477-192.dat	upx
behavioral2/files/0x0007000000023478-203.dat	upx
behavioral2/files/0x000700000002347a-223.dat	upx
behavioral2/files/0x000700000002347c-243.dat	upx
behavioral2/files/0x000700000002347e-263.dat	upx
behavioral2/memory/4056-267-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4032-265-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3220-260-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002347d-253.dat	upx
behavioral2/memory/4768-250-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2248-240-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002347b-233.dat	upx
behavioral2/memory/2456-230-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3652-220-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023479-213.dat	upx
behavioral2/memory/3468-210-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/5028-200-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4852-190-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023476-183.dat	upx
behavioral2/memory/3296-180-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3792-170-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023474-163.dat	upx
behavioral2/memory/4444-160-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023473-153.dat	upx
behavioral2/memory/4448-150-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1260-140-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/8-130-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023470-123.dat	upx
behavioral2/files/0x000700000002346f-113.dat	upx
behavioral2/memory/3016-105-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1456-100-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4512-90-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2368-72-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3928-70-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2900-60-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2368-58-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/116-49-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2900-47-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/116-36-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4560-25-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1344-16-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = eab30002c60c061f	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 1344	4700	9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe	81
PID 4700 wrote to memory of 1344	4700	9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe	81
PID 4700 wrote to memory of 1344	4700	9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe	81
PID 1344 wrote to memory of 4560	1344	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe	82
PID 1344 wrote to memory of 4560	1344	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe	82
PID 1344 wrote to memory of 4560	1344	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe	82
PID 4560 wrote to memory of 116	4560	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe	83
PID 4560 wrote to memory of 116	4560	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe	83
PID 4560 wrote to memory of 116	4560	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe	83
PID 116 wrote to memory of 2900	116	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe	84
PID 116 wrote to memory of 2900	116	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe	84
PID 116 wrote to memory of 2900	116	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe	84
PID 2900 wrote to memory of 2368	2900	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe	85
PID 2900 wrote to memory of 2368	2900	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe	85
PID 2900 wrote to memory of 2368	2900	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe	85
PID 2368 wrote to memory of 3928	2368	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe	86
PID 2368 wrote to memory of 3928	2368	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe	86
PID 2368 wrote to memory of 3928	2368	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe	86
PID 3928 wrote to memory of 4512	3928	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe	87
PID 3928 wrote to memory of 4512	3928	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe	87
PID 3928 wrote to memory of 4512	3928	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe	87
PID 4512 wrote to memory of 1456	4512	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe	88
PID 4512 wrote to memory of 1456	4512	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe	88
PID 4512 wrote to memory of 1456	4512	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe	88
PID 1456 wrote to memory of 3016	1456	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe	89
PID 1456 wrote to memory of 3016	1456	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe	89
PID 1456 wrote to memory of 3016	1456	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe	89
PID 3016 wrote to memory of 932	3016	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe	90
PID 3016 wrote to memory of 932	3016	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe	90
PID 3016 wrote to memory of 932	3016	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe	90
PID 932 wrote to memory of 8	932	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe	91
PID 932 wrote to memory of 8	932	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe	91
PID 932 wrote to memory of 8	932	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe	91
PID 8 wrote to memory of 1260	8	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe	92
PID 8 wrote to memory of 1260	8	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe	92
PID 8 wrote to memory of 1260	8	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe	92
PID 1260 wrote to memory of 4448	1260	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe	93
PID 1260 wrote to memory of 4448	1260	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe	93
PID 1260 wrote to memory of 4448	1260	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe	93
PID 4448 wrote to memory of 4444	4448	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe	94
PID 4448 wrote to memory of 4444	4448	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe	94
PID 4448 wrote to memory of 4444	4448	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe	94
PID 4444 wrote to memory of 3792	4444	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe	95
PID 4444 wrote to memory of 3792	4444	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe	95
PID 4444 wrote to memory of 3792	4444	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe	95
PID 3792 wrote to memory of 3296	3792	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe	96
PID 3792 wrote to memory of 3296	3792	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe	96
PID 3792 wrote to memory of 3296	3792	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe	96
PID 3296 wrote to memory of 4852	3296	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe	97
PID 3296 wrote to memory of 4852	3296	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe	97
PID 3296 wrote to memory of 4852	3296	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe	97
PID 4852 wrote to memory of 5028	4852	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe	98
PID 4852 wrote to memory of 5028	4852	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe	98
PID 4852 wrote to memory of 5028	4852	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe	98
PID 5028 wrote to memory of 3468	5028	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe	99
PID 5028 wrote to memory of 3468	5028	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe	99
PID 5028 wrote to memory of 3468	5028	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe	99
PID 3468 wrote to memory of 3652	3468	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe	100
PID 3468 wrote to memory of 3652	3468	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe	100
PID 3468 wrote to memory of 3652	3468	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe	100
PID 3652 wrote to memory of 2456	3652	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe	101
PID 3652 wrote to memory of 2456	3652	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe	101
PID 3652 wrote to memory of 2456	3652	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe	101
PID 2456 wrote to memory of 2248	2456	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe	102

C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4700
- \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe
  c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1344
- - \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe
    c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4560
  - - \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe
      c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:116
    - - \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2900
      - \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2368
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3928
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4512
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:932
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:8
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1260
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4448
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4444
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3792
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3296
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4852
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5028
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3468
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3652
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2456
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2248
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4768
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3220
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4032
        
        \??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe
        
        c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe

Filesize
262KB

MD5
67895d391de63cf23ca3a3671f8e2b2a

SHA1
6b606cd7c4113ad877a2fd22e6c32d1d498af2a6

SHA256
c10bd8144990742b6a478a737e13bb0ea58377fcd9b6696e07939d735f775f48

SHA512
4d41281a0fa0cf3350dc4f02eeee4967c5128e7243c36ff58c1c48ab7f8b2c1c75f84672eac929416ee7b07e27878113b7dc5e5f6d43fe26c08083b78f5498c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe

Filesize
263KB

MD5
407c8f77f5df8cd10105a4fe131e41ea

SHA1
531fee10d16f85686428a6060255fd8dd53f64c4

SHA256
fd67e0dbe8b70daa06da592b7100f561c0d4d17109ef94fae8844a7b5e1553e1

SHA512
e66b0b082b0e3b7f868527d9dd85f268e4b24a4a3b2904029078b8f0fedf1b64240c0794f783432107dc496982180b568caa94cc290bd7e856cd0c873cfbbaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe

Filesize
263KB

MD5
a44d921125e8a3933ff16369020b3ffd

SHA1
1cfa5985de90686b07c6cd5d1753e53157c8da0c

SHA256
683202b885b5fa6620152dfda0a0caa245e23d1228c42001962082887b167e6e

SHA512
ee4bc31e3a77885591c05e94836043b98d3034a0ca94015dc12abe4a03f34af0aaadc41276d86099903f3b2e5020ae0d65640bdb0a55d6f4f31e9dbc6bf8a917

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe

Filesize
265KB

MD5
969e9a9e2dd103b72f6277fb5ec974d8

SHA1
bdb8f4ba84d69f7a5dcba797eca8b5fbc36f151a

SHA256
890bd570242892327b48c9a6cec3a936d7c562b8cba9c58c11e71b3da1382131

SHA512
d27aa64bb1176c31ed853ab3a8f6b983f44f7b4fdca26ffca7a76017546ecbbc1aa5a48c0b0fb58019e6ece728a7b32906d8a4633c58a90d26e8a61818a33f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe

Filesize
267KB

MD5
92fdc3a35b38b30e76f07b7ad1714966

SHA1
d59528235c62c2971971b3e3c1df42839aa5ea91

SHA256
f7660bf3f90cb53e6966f80598adf44cb9c09a966021542a95ea80e66ea428cb

SHA512
7305ecbbbde26d9dd1475cd60f6d340fe777bbcb71e51be822dc927e9fe61698a611dbe5fed033e0afdffd9867421dba1003d9303926d4e3e31dcfb93ce310ed

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe

Filesize
263KB

MD5
8f498e2a566a951791cc4da144d55730

SHA1
6bc3936810ef24be1b6436ec02b723ca948d24a7

SHA256
89ae8de0992e23d2eb6cc4373dab0fcbbd923dc9f26929ea574dfdc477c6072e

SHA512
df5efd060c4f61b89e2bcf9a6e6a0b42202978bb3451838b65f304631820d02eef78d205637541baba8939a029dd3ed0b51c146c3ccf135f9f0e30913fdacf50

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe

Filesize
263KB

MD5
5849c6874388d242fcbfde12a2bd114b

SHA1
117db6e0c64c9ecb488a056bf76624a5e8460c3a

SHA256
3a293c766e254456581226b3a889811a11a69c72d355cb5045f28fe90943718b

SHA512
95419e3b6380b711484e7d2afee315a2c6aaac5f74657ade8aebf80ab89feb3c0f0aee01914c4fbea376e16ba5b4d0a5fb747d80a938586e10f9c8823912f9d9

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe

Filesize
264KB

MD5
c007d3f939583def546741350158a0d1

SHA1
24205ee38c15371558906bd5430c22489808e492

SHA256
8d1328a6e4bdd07d87c9aa439ac9da77261c0b74c4ce770bd75873485f683df5

SHA512
cbbd6b5873add2657c845e82cee4beec5b99c154373a46d0bf52071836ee6cf1d4f6038305b5836a80468d1864ce17131dd39a0e2044bb29402691bf17b99114

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe

Filesize
264KB

MD5
dfa5640fb272396f4c2b2e21539231b3

SHA1
fe7a981c85dd008f8abf1ef52b540c13756e2005

SHA256
035b5fa6ff7be104aa9897db94f349578a262dbe7dad8f25f228f9efe0715086

SHA512
fa71588f7372dc8290959e0eedef5da6e09e56073338353814e8297cdbb9c941d007cb93e22ec3eb23c6af6e6795a8e2cd74fc9f97acb43da307ab8b17bd8f72

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe

Filesize
264KB

MD5
7e4a0353aa8db82b521fec6847763402

SHA1
d8ae7bc30b7c82f9d6b7765dbe239c6709be85c2

SHA256
f9303ae07c83dc0ccaa49e8b4eee11eae9c571bbd628a9f957451d2ffb246911

SHA512
09537792486c00065d8caf795c5b8907aff069abcfe09628456160c3bb46c6f2268199ab80ab02eab07ebfa98c7087823ea606450e7d70532dbbc670ae95d098

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe

Filesize
264KB

MD5
bd1e4c9ca77c3856f1f04701bc23177e

SHA1
f483b2da7e6ea1b156132a01dfc90ab446d57e0e

SHA256
82deca6581b74c9ecfc6b34f925b83445da2110ccf0fbc5cc976575d0b6dd52b

SHA512
990b8815901e1b266e9603f8b71f31e7c534502a39f34e4e8751341fb6de22e686f6aeb669f92e8aeaa08794045740381cca0508e19c233d233cc9a53b7c2cb1

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe

Filesize
264KB

MD5
62d3e3673dd0c258cc681d056497fa9c

SHA1
548cc4869a7052eb0e85e5bc63b2ce921286969e

SHA256
3811eaf048bb49e8cc5559a4e612ff9494ed5d8fee251d945736febff546f8e9

SHA512
dd0d2f89e85da2bb6fb362f231b123b57b8e49743550416f4ce8f6890b6c45c0a935e47a8c3a4c7b7b14206e3d1c89716628a1a538bd210080e4840bbe1f74d3

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe

Filesize
265KB

MD5
11d244ace0ea6fbb054ce184f3bdc2cf

SHA1
2dfac66a687c5fcb62e98841badc30604e7558f1

SHA256
f0c18e770fd68c2f3e4e17ec07cb1449c807fcdc240ab70d5f91ff16058e5653

SHA512
d065b8b2e28d2927a53c8214e107199bd4152f55418643bf6098f400c6f059f3951edfb3a5756608373bac7e98cbab7b0be5b4570cb5ccbf1c318bcb15d9b348

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe

Filesize
265KB

MD5
b5b5fa1f07a856a73e5f7f61a9284212

SHA1
37b59e38da74d640137816e887b2585f51730618

SHA256
41c323f8956115fecb43469256b9b707864827481d1147114687d5bcb77cccdb

SHA512
42d38d2220ae2cde961670059bb8dc75350be669d725e643ac7787cab6e66297b9e3c8f44ccc05ad49f32eda5ef52a9a7f73cb258cc563b01d29b4ce727b7396

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe

Filesize
265KB

MD5
0b6ca4d3bbdeaac921e10eecd0d9688f

SHA1
6c2c197466d14bb2bd23d6c1835acdc53f095402

SHA256
de7c527b83a627f11e2ee05b733dfe0e595e3ad477d20b99d95744461945271d

SHA512
8584fe88b50a7f42d799eea4f1cfd05accb2662fc36da38017744c3ab11836ffcc29437d2b8c0402eedac3870e0e2ae8a9204f18f6a1a79a07a2ee57d6592168

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe

Filesize
266KB

MD5
af9116aa6fc2d878cd359703d0014f9b

SHA1
db02bfb139e4f11c21666674dad860404e380f21

SHA256
bbe4368d725080a29918dccc31bfe22cade4cdbb406bcc7b179b8d55e1aa6da8

SHA512
dc21c975cffd066c8c2c9837cc41f2ac845d0261eb795ca7b0d34a5b399beabf44047d5137acd0a5295102794ec6538eee4ed88898212a545f8c2aa89fe5473f

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe

Filesize
266KB

MD5
0a448a293569a99b0cf209b0a895dd30

SHA1
1a37d6362932fa9d492247c1c1c9dc3afda80b19

SHA256
310bcefb70633006f0d9f7d3e2cedd22eefa262a68b216ef7b23a1558d9b191d

SHA512
6275583cbe10312be3c20ce265449e54fc2ea827c7bdceba6b1f26c1682bdec21432c3d746a7ae91cce528688572de754b454ac9156d239e5dd042a27f7bd2ef

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe

Filesize
266KB

MD5
b16d76cdf5b28e19e988e01d1da7b8da

SHA1
cd54bc89e7ca9b00858a71d7174cd9434ccbfccc

SHA256
e6d6f25625f089d20a59d9c5feba18b83c445c9f9de6a346d73d2533776c0f24

SHA512
e07fe0c2fcb37e0eabacedeaa197ab57151d21d46e9967a6c1312470baa533fc04cf460ce4766e11c429928e9dc294951508533122324db885947250e220892d

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe

Filesize
266KB

MD5
70d8c9a66e12e4fba2f0e08a75faff83

SHA1
08dfda0f3e01e5d43d90d7c0080c9487f700df56

SHA256
4b740caef4514316229dc1468cdc7d6621bec0d71e5c823dc6ab1eb68a57ca1d

SHA512
fa0f7973dc960ad33e8637d91adafb812ba219fab310d5ee86276674822083499c90b92ec712ded428f2bd87ddb00556d6fb1a80cd8792f36a20377bda4e293b

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe

Filesize
267KB

MD5
ab7f3d5d86f8d6fb72468cd2413121b6

SHA1
e6a7dd6211b3ff6cde865b3455685bd4209590a6

SHA256
1d9a5a9f6a4fa89a68a76dcd524862df10a716b6484f3fdf6d07e9893a5e1187

SHA512
9572031477a01d30acf32f44faafb7ed2b419125b5b25812b3624dc58d405f4e84071b031feba5880bcae780406562dda3f44fa514993b0d068db40e0587a89a

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe

Filesize
267KB

MD5
5cdc9a94578b643000fe049236f30e19

SHA1
4e1227cf28f42c75081582d9234cf829b8e01dd8

SHA256
b247b4da86aa68fe2f21d40583a4b962db419d832cf9ea7fd0304f9e6876c732

SHA512
bdbac35880e3c8d9b489b53c423a7a71678acf7e8447b6d24b1179e967b158aadcdba6be5e667475255661accf9159f978f934fefbe02f02a299bde394f57f26

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe

Filesize
267KB

MD5
aa8469068250418eae82b8bd21299025

SHA1
33b31cae393046dbdd1b5451a43f74553cee5cff

SHA256
846d3ecf2c10c29d67c427000ad6a63a0bf69d149cdf50f2a0f17bc82799f75e

SHA512
d42d7abfd614ba572e8826dcc9f47ed05b6be9346c21a43a77ed6d1ca5fa35735395de8bc0bb39bd9e1437339513f35f355979cd36165335c70fcc8b1b46346e

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe

Filesize
268KB

MD5
f2bea3dc557ce4c10f373dec1adfd739

SHA1
40fcf7238aeecc239a210d782075f8c745efb19e

SHA256
ea6c9778d73eb3f3f93cf0dc78c7a49ead37c67cb22b5b90ef94f80bd6bd6cc4

SHA512
9ce3ce158c16ed1d854cb39afedb3025abde72598adf896800a578d5f74d36018673edc93d0af7e85c774f70f0d8db8c46c7af0c08e86fc298acfc39ec997169

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe

Filesize
268KB

MD5
ad96c651bd542fcdf3eaaf5f09166aef

SHA1
c2f71cedc40a564e673afdc4edc7bd51b6448297

SHA256
644649fd0f81b5ed4a1740a4c4aff9ad723b78f63fda191132342d925c600e77

SHA512
bc9cd06e55aa3917e2ac896155dfbfc208ddf4ecfbe9fdd871b0abac4553f409d168451b7cf27f8f65e053845afcf622c604fb6794c28f16dd3bdb2606d30474

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe

Filesize
268KB

MD5
799bdd739622260bb84bf331376209e8

SHA1
ebe527b6b03dc1a343f027e5142ebdda139d47fe

SHA256
c20ae3ed6010251283ea1c91dc4314caf852335354d1b3fff1a839a5f0fcc412

SHA512
07879b2216469323f68d120561033c7509ae457fc630c1afd7cc318c45c0b8873f3836c6d91dd5430a0416ac271bbb124e844d5a36980f3d3f390cf1c839c878

Download Submit
\??\c:\users\admin\appdata\local\temp\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe

Filesize
268KB

MD5
b2409ce33915fc0f141d817801e5eacf

SHA1
8d425322d43e7d03f68b32873356468bfa18fd30

SHA256
1f4e1abc0ddedcaca6b2ba3518d51c9aa0e2da76309c456f8adcb145254cf8a3

SHA512
97503f4b2d6256c786aaa365032e883164b50d8372099d54cff23a93025b63147bb95ad0702d9e35d13dfcaef7e95a86decb92bbde9eba83a14791f655c56c04

Download Submit
memory/8-130-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/116-49-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/116-36-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/932-120-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1260-140-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1344-27-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1344-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1456-100-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2248-240-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2368-58-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2368-72-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2456-230-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2900-47-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2900-60-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3016-105-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3220-260-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3296-180-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3468-210-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3652-220-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3792-170-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3928-70-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4032-265-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4056-267-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4444-160-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4448-150-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4512-90-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4560-38-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4560-25-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4700-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4700-9-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4768-250-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4852-190-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5028-200-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202y.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe\""	9e761aa1bbf006794f5b23076a30d259_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202u.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202c.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202s.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202a.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202l.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202w.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202h.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202o.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202q.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202j.exe\""	9e761aa1bbf006794f5b23076a30d259_jaffacakes118_3202i.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads