e5d306f12cec363fddeb5f5e3dd917bdabefabb26613d6fe615796c7c1c0df46

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
Size

20KB
MD5

15f4cb78e8affbfeb0456e7a5b5d8eb4
SHA1

ba4090d9de8ae25cd6a0a927c6bf32e80f74910b
SHA256

e5d306f12cec363fddeb5f5e3dd917bdabefabb26613d6fe615796c7c1c0df46
SHA512

ece7e059f147e6f96f2660254a38c86c11f53e591d84aa9f215823d70db439b630674f507095059507d5b387acd96162e0b70849346f7fb29f7bb89fc5278fdb
SSDEEP

192:6nlxv0lzcQRGXxCp1Iq/bh5QyfrziP1oyn:6lR05Ghyv/bhHfrzM1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 29 IoCs

pid	Process
2688	dllcache32.exe
2664	dllcache32.exe
2416	dllcache32.exe
2252	dllcache32.exe
2952	dllcache32.exe
2464	dllcache32.exe
2484	dllcache32.exe
2024	dllcache32.exe
2756	dllcache32.exe
640	dllcache32.exe
1568	dllcache32.exe
2144	dllcache32.exe
1624	dllcache32.exe
2380	dllcache32.exe
2476	dllcache32.exe
2208	dllcache32.exe
1280	dllcache32.exe
688	dllcache32.exe
2128	dllcache32.exe
792	dllcache32.exe
2068	dllcache32.exe
996	dllcache32.exe
1420	dllcache32.exe
2392	dllcache32.exe
328	dllcache32.exe
652	dllcache32.exe
2172	dllcache32.exe
452	dllcache32.exe
3028	dllcache32.exe

Loads dropped DLL 58 IoCs

pid	Process
1968	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
1968	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
2688	dllcache32.exe
2688	dllcache32.exe
2664	dllcache32.exe
2664	dllcache32.exe
2416	dllcache32.exe
2416	dllcache32.exe
2252	dllcache32.exe
2252	dllcache32.exe
2952	dllcache32.exe
2952	dllcache32.exe
2464	dllcache32.exe
2464	dllcache32.exe
2484	dllcache32.exe
2484	dllcache32.exe
2024	dllcache32.exe
2024	dllcache32.exe
2756	dllcache32.exe
2756	dllcache32.exe
640	dllcache32.exe
640	dllcache32.exe
1568	dllcache32.exe
1568	dllcache32.exe
2144	dllcache32.exe
2144	dllcache32.exe
1624	dllcache32.exe
1624	dllcache32.exe
2380	dllcache32.exe
2380	dllcache32.exe
2476	dllcache32.exe
2476	dllcache32.exe
2208	dllcache32.exe
2208	dllcache32.exe
1280	dllcache32.exe
1280	dllcache32.exe
688	dllcache32.exe
688	dllcache32.exe
2128	dllcache32.exe
2128	dllcache32.exe
792	dllcache32.exe
792	dllcache32.exe
2068	dllcache32.exe
2068	dllcache32.exe
996	dllcache32.exe
996	dllcache32.exe
1420	dllcache32.exe
1420	dllcache32.exe
2392	dllcache32.exe
2392	dllcache32.exe
328	dllcache32.exe
328	dllcache32.exe
652	dllcache32.exe
652	dllcache32.exe
2172	dllcache32.exe
2172	dllcache32.exe
452	dllcache32.exe
452	dllcache32.exe

Drops file in System32 directory 61 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File created	C:\Windows\SysWOW64\dllcache32.exe	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllrun32.ani	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe
File opened for modification	C:\Windows\SysWOW64\dllcache32.exe	dllcache32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2688	1968	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe	28
PID 1968 wrote to memory of 2688	1968	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe	28
PID 1968 wrote to memory of 2688	1968	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe	28
PID 1968 wrote to memory of 2688	1968	15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe	28
PID 2688 wrote to memory of 2664	2688	dllcache32.exe	29
PID 2688 wrote to memory of 2664	2688	dllcache32.exe	29
PID 2688 wrote to memory of 2664	2688	dllcache32.exe	29
PID 2688 wrote to memory of 2664	2688	dllcache32.exe	29
PID 2664 wrote to memory of 2416	2664	dllcache32.exe	30
PID 2664 wrote to memory of 2416	2664	dllcache32.exe	30
PID 2664 wrote to memory of 2416	2664	dllcache32.exe	30
PID 2664 wrote to memory of 2416	2664	dllcache32.exe	30
PID 2416 wrote to memory of 2252	2416	dllcache32.exe	31
PID 2416 wrote to memory of 2252	2416	dllcache32.exe	31
PID 2416 wrote to memory of 2252	2416	dllcache32.exe	31
PID 2416 wrote to memory of 2252	2416	dllcache32.exe	31
PID 2252 wrote to memory of 2952	2252	dllcache32.exe	32
PID 2252 wrote to memory of 2952	2252	dllcache32.exe	32
PID 2252 wrote to memory of 2952	2252	dllcache32.exe	32
PID 2252 wrote to memory of 2952	2252	dllcache32.exe	32
PID 2952 wrote to memory of 2464	2952	dllcache32.exe	33
PID 2952 wrote to memory of 2464	2952	dllcache32.exe	33
PID 2952 wrote to memory of 2464	2952	dllcache32.exe	33
PID 2952 wrote to memory of 2464	2952	dllcache32.exe	33
PID 2464 wrote to memory of 2484	2464	dllcache32.exe	34
PID 2464 wrote to memory of 2484	2464	dllcache32.exe	34
PID 2464 wrote to memory of 2484	2464	dllcache32.exe	34
PID 2464 wrote to memory of 2484	2464	dllcache32.exe	34
PID 2484 wrote to memory of 2024	2484	dllcache32.exe	35
PID 2484 wrote to memory of 2024	2484	dllcache32.exe	35
PID 2484 wrote to memory of 2024	2484	dllcache32.exe	35
PID 2484 wrote to memory of 2024	2484	dllcache32.exe	35
PID 2024 wrote to memory of 2756	2024	dllcache32.exe	38
PID 2024 wrote to memory of 2756	2024	dllcache32.exe	38
PID 2024 wrote to memory of 2756	2024	dllcache32.exe	38
PID 2024 wrote to memory of 2756	2024	dllcache32.exe	38
PID 2756 wrote to memory of 640	2756	dllcache32.exe	39
PID 2756 wrote to memory of 640	2756	dllcache32.exe	39
PID 2756 wrote to memory of 640	2756	dllcache32.exe	39
PID 2756 wrote to memory of 640	2756	dllcache32.exe	39
PID 640 wrote to memory of 1568	640	dllcache32.exe	40
PID 640 wrote to memory of 1568	640	dllcache32.exe	40
PID 640 wrote to memory of 1568	640	dllcache32.exe	40
PID 640 wrote to memory of 1568	640	dllcache32.exe	40
PID 1568 wrote to memory of 2144	1568	dllcache32.exe	41
PID 1568 wrote to memory of 2144	1568	dllcache32.exe	41
PID 1568 wrote to memory of 2144	1568	dllcache32.exe	41
PID 1568 wrote to memory of 2144	1568	dllcache32.exe	41
PID 2144 wrote to memory of 1624	2144	dllcache32.exe	42
PID 2144 wrote to memory of 1624	2144	dllcache32.exe	42
PID 2144 wrote to memory of 1624	2144	dllcache32.exe	42
PID 2144 wrote to memory of 1624	2144	dllcache32.exe	42
PID 1624 wrote to memory of 2380	1624	dllcache32.exe	43
PID 1624 wrote to memory of 2380	1624	dllcache32.exe	43
PID 1624 wrote to memory of 2380	1624	dllcache32.exe	43
PID 1624 wrote to memory of 2380	1624	dllcache32.exe	43
PID 2380 wrote to memory of 2476	2380	dllcache32.exe	44
PID 2380 wrote to memory of 2476	2380	dllcache32.exe	44
PID 2380 wrote to memory of 2476	2380	dllcache32.exe	44
PID 2380 wrote to memory of 2476	2380	dllcache32.exe	44
PID 2476 wrote to memory of 2208	2476	dllcache32.exe	45
PID 2476 wrote to memory of 2208	2476	dllcache32.exe	45
PID 2476 wrote to memory of 2208	2476	dllcache32.exe	45
PID 2476 wrote to memory of 2208	2476	dllcache32.exe	45

C:\Users\Admin\AppData\Local\Temp\15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\dllcache32.exe
  C:\Windows\system32\dllcache32.exe 144 "C:\Users\Admin\AppData\Local\Temp\15f4cb78e8affbfeb0456e7a5b5d8eb4_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Windows\SysWOW64\dllcache32.exe
    C:\Windows\system32\dllcache32.exe 140 "C:\Windows\SysWOW64\dllcache32.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Windows\SysWOW64\dllcache32.exe
      C:\Windows\system32\dllcache32.exe 148 "C:\Windows\SysWOW64\dllcache32.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2416
    - - C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 152 "C:\Windows\SysWOW64\dllcache32.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2252
      - C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 156 "C:\Windows\SysWOW64\dllcache32.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2952
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 160 "C:\Windows\SysWOW64\dllcache32.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 164 "C:\Windows\SysWOW64\dllcache32.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 168 "C:\Windows\SysWOW64\dllcache32.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2024
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 172 "C:\Windows\SysWOW64\dllcache32.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2756
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 176 "C:\Windows\SysWOW64\dllcache32.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:640
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 180 "C:\Windows\SysWOW64\dllcache32.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1568
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 184 "C:\Windows\SysWOW64\dllcache32.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2144
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 188 "C:\Windows\SysWOW64\dllcache32.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 192 "C:\Windows\SysWOW64\dllcache32.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2380
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 196 "C:\Windows\SysWOW64\dllcache32.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2476
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 200 "C:\Windows\SysWOW64\dllcache32.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2208
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 204 "C:\Windows\SysWOW64\dllcache32.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1280
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 208 "C:\Windows\SysWOW64\dllcache32.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:688
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 212 "C:\Windows\SysWOW64\dllcache32.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2128
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 216 "C:\Windows\SysWOW64\dllcache32.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:792
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 220 "C:\Windows\SysWOW64\dllcache32.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2068
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 224 "C:\Windows\SysWOW64\dllcache32.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:996
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 228 "C:\Windows\SysWOW64\dllcache32.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1420
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 232 "C:\Windows\SysWOW64\dllcache32.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2392
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 236 "C:\Windows\SysWOW64\dllcache32.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:328
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 240 "C:\Windows\SysWOW64\dllcache32.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:652
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 244 "C:\Windows\SysWOW64\dllcache32.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2172
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 248 "C:\Windows\SysWOW64\dllcache32.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:452
        
        C:\Windows\SysWOW64\dllcache32.exe
        
        C:\Windows\system32\dllcache32.exe 252 "C:\Windows\SysWOW64\dllcache32.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\dllcache32.exe

Filesize
20KB

MD5
15f4cb78e8affbfeb0456e7a5b5d8eb4

SHA1
ba4090d9de8ae25cd6a0a927c6bf32e80f74910b

SHA256
e5d306f12cec363fddeb5f5e3dd917bdabefabb26613d6fe615796c7c1c0df46

SHA512
ece7e059f147e6f96f2660254a38c86c11f53e591d84aa9f215823d70db439b630674f507095059507d5b387acd96162e0b70849346f7fb29f7bb89fc5278fdb

Download Submit
memory/1968-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/1968-4-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/1968-11-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2128-81-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/2128-82-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/2172-87-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2252-28-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2380-62-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2392-86-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2416-23-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2416-26-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2464-39-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2464-35-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2664-21-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2664-18-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2688-16-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2688-12-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2756-46-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads