9e90018579650e491ec2a3e6618564d103fdfdc68c367a9211e837dd4917c5f9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe
Size

408KB
MD5

082635ce6fc914a3ba378795f2e3fd72
SHA1

34659101d965d271eafb9f8594a25b249690665f
SHA256

9e90018579650e491ec2a3e6618564d103fdfdc68c367a9211e837dd4917c5f9
SHA512

05070223821df10c3054a3b6bf3d3d0fa32e1a85fb8ef05ac6edb9425d74735b4b29a4472684ad5ec7ace96c0fea416202a631fd223d4fdab14fe7c3c73d9bb7
SSDEEP

6144:BLDuvl52KDchS3JZgIYo/b6TrOPFAVCYRq3ncBxR:BLOl5J53jYoTwrOPFAVJq3cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2248	1924	082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe	28
PID 1924 wrote to memory of 2248	1924	082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe	28
PID 1924 wrote to memory of 2248	1924	082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe	28
PID 1924 wrote to memory of 2248	1924	082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe	28
PID 2248 wrote to memory of 2656	2248	cmd.exe	30
PID 2248 wrote to memory of 2656	2248	cmd.exe	30
PID 2248 wrote to memory of 2656	2248	cmd.exe	30
PID 2248 wrote to memory of 2656	2248	cmd.exe	30
PID 2248 wrote to memory of 2936	2248	cmd.exe	31
PID 2248 wrote to memory of 2936	2248	cmd.exe	31
PID 2248 wrote to memory of 2936	2248	cmd.exe	31
PID 2248 wrote to memory of 2936	2248	cmd.exe	31
PID 2248 wrote to memory of 2560	2248	cmd.exe	32
PID 2248 wrote to memory of 2560	2248	cmd.exe	32
PID 2248 wrote to memory of 2560	2248	cmd.exe	32
PID 2248 wrote to memory of 2560	2248	cmd.exe	32
PID 2248 wrote to memory of 2932	2248	cmd.exe	34
PID 2248 wrote to memory of 2932	2248	cmd.exe	34
PID 2248 wrote to memory of 2932	2248	cmd.exe	34
PID 2248 wrote to memory of 2932	2248	cmd.exe	34
PID 2248 wrote to memory of 2608	2248	cmd.exe	35
PID 2248 wrote to memory of 2608	2248	cmd.exe	35
PID 2248 wrote to memory of 2608	2248	cmd.exe	35
PID 2248 wrote to memory of 2608	2248	cmd.exe	35
PID 2248 wrote to memory of 2596	2248	cmd.exe	36
PID 2248 wrote to memory of 2596	2248	cmd.exe	36
PID 2248 wrote to memory of 2596	2248	cmd.exe	36
PID 2248 wrote to memory of 2596	2248	cmd.exe	36
PID 2248 wrote to memory of 2116	2248	cmd.exe	37
PID 2248 wrote to memory of 2116	2248	cmd.exe	37
PID 2248 wrote to memory of 2116	2248	cmd.exe	37
PID 2248 wrote to memory of 2116	2248	cmd.exe	37
PID 2248 wrote to memory of 2660	2248	cmd.exe	38
PID 2248 wrote to memory of 2660	2248	cmd.exe	38
PID 2248 wrote to memory of 2660	2248	cmd.exe	38
PID 2248 wrote to memory of 2660	2248	cmd.exe	38
PID 2248 wrote to memory of 2676	2248	cmd.exe	39
PID 2248 wrote to memory of 2676	2248	cmd.exe	39
PID 2248 wrote to memory of 2676	2248	cmd.exe	39
PID 2248 wrote to memory of 2676	2248	cmd.exe	39
PID 2248 wrote to memory of 2680	2248	cmd.exe	40
PID 2248 wrote to memory of 2680	2248	cmd.exe	40
PID 2248 wrote to memory of 2680	2248	cmd.exe	40
PID 2248 wrote to memory of 2680	2248	cmd.exe	40
PID 2248 wrote to memory of 2620	2248	cmd.exe	43
PID 2248 wrote to memory of 2620	2248	cmd.exe	43
PID 2248 wrote to memory of 2620	2248	cmd.exe	43
PID 2248 wrote to memory of 2620	2248	cmd.exe	43
PID 2248 wrote to memory of 2980	2248	cmd.exe	47
PID 2248 wrote to memory of 2980	2248	cmd.exe	47
PID 2248 wrote to memory of 2980	2248	cmd.exe	47
PID 2248 wrote to memory of 2980	2248	cmd.exe	47
PID 2248 wrote to memory of 2584	2248	cmd.exe	49
PID 2248 wrote to memory of 2584	2248	cmd.exe	49
PID 2248 wrote to memory of 2584	2248	cmd.exe	49
PID 2248 wrote to memory of 2584	2248	cmd.exe	49
PID 2248 wrote to memory of 2628	2248	cmd.exe	50
PID 2248 wrote to memory of 2628	2248	cmd.exe	50
PID 2248 wrote to memory of 2628	2248	cmd.exe	50
PID 2248 wrote to memory of 2628	2248	cmd.exe	50
PID 2248 wrote to memory of 2504	2248	cmd.exe	52
PID 2248 wrote to memory of 2504	2248	cmd.exe	52
PID 2248 wrote to memory of 2504	2248	cmd.exe	52
PID 2248 wrote to memory of 2504	2248	cmd.exe	52

C:\Users\Admin\AppData\Local\Temp\082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bt48888.bat "C:\Users\Admin\AppData\Local\Temp\082635ce6fc914a3ba378795f2e3fd72_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2656
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2936
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2560
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2932
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2608
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2116
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2660
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2620
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2980
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2584
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2628
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2504
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2508
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2640
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2524
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2540
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2892
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2868
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2880
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:632
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1628
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1560
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2032
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2972
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2280
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2352
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2416
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2284
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1420
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1408
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:560
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1016
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2952
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2104
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:548
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:852
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1784
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:800
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:920
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:564
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1460
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2216
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2984
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1820
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:568
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:884
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2076
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2552
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2260
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1000
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2724
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1364
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:380
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2152
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:756
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1264
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2208
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:952
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2376
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2392
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:1156
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3084
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3112
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3128
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3156
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3184
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3208
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3232
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3240
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3268
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3292
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3300
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3320
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3360
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3368
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3376
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3388
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3404
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3420
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3488
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3504
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3512
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3548
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3608
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3644
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3668
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3692
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3712
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3736
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3760
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3784
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3808
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3832
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3856
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3880
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3908
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3932
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3952
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3980
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4004
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4024
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4052
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4076
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:676
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3252
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3344
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3480
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3656
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3944
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4092
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:3872
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4112
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4128
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4156
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4184
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4208
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4232
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4256
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4276
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4304
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4328
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4352
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4376
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4400
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4420
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4444
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4468
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4480
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4508
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4544
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4552
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4592
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4616
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4640
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4664
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4688
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4696
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4712
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4728
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4744
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4788
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4820
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4832
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4848
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4880
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4888
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4920
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4936
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4944
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4980
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4996
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5040
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5052
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5068
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5096
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5112
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4176
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4388
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4456
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4608
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4724
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4860
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5024
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5080
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:4320
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5128
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5160
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5188
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5212
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5240
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5248
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5284
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5304
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5336
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5352
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5368
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5396
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5428
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5440
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5464
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5484
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5500
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5528
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5548
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5580
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5588
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5612
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5652
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5668
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5692
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5712
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5744
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5760
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5788
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5800
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5832
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5852
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5872
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5900
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5924
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5948
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5972
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5984
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6024
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6048
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6064
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6088
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6108
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6132
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5180
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5224
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5364
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5424
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2008
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5512
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5680
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5784
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5968
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6076
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6160
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6188
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6212
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6228
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6252
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6288
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6304
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6324
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6356
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6372
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6396
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6428
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6452
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6468
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6492
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6516
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6536
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6556
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6588
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6608
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6632
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6652
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6688
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6704
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6740
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6756
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6800
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6824
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6852
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6880
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6896
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6924
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6940
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6960
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6992
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7008
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7028
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7064
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7084
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7100
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7136
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7156
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:2144
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:5920
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6264
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6384
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6568
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6684
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6812
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:6920
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7112
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7188
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7208
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7236
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7268
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7280
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7308
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7336
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    PID:7356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bt48888.bat

Filesize
4KB

MD5
b20f9ca0092f42d76612063a67b45849

SHA1
57268612b18688af62108dc42d8424bddc5e55f3

SHA256
a735f2002b060eb5187bc370b19f6e05ca3824c894c6b38c0b26f106dba5b919

SHA512
bcf9fa7ac541c095eb7c2bdc6f0c405043da21b1c4ded818902597d94397d0af15d74b00dc46bdbef6664233e47dfada3b0c918f95d2fe73463989f2304dab25

Download Submit
memory/1924-3-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads