Analysis
-
max time kernel
148s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
20/06/2024, 13:53
General
-
Target
069930e312b516a91e6b157af6696972_JaffaCakes118.exe
-
Size
62KB
-
MD5
069930e312b516a91e6b157af6696972
-
SHA1
a4f2954a404c1362fbe48c2b685b9fabfb6ebf9c
-
SHA256
99fa5ff5b44e87d2af5645a573e2786f58d76065d25a1530e7c7a0ff72d858a4
-
SHA512
b833b0cbf5785f2cd550013ca20f10eb30df37b335ea71f7a7ced5a701bd2439e8635f79baf19fb82650b1a0ec7a7690866246b3c4287ffbe0e0b4e1939a3957
-
SSDEEP
1536:LlqAd1s1p5h8B4/M8pQA80SkvKjRevw3u5:/d1aq5GQA80NvKjRevw3u5
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Program crash 63 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\069930e312b516a91e6b157af6696972_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\069930e312b516a91e6b157af6696972_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL2⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL3⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL4⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL5⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL6⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE6⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL7⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE7⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL8⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL9⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL10⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE10⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL11⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL12⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE12⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL13⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL14⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE14⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL15⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL16⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL17⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL18⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL19⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL20⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL21⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE21⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL22⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL23⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL24⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL25⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL26⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL27⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL28⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE28⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL29⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL30⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL31⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL32⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL33⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL34⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE34⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL35⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL36⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL37⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL38⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL39⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL40⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL41⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL42⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE42⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL43⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL44⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL45⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE45⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL46⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL47⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL48⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE48⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL49⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL50⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL51⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE51⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL52⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL53⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE53⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL54⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL55⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL56⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL57⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE57⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL58⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE58⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL59⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL60⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL61⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL62⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL63⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL64⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL65⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL66⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE66⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL67⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE67⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL68⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE68⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL69⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE69⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL70⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE70⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL71⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE71⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL72⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE72⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL73⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE73⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL74⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE74⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL75⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL76⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE76⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL77⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE77⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL78⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE78⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL79⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE79⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL80⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE80⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL81⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE81⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL82⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE82⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL83⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE83⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL84⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE84⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL85⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE85⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL86⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE86⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL87⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE87⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL88⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE88⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL89⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE89⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL90⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE90⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL91⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE91⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL92⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE92⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL93⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE93⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL94⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE94⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL95⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE95⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL96⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE96⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL97⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE97⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL98⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL99⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE99⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL100⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE100⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL101⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL102⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL103⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE103⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL104⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE104⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL105⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE105⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL106⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE106⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL107⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE107⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL108⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE108⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL109⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE109⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL110⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL111⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE111⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL112⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL113⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL114⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE114⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL115⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE115⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL116⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE116⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL117⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE117⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL118⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE118⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL119⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE119⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL120⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE120⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-