Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
09/07/2024, 07:39
General
-
Target
2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe
-
Size
313KB
-
MD5
2f7f5560775949053f1e60fc602d52fc
-
SHA1
0079a814e1806cddf9a94f3cb66f8f6040dd0deb
-
SHA256
c50bc0ecfb7b78a952b0225bc3c616dacd83eb4626cef8aec8be08a3e1596171
-
SHA512
f19765d7e49e782bd43e44293d3ffcabc67f6dd4d069de3fdae78f04524ee5b20bf4aea1f428050db6eb0a4fc78cc24c1ab79fc71d2247286fcfb15522cde009
-
SSDEEP
6144:rdw2CsbZ5kp/Llj8aG8Rty29F0duOd028hfTQzAdvMqzMjm/ZpS:pw2CsbZ5kNR8aVRsE6duHTk4vMwMjm/u
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\yokmwxo.exeC:\Windows\system32\yokmwxo.exe 464 "C:\Users\Admin\AppData\Local\Temp\2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\yokmwxo.exe"C:\Windows\SysWOW64\yokmwxo.exe" 464 "C:\Users\Admin\AppData\Local\Temp\2f7f5560775949053f1e60fc602d52fc_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\dxahmdu.exeC:\Windows\system32\dxahmdu.exe 456 "C:\Windows\SysWOW64\yokmwxo.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\dxahmdu.exe"C:\Windows\SysWOW64\dxahmdu.exe" 456 "C:\Windows\SysWOW64\yokmwxo.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\hnxuijy.exeC:\Windows\system32\hnxuijy.exe 452 "C:\Windows\SysWOW64\dxahmdu.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\hnxuijy.exe"C:\Windows\SysWOW64\hnxuijy.exe" 452 "C:\Windows\SysWOW64\dxahmdu.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msqcbsk.exeC:\Windows\system32\msqcbsk.exe 452 "C:\Windows\SysWOW64\hnxuijy.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msqcbsk.exe"C:\Windows\SysWOW64\msqcbsk.exe" 452 "C:\Windows\SysWOW64\hnxuijy.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tamcniu.exeC:\Windows\system32\tamcniu.exe 452 "C:\Windows\SysWOW64\msqcbsk.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tamcniu.exe"C:\Windows\SysWOW64\tamcniu.exe" 452 "C:\Windows\SysWOW64\msqcbsk.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\evfmdcv.exeC:\Windows\system32\evfmdcv.exe 452 "C:\Windows\SysWOW64\tamcniu.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\evfmdcv.exe"C:\Windows\SysWOW64\evfmdcv.exe" 452 "C:\Windows\SysWOW64\tamcniu.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\jiyuomz.exeC:\Windows\system32\jiyuomz.exe 452 "C:\Windows\SysWOW64\evfmdcv.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\jiyuomz.exe"C:\Windows\SysWOW64\jiyuomz.exe" 452 "C:\Windows\SysWOW64\evfmdcv.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wzbxxmf.exeC:\Windows\system32\wzbxxmf.exe 528 "C:\Windows\SysWOW64\jiyuomz.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wzbxxmf.exe"C:\Windows\SysWOW64\wzbxxmf.exe" 528 "C:\Windows\SysWOW64\jiyuomz.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\dgoprko.exeC:\Windows\system32\dgoprko.exe 452 "C:\Windows\SysWOW64\wzbxxmf.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dgoprko.exe"C:\Windows\SysWOW64\dgoprko.exe" 452 "C:\Windows\SysWOW64\wzbxxmf.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\kznuodx.exeC:\Windows\system32\kznuodx.exe 464 "C:\Windows\SysWOW64\dgoprko.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\kznuodx.exe"C:\Windows\SysWOW64\kznuodx.exe" 464 "C:\Windows\SysWOW64\dgoprko.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\uzzzyce.exeC:\Windows\system32\uzzzyce.exe 484 "C:\Windows\SysWOW64\kznuodx.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uzzzyce.exe"C:\Windows\SysWOW64\uzzzyce.exe" 484 "C:\Windows\SysWOW64\kznuodx.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\fuskgxf.exeC:\Windows\system32\fuskgxf.exe 536 "C:\Windows\SysWOW64\uzzzyce.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\fuskgxf.exe"C:\Windows\SysWOW64\fuskgxf.exe" 536 "C:\Windows\SysWOW64\uzzzyce.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\rwgzsbj.exeC:\Windows\system32\rwgzsbj.exe 532 "C:\Windows\SysWOW64\fuskgxf.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\rwgzsbj.exe"C:\Windows\SysWOW64\rwgzsbj.exe" 532 "C:\Windows\SysWOW64\fuskgxf.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\enbcajp.exeC:\Windows\system32\enbcajp.exe 528 "C:\Windows\SysWOW64\rwgzsbj.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\enbcajp.exe"C:\Windows\SysWOW64\enbcajp.exe" 528 "C:\Windows\SysWOW64\rwgzsbj.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\rdwfrru.exeC:\Windows\system32\rdwfrru.exe 536 "C:\Windows\SysWOW64\enbcajp.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\rdwfrru.exe"C:\Windows\SysWOW64\rdwfrru.exe" 536 "C:\Windows\SysWOW64\enbcajp.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\efcncwz.exeC:\Windows\system32\efcncwz.exe 536 "C:\Windows\SysWOW64\rdwfrru.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\efcncwz.exe"C:\Windows\SysWOW64\efcncwz.exe" 536 "C:\Windows\SysWOW64\rdwfrru.exe"34⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\oeoknvg.exeC:\Windows\system32\oeoknvg.exe 532 "C:\Windows\SysWOW64\efcncwz.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\oeoknvg.exe"C:\Windows\SysWOW64\oeoknvg.exe" 532 "C:\Windows\SysWOW64\efcncwz.exe"36⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\bdjnvdm.exeC:\Windows\system32\bdjnvdm.exe 528 "C:\Windows\SysWOW64\oeoknvg.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\bdjnvdm.exe"C:\Windows\SysWOW64\bdjnvdm.exe" 528 "C:\Windows\SysWOW64\oeoknvg.exe"38⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\otepelj.exeC:\Windows\system32\otepelj.exe 528 "C:\Windows\SysWOW64\bdjnvdm.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\otepelj.exe"C:\Windows\SysWOW64\otepelj.exe" 528 "C:\Windows\SysWOW64\bdjnvdm.exe"40⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\xhencsx.exeC:\Windows\system32\xhencsx.exe 536 "C:\Windows\SysWOW64\otepelj.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\xhencsx.exe"C:\Windows\SysWOW64\xhencsx.exe" 536 "C:\Windows\SysWOW64\otepelj.exe"42⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\kyhpktc.exeC:\Windows\system32\kyhpktc.exe 544 "C:\Windows\SysWOW64\xhencsx.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\kyhpktc.exe"C:\Windows\SysWOW64\kyhpktc.exe" 544 "C:\Windows\SysWOW64\xhencsx.exe"44⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\ylrfqwb.exeC:\Windows\system32\ylrfqwb.exe 528 "C:\Windows\SysWOW64\kyhpktc.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ylrfqwb.exe"C:\Windows\SysWOW64\ylrfqwb.exe" 528 "C:\Windows\SysWOW64\kyhpktc.exe"46⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\hzrcgeo.exeC:\Windows\system32\hzrcgeo.exe 532 "C:\Windows\SysWOW64\ylrfqwb.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hzrcgeo.exe"C:\Windows\SysWOW64\hzrcgeo.exe" 532 "C:\Windows\SysWOW64\ylrfqwb.exe"48⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\uxmfpeu.exeC:\Windows\system32\uxmfpeu.exe 532 "C:\Windows\SysWOW64\hzrcgeo.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uxmfpeu.exe"C:\Windows\SysWOW64\uxmfpeu.exe" 532 "C:\Windows\SysWOW64\hzrcgeo.exe"50⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\hkevvis.exeC:\Windows\system32\hkevvis.exe 536 "C:\Windows\SysWOW64\uxmfpeu.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hkevvis.exe"C:\Windows\SysWOW64\hkevvis.exe" 536 "C:\Windows\SysWOW64\uxmfpeu.exe"52⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\ryektpf.exeC:\Windows\system32\ryektpf.exe 536 "C:\Windows\SysWOW64\hkevvis.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ryektpf.exe"C:\Windows\SysWOW64\ryektpf.exe" 536 "C:\Windows\SysWOW64\hkevvis.exe"54⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\eloiyte.exeC:\Windows\system32\eloiyte.exe 532 "C:\Windows\SysWOW64\ryektpf.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\eloiyte.exe"C:\Windows\SysWOW64\eloiyte.exe" 532 "C:\Windows\SysWOW64\ryektpf.exe"56⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\oolsmwl.exeC:\Windows\system32\oolsmwl.exe 536 "C:\Windows\SysWOW64\eloiyte.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\oolsmwl.exe"C:\Windows\SysWOW64\oolsmwl.exe" 536 "C:\Windows\SysWOW64\eloiyte.exe"58⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\tbvirsj.exeC:\Windows\system32\tbvirsj.exe 536 "C:\Windows\SysWOW64\oolsmwl.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\tbvirsj.exe"C:\Windows\SysWOW64\tbvirsj.exe" 536 "C:\Windows\SysWOW64\oolsmwl.exe"60⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\dmksnvy.exeC:\Windows\system32\dmksnvy.exe 540 "C:\Windows\SysWOW64\tbvirsj.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\dmksnvy.exe"C:\Windows\SysWOW64\dmksnvy.exe" 540 "C:\Windows\SysWOW64\tbvirsj.exe"62⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\qzcitzw.exeC:\Windows\system32\qzcitzw.exe 540 "C:\Windows\SysWOW64\dmksnvy.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\qzcitzw.exe"C:\Windows\SysWOW64\qzcitzw.exe" 540 "C:\Windows\SysWOW64\dmksnvy.exe"64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ancyjgj.exeC:\Windows\system32\ancyjgj.exe 536 "C:\Windows\SysWOW64\qzcitzw.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ancyjgj.exe"C:\Windows\SysWOW64\ancyjgj.exe" 536 "C:\Windows\SysWOW64\qzcitzw.exe"66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ndxarhh.exeC:\Windows\system32\ndxarhh.exe 532 "C:\Windows\SysWOW64\ancyjgj.exe"67⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ndxarhh.exe"C:\Windows\SysWOW64\ndxarhh.exe" 532 "C:\Windows\SysWOW64\ancyjgj.exe"68⤵
-
C:\Windows\SysWOW64\xzythjq.exeC:\Windows\system32\xzythjq.exe 536 "C:\Windows\SysWOW64\ndxarhh.exe"69⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\xzythjq.exe"C:\Windows\SysWOW64\xzythjq.exe" 536 "C:\Windows\SysWOW64\ndxarhh.exe"70⤵
-
C:\Windows\SysWOW64\hjnduew.exeC:\Windows\system32\hjnduew.exe 532 "C:\Windows\SysWOW64\xzythjq.exe"71⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hjnduew.exe"C:\Windows\SysWOW64\hjnduew.exe" 532 "C:\Windows\SysWOW64\xzythjq.exe"72⤵
-
C:\Windows\SysWOW64\rjraede.exeC:\Windows\system32\rjraede.exe 544 "C:\Windows\SysWOW64\hjnduew.exe"73⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\rjraede.exe"C:\Windows\SysWOW64\rjraede.exe" 544 "C:\Windows\SysWOW64\hjnduew.exe"74⤵
-
C:\Windows\SysWOW64\hqlilvz.exeC:\Windows\system32\hqlilvz.exe 540 "C:\Windows\SysWOW64\rjraede.exe"75⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hqlilvz.exe"C:\Windows\SysWOW64\hqlilvz.exe" 540 "C:\Windows\SysWOW64\rjraede.exe"76⤵
-
C:\Windows\SysWOW64\rbalgyo.exeC:\Windows\system32\rbalgyo.exe 532 "C:\Windows\SysWOW64\hqlilvz.exe"77⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\rbalgyo.exe"C:\Windows\SysWOW64\rbalgyo.exe" 532 "C:\Windows\SysWOW64\hqlilvz.exe"78⤵
-
C:\Windows\SysWOW64\eokjmum.exeC:\Windows\system32\eokjmum.exe 536 "C:\Windows\SysWOW64\rbalgyo.exe"79⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\eokjmum.exe"C:\Windows\SysWOW64\eokjmum.exe" 536 "C:\Windows\SysWOW64\rbalgyo.exe"80⤵
-
C:\Windows\SysWOW64\ozhtzxt.exeC:\Windows\system32\ozhtzxt.exe 540 "C:\Windows\SysWOW64\eokjmum.exe"81⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ozhtzxt.exe"C:\Windows\SysWOW64\ozhtzxt.exe" 540 "C:\Windows\SysWOW64\eokjmum.exe"82⤵
-
C:\Windows\SysWOW64\atnbljx.exeC:\Windows\system32\atnbljx.exe 544 "C:\Windows\SysWOW64\ozhtzxt.exe"83⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\atnbljx.exe"C:\Windows\SysWOW64\atnbljx.exe" 544 "C:\Windows\SysWOW64\ozhtzxt.exe"84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ogxqrnw.exeC:\Windows\system32\ogxqrnw.exe 540 "C:\Windows\SysWOW64\atnbljx.exe"85⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ogxqrnw.exe"C:\Windows\SysWOW64\ogxqrnw.exe" 540 "C:\Windows\SysWOW64\atnbljx.exe"86⤵
-
C:\Windows\SysWOW64\yqmbmik.exeC:\Windows\system32\yqmbmik.exe 548 "C:\Windows\SysWOW64\ogxqrnw.exe"87⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\yqmbmik.exe"C:\Windows\SysWOW64\yqmbmik.exe" 548 "C:\Windows\SysWOW64\ogxqrnw.exe"88⤵
-
C:\Windows\SysWOW64\htklzlq.exeC:\Windows\system32\htklzlq.exe 540 "C:\Windows\SysWOW64\yqmbmik.exe"89⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\htklzlq.exe"C:\Windows\SysWOW64\htklzlq.exe" 540 "C:\Windows\SysWOW64\yqmbmik.exe"90⤵
-
C:\Windows\SysWOW64\ureoitw.exeC:\Windows\system32\ureoitw.exe 528 "C:\Windows\SysWOW64\htklzlq.exe"91⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ureoitw.exe"C:\Windows\SysWOW64\ureoitw.exe" 528 "C:\Windows\SysWOW64\htklzlq.exe"92⤵
-
C:\Windows\SysWOW64\hizqqcb.exeC:\Windows\system32\hizqqcb.exe 528 "C:\Windows\SysWOW64\ureoitw.exe"93⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hizqqcb.exe"C:\Windows\SysWOW64\hizqqcb.exe" 528 "C:\Windows\SysWOW64\ureoitw.exe"94⤵
-
C:\Windows\SysWOW64\ugctzcz.exeC:\Windows\system32\ugctzcz.exe 528 "C:\Windows\SysWOW64\hizqqcb.exe"95⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ugctzcz.exe"C:\Windows\SysWOW64\ugctzcz.exe" 528 "C:\Windows\SysWOW64\hizqqcb.exe"96⤵
-
C:\Windows\SysWOW64\ejreufn.exeC:\Windows\system32\ejreufn.exe 536 "C:\Windows\SysWOW64\ugctzcz.exe"97⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ejreufn.exe"C:\Windows\SysWOW64\ejreufn.exe" 536 "C:\Windows\SysWOW64\ugctzcz.exe"98⤵
-
C:\Windows\SysWOW64\rlxtgrs.exeC:\Windows\system32\rlxtgrs.exe 536 "C:\Windows\SysWOW64\ejreufn.exe"99⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\rlxtgrs.exe"C:\Windows\SysWOW64\rlxtgrs.exe" 536 "C:\Windows\SysWOW64\ejreufn.exe"100⤵
-
C:\Windows\SysWOW64\bkcrqqz.exeC:\Windows\system32\bkcrqqz.exe 548 "C:\Windows\SysWOW64\rlxtgrs.exe"101⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\bkcrqqz.exe"C:\Windows\SysWOW64\bkcrqqz.exe" 548 "C:\Windows\SysWOW64\rlxtgrs.exe"102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\rokmuvw.exeC:\Windows\system32\rokmuvw.exe 536 "C:\Windows\SysWOW64\bkcrqqz.exe"103⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\rokmuvw.exe"C:\Windows\SysWOW64\rokmuvw.exe" 536 "C:\Windows\SysWOW64\bkcrqqz.exe"104⤵
-
C:\Windows\SysWOW64\ackbkdb.exeC:\Windows\system32\ackbkdb.exe 544 "C:\Windows\SysWOW64\rokmuvw.exe"105⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\ackbkdb.exe"C:\Windows\SysWOW64\ackbkdb.exe" 544 "C:\Windows\SysWOW64\rokmuvw.exe"106⤵
-
C:\Windows\SysWOW64\nbfetlh.exeC:\Windows\system32\nbfetlh.exe 536 "C:\Windows\SysWOW64\ackbkdb.exe"107⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\nbfetlh.exe"C:\Windows\SysWOW64\nbfetlh.exe" 536 "C:\Windows\SysWOW64\ackbkdb.exe"108⤵
-
C:\Windows\SysWOW64\boptghf.exeC:\Windows\system32\boptghf.exe 544 "C:\Windows\SysWOW64\nbfetlh.exe"109⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\boptghf.exe"C:\Windows\SysWOW64\boptghf.exe" 544 "C:\Windows\SysWOW64\nbfetlh.exe"110⤵
-
C:\Windows\SysWOW64\krmeuku.exeC:\Windows\system32\krmeuku.exe 536 "C:\Windows\SysWOW64\boptghf.exe"111⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\krmeuku.exe"C:\Windows\SysWOW64\krmeuku.exe" 536 "C:\Windows\SysWOW64\boptghf.exe"112⤵
-
C:\Windows\SysWOW64\xphgcsr.exeC:\Windows\system32\xphgcsr.exe 528 "C:\Windows\SysWOW64\krmeuku.exe"113⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\xphgcsr.exe"C:\Windows\SysWOW64\xphgcsr.exe" 528 "C:\Windows\SysWOW64\krmeuku.exe"114⤵
-
C:\Windows\SysWOW64\kjnwoee.exeC:\Windows\system32\kjnwoee.exe 540 "C:\Windows\SysWOW64\xphgcsr.exe"115⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\kjnwoee.exe"C:\Windows\SysWOW64\kjnwoee.exe" 540 "C:\Windows\SysWOW64\xphgcsr.exe"116⤵
-
C:\Windows\SysWOW64\uqruydd.exeC:\Windows\system32\uqruydd.exe 540 "C:\Windows\SysWOW64\kjnwoee.exe"117⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\uqruydd.exe"C:\Windows\SysWOW64\uqruydd.exe" 540 "C:\Windows\SysWOW64\kjnwoee.exe"118⤵
-
C:\Windows\SysWOW64\hkfjriq.exeC:\Windows\system32\hkfjriq.exe 528 "C:\Windows\SysWOW64\uqruydd.exe"119⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\hkfjriq.exe"C:\Windows\SysWOW64\hkfjriq.exe" 528 "C:\Windows\SysWOW64\uqruydd.exe"120⤵
-
C:\Windows\SysWOW64\rjjhchp.exeC:\Windows\system32\rjjhchp.exe 540 "C:\Windows\SysWOW64\hkfjriq.exe"121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-