Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
27/06/2024, 15:33
General
-
Target
1689a54427678b399b657ba64b00a4e0_JaffaCakes118.exe
-
Size
160KB
-
MD5
1689a54427678b399b657ba64b00a4e0
-
SHA1
86f701b0d22fabef728209cde970ea3037d16d9f
-
SHA256
2afdb052c7b5a56cc3f08aec6bd0e1f804a5159632b90f4f2f78c37e58982869
-
SHA512
2bed0c46da035205e77ba75818fa2c5fb04018c4031c31518c087912d3cda454371e19a45b492aea982585e8e803f89fcb27f04d47a35b4d4e58ead385e3fc9a
-
SSDEEP
3072:+a8P4alsc4+pfxWN6uc0xBMMA9zyhNu0qCrv:+a8P4al5rujxBMScNCj
Score
8/10
Malware Config
Signatures
-
Sets file to hidden 1 TTPs 47 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 47 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Runs ping.exe 1 TTPs 48 IoCs
-
Suspicious use of SetWindowsHookEx 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 47 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1689a54427678b399b657ba64b00a4e0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1689a54427678b399b657ba64b00a4e0_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat2⤵
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.13⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.15⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"5⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat6⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.17⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"7⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat8⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.19⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"9⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat10⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.111⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"11⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat12⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.113⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"13⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat14⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.115⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"15⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"15⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat16⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.117⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"17⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat18⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.119⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"19⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"19⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat20⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.121⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"21⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat22⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.123⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"23⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat24⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.125⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"25⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"25⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat26⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.127⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"27⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat28⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.129⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"29⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"29⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat30⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.131⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"31⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"31⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat32⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.133⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"33⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"33⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat34⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.135⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"35⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat36⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.137⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"37⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"37⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat38⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.139⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"39⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"39⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat40⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.141⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"41⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"41⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat42⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.143⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"43⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"43⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat44⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.145⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"45⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat46⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.147⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"47⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat48⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.149⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"49⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"49⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat50⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.151⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"51⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"51⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat52⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.153⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"53⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat54⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.155⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"55⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"55⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat56⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.157⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"57⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"57⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat58⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.159⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"59⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"59⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat60⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.161⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"61⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"61⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat62⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.163⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"63⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"63⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat64⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.165⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"65⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"65⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat66⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.167⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"67⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"67⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat68⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.169⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"69⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"69⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat70⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.171⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"71⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"71⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat72⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.173⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"73⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"73⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat74⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.175⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"75⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"75⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat76⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.177⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"77⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"77⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat78⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.179⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"79⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"79⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat80⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.181⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"81⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"81⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat82⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.183⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"83⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"83⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat84⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.185⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"85⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"85⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat86⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.187⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"87⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"87⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat88⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.189⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"89⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"89⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat90⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.191⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"91⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"91⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat92⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.193⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"93⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"93⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat94⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.195⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h "C:\Windows\system32\IEXPL0RE.exe"95⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\IEXPL0RE.exe"C:\Windows\system32\IEXPL0RE.exe"95⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\705.5475.bat96⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.197⤵
- Runs ping.exe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
340B
MD51581043c31a2e6d8a50eb62285e1d4bc
SHA1510a0b174249d1da45047c4fe91efade903d56da
SHA256edd8e608a5edd7b56fbde707128b87c7fa0b04d9f8f38defc07d38022ef44721
SHA51208cb361fe8d3e1d25338c8ed181d03a176b0c9bf8ed1a909c337b55c2b6142723bb64d0f221ae56f48f0d3201e82e0420dea2492a134df2e6daccf80f9c32ee6
-
Filesize
236B
MD575f2ef66c2d769d2775f09638b443e49
SHA1cd8f3caac6802a6cb70784ec948771e4cff42c1a
SHA25641628e165e03a53f057fd1e88524ee47e43c9dc52b51d65db39cfc759d59a9af
SHA5122c9df606e851133dbec4f408b3b811297fc76117836644d9abf0cb338bea69de1bc926e679dff4886bd459235e073c49e3b968281145e0b33a26e755d8993078
-
Filesize
160KB
MD51689a54427678b399b657ba64b00a4e0
SHA186f701b0d22fabef728209cde970ea3037d16d9f
SHA2562afdb052c7b5a56cc3f08aec6bd0e1f804a5159632b90f4f2f78c37e58982869
SHA5122bed0c46da035205e77ba75818fa2c5fb04018c4031c31518c087912d3cda454371e19a45b492aea982585e8e803f89fcb27f04d47a35b4d4e58ead385e3fc9a