Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 16:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe
-
Size
48KB
-
MD5
46a0b724e29afa9aec3b6f68aa634cd0
-
SHA1
eda78ed5e70f1555ee93a8f1f5034daf71738231
-
SHA256
35bd0dc4d8499b161761c8e21c317be00c10c659546721d66cafdd3bd2211dc7
-
SHA512
a99a216a58aad307057276276658813dbe94c9bd004d9ab7fdfa46d2ddcce43fb1b52c733d783215bd8aa488fa9ea022ea5e97f4975d36dac81bfb093588b211
-
SSDEEP
768:V98vr9CUFScrAY1Ak02Ztpk/rkoZdKikBPw8lMO90tYbJfY02UXNORE:V909icrN1AkZZtpfofK1PlhxbZY02m7
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 2816 msn32.exe 2592 msn32.exe 2876 msn32.exe 2612 msn32.exe 2588 msn32.exe 2648 msn32.exe 2172 msn32.exe 1032 msn32.exe 2888 msn32.exe 2624 msn32.exe 2232 msn32.exe 272 msn32.exe 2336 msn32.exe 1988 msn32.exe 1920 msn32.exe 1304 msn32.exe 1688 msn32.exe 1276 msn32.exe 2044 msn32.exe 780 msn32.exe 1960 msn32.exe 2212 msn32.exe 2948 msn32.exe 1820 msn32.exe 324 msn32.exe 2408 msn32.exe 1732 msn32.exe 964 msn32.exe 1336 msn32.exe 1956 msn32.exe 1980 msn32.exe 840 msn32.exe 700 msn32.exe 2468 msn32.exe 1772 msn32.exe 2892 msn32.exe 2560 msn32.exe 2372 msn32.exe 888 msn32.exe 556 msn32.exe 2980 msn32.exe 2680 msn32.exe 2840 msn32.exe 2416 msn32.exe 2704 msn32.exe 2876 msn32.exe 2812 msn32.exe 2712 msn32.exe 2328 msn32.exe 3004 msn32.exe 2856 msn32.exe 2848 msn32.exe 2192 msn32.exe 1564 msn32.exe 1044 msn32.exe 2108 msn32.exe 3016 msn32.exe 2596 msn32.exe 2456 msn32.exe 2052 msn32.exe 1892 msn32.exe 1448 msn32.exe 1332 msn32.exe -
Loads dropped DLL 64 IoCs
pid Process 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 2816 msn32.exe 2592 msn32.exe 2592 msn32.exe 2876 msn32.exe 2612 msn32.exe 2612 msn32.exe 2588 msn32.exe 2648 msn32.exe 2648 msn32.exe 2172 msn32.exe 1032 msn32.exe 1032 msn32.exe 2888 msn32.exe 2624 msn32.exe 2624 msn32.exe 2232 msn32.exe 272 msn32.exe 272 msn32.exe 2336 msn32.exe 1988 msn32.exe 1988 msn32.exe 1920 msn32.exe 1304 msn32.exe 1304 msn32.exe 1688 msn32.exe 1276 msn32.exe 1276 msn32.exe 2044 msn32.exe 780 msn32.exe 780 msn32.exe 1960 msn32.exe 2212 msn32.exe 2212 msn32.exe 2948 msn32.exe 1820 msn32.exe 1820 msn32.exe 324 msn32.exe 2408 msn32.exe 2408 msn32.exe 1732 msn32.exe 964 msn32.exe 964 msn32.exe 1956 msn32.exe 1956 msn32.exe 840 msn32.exe 840 msn32.exe 2468 msn32.exe 2468 msn32.exe 2892 msn32.exe 2892 msn32.exe 2372 msn32.exe 2372 msn32.exe 556 msn32.exe 556 msn32.exe 2680 msn32.exe 2680 msn32.exe 2416 msn32.exe 2416 msn32.exe 2876 msn32.exe 2876 msn32.exe 2712 msn32.exe -
resource yara_rule behavioral1/memory/2244-11-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2244-9-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2612-48-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1032-76-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1032-77-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2624-96-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1032-82-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2648-64-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2648-63-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2648-62-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2592-36-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2592-31-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2592-30-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2244-8-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2244-7-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/272-105-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/272-111-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1988-125-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1304-139-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1276-148-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1276-155-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/780-162-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2212-183-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/780-169-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1820-196-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2408-205-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/964-214-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1956-223-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/840-232-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2468-241-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2372-259-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2892-250-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2680-274-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2680-278-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/556-268-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2416-287-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2712-305-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2876-294-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/3004-312-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/3004-315-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2848-323-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1564-333-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2596-351-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2108-342-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1448-369-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2052-360-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2104-378-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1920-385-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/668-396-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2028-403-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2044-414-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2460-423-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2948-432-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/304-441-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/836-451-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1756-460-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1708-467-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1644-476-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/1768-487-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/3028-503-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2784-523-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2988-514-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/912-496-0x0000000000400000-0x000000000044B000-memory.dmp upx behavioral1/memory/2724-530-0x0000000000400000-0x000000000044B000-memory.dmp upx -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe msn32.exe File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File created C:\Windows\SysWOW64\msn32.exe Process not Found File opened for modification C:\Windows\SysWOW64\msn32.exe Process not Found -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 588 set thread context of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 2816 set thread context of 2592 2816 msn32.exe 32 PID 2876 set thread context of 2612 2876 msn32.exe 34 PID 2588 set thread context of 2648 2588 msn32.exe 36 PID 2172 set thread context of 1032 2172 msn32.exe 38 PID 2888 set thread context of 2624 2888 msn32.exe 40 PID 2232 set thread context of 272 2232 msn32.exe 42 PID 2336 set thread context of 1988 2336 msn32.exe 44 PID 1920 set thread context of 1304 1920 msn32.exe 46 PID 1688 set thread context of 1276 1688 msn32.exe 48 PID 2044 set thread context of 780 2044 msn32.exe 50 PID 1960 set thread context of 2212 1960 msn32.exe 52 PID 2948 set thread context of 1820 2948 msn32.exe 54 PID 324 set thread context of 2408 324 msn32.exe 56 PID 1732 set thread context of 964 1732 msn32.exe 58 PID 1336 set thread context of 1956 1336 msn32.exe 60 PID 1980 set thread context of 840 1980 msn32.exe 62 PID 700 set thread context of 2468 700 msn32.exe 64 PID 1772 set thread context of 2892 1772 msn32.exe 66 PID 2560 set thread context of 2372 2560 msn32.exe 68 PID 888 set thread context of 556 888 msn32.exe 70 PID 2980 set thread context of 2680 2980 msn32.exe 72 PID 2840 set thread context of 2416 2840 msn32.exe 74 PID 2704 set thread context of 2876 2704 msn32.exe 76 PID 2812 set thread context of 2712 2812 msn32.exe 78 PID 2328 set thread context of 3004 2328 msn32.exe 80 PID 2856 set thread context of 2848 2856 msn32.exe 82 PID 2192 set thread context of 1564 2192 msn32.exe 84 PID 1044 set thread context of 2108 1044 msn32.exe 86 PID 3016 set thread context of 2596 3016 msn32.exe 88 PID 2456 set thread context of 2052 2456 msn32.exe 90 PID 1892 set thread context of 1448 1892 msn32.exe 92 PID 1332 set thread context of 2104 1332 msn32.exe 94 PID 2348 set thread context of 1920 2348 msn32.exe 96 PID 2032 set thread context of 668 2032 msn32.exe 98 PID 1520 set thread context of 2028 1520 msn32.exe 100 PID 348 set thread context of 2044 348 msn32.exe 102 PID 2168 set thread context of 2460 2168 msn32.exe 104 PID 1504 set thread context of 2948 1504 msn32.exe 106 PID 684 set thread context of 304 684 msn32.exe 108 PID 2420 set thread context of 836 2420 msn32.exe 110 PID 316 set thread context of 1756 316 msn32.exe 112 PID 2068 set thread context of 1708 2068 msn32.exe 114 PID 1984 set thread context of 1644 1984 msn32.exe 116 PID 3032 set thread context of 1768 3032 msn32.exe 118 PID 1728 set thread context of 912 1728 msn32.exe 120 PID 888 set thread context of 3028 888 msn32.exe 122 PID 1656 set thread context of 2988 1656 msn32.exe 124 PID 2716 set thread context of 2784 2716 msn32.exe 126 PID 2932 set thread context of 2724 2932 msn32.exe 128 PID 1536 set thread context of 2780 1536 msn32.exe 130 PID 2692 set thread context of 3044 2692 msn32.exe 132 PID 2264 set thread context of 652 2264 msn32.exe 134 PID 2888 set thread context of 2444 2888 msn32.exe 136 PID 1044 set thread context of 2908 1044 msn32.exe 138 PID 2600 set thread context of 2884 2600 msn32.exe 140 PID 1280 set thread context of 2132 1280 msn32.exe 142 PID 1908 set thread context of 1036 1908 msn32.exe 144 PID 2112 set thread context of 1952 2112 msn32.exe 146 PID 2832 set thread context of 1992 2832 msn32.exe 148 PID 860 set thread context of 2032 860 msn32.exe 150 PID 1904 set thread context of 772 1904 msn32.exe 152 PID 1960 set thread context of 2952 1960 msn32.exe 154 PID 2276 set thread context of 2436 2276 msn32.exe 156 -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 588 wrote to memory of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 588 wrote to memory of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 588 wrote to memory of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 588 wrote to memory of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 588 wrote to memory of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 588 wrote to memory of 2244 588 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 30 PID 2244 wrote to memory of 2816 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 31 PID 2244 wrote to memory of 2816 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 31 PID 2244 wrote to memory of 2816 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 31 PID 2244 wrote to memory of 2816 2244 46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe 31 PID 2816 wrote to memory of 2592 2816 msn32.exe 32 PID 2816 wrote to memory of 2592 2816 msn32.exe 32 PID 2816 wrote to memory of 2592 2816 msn32.exe 32 PID 2816 wrote to memory of 2592 2816 msn32.exe 32 PID 2816 wrote to memory of 2592 2816 msn32.exe 32 PID 2816 wrote to memory of 2592 2816 msn32.exe 32 PID 2592 wrote to memory of 2876 2592 msn32.exe 33 PID 2592 wrote to memory of 2876 2592 msn32.exe 33 PID 2592 wrote to memory of 2876 2592 msn32.exe 33 PID 2592 wrote to memory of 2876 2592 msn32.exe 33 PID 2876 wrote to memory of 2612 2876 msn32.exe 34 PID 2876 wrote to memory of 2612 2876 msn32.exe 34 PID 2876 wrote to memory of 2612 2876 msn32.exe 34 PID 2876 wrote to memory of 2612 2876 msn32.exe 34 PID 2876 wrote to memory of 2612 2876 msn32.exe 34 PID 2876 wrote to memory of 2612 2876 msn32.exe 34 PID 2612 wrote to memory of 2588 2612 msn32.exe 35 PID 2612 wrote to memory of 2588 2612 msn32.exe 35 PID 2612 wrote to memory of 2588 2612 msn32.exe 35 PID 2612 wrote to memory of 2588 2612 msn32.exe 35 PID 2588 wrote to memory of 2648 2588 msn32.exe 36 PID 2588 wrote to memory of 2648 2588 msn32.exe 36 PID 2588 wrote to memory of 2648 2588 msn32.exe 36 PID 2588 wrote to memory of 2648 2588 msn32.exe 36 PID 2588 wrote to memory of 2648 2588 msn32.exe 36 PID 2588 wrote to memory of 2648 2588 msn32.exe 36 PID 2648 wrote to memory of 2172 2648 msn32.exe 37 PID 2648 wrote to memory of 2172 2648 msn32.exe 37 PID 2648 wrote to memory of 2172 2648 msn32.exe 37 PID 2648 wrote to memory of 2172 2648 msn32.exe 37 PID 2172 wrote to memory of 1032 2172 msn32.exe 38 PID 2172 wrote to memory of 1032 2172 msn32.exe 38 PID 2172 wrote to memory of 1032 2172 msn32.exe 38 PID 2172 wrote to memory of 1032 2172 msn32.exe 38 PID 2172 wrote to memory of 1032 2172 msn32.exe 38 PID 2172 wrote to memory of 1032 2172 msn32.exe 38 PID 1032 wrote to memory of 2888 1032 msn32.exe 39 PID 1032 wrote to memory of 2888 1032 msn32.exe 39 PID 1032 wrote to memory of 2888 1032 msn32.exe 39 PID 1032 wrote to memory of 2888 1032 msn32.exe 39 PID 2888 wrote to memory of 2624 2888 msn32.exe 40 PID 2888 wrote to memory of 2624 2888 msn32.exe 40 PID 2888 wrote to memory of 2624 2888 msn32.exe 40 PID 2888 wrote to memory of 2624 2888 msn32.exe 40 PID 2888 wrote to memory of 2624 2888 msn32.exe 40 PID 2888 wrote to memory of 2624 2888 msn32.exe 40 PID 2624 wrote to memory of 2232 2624 msn32.exe 41 PID 2624 wrote to memory of 2232 2624 msn32.exe 41 PID 2624 wrote to memory of 2232 2624 msn32.exe 41 PID 2624 wrote to memory of 2232 2624 msn32.exe 41 PID 2232 wrote to memory of 272 2232 msn32.exe 42 PID 2232 wrote to memory of 272 2232 msn32.exe 42 PID 2232 wrote to memory of 272 2232 msn32.exe 42 PID 2232 wrote to memory of 272 2232 msn32.exe 42
Processes
-
C:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:588 -
C:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2588 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
PID:272 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:2336 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1988 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
PID:1920 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1304 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1688 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1276 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:2044 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:780 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1960 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2212 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:2948 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1820 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:324 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2408 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1732 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
PID:964 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1336 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1956 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1980 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe34⤵
- Executes dropped EXE
- Loads dropped DLL
PID:840 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:700 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe36⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2468 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1772 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe38⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2892 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2560 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe40⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2372 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:888 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe42⤵
- Executes dropped EXE
- Loads dropped DLL
PID:556 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2980 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe44⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2680 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2840 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe46⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2416 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2704 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe48⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2876 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2812 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe50⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2712 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2328 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe52⤵
- Executes dropped EXE
PID:3004 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2856 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe54⤵
- Executes dropped EXE
PID:2848 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2192 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe56⤵
- Executes dropped EXE
PID:1564 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1044 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe58⤵
- Executes dropped EXE
PID:2108 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"59⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
PID:3016 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe60⤵
- Executes dropped EXE
PID:2596 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2456 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe62⤵
- Executes dropped EXE
PID:2052 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1892 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe64⤵
- Executes dropped EXE
PID:1448 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1332 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe66⤵PID:2104
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"67⤵
- Suspicious use of SetThreadContext
PID:2348 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe68⤵PID:1920
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"69⤵
- Suspicious use of SetThreadContext
PID:2032 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe70⤵PID:668
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"71⤵
- Suspicious use of SetThreadContext
PID:1520 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe72⤵PID:2028
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"73⤵
- Suspicious use of SetThreadContext
PID:348 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe74⤵PID:2044
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"75⤵
- Suspicious use of SetThreadContext
PID:2168 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe76⤵PID:2460
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"77⤵
- Suspicious use of SetThreadContext
PID:1504 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe78⤵PID:2948
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"79⤵
- Suspicious use of SetThreadContext
PID:684 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe80⤵PID:304
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"81⤵
- Suspicious use of SetThreadContext
PID:2420 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe82⤵PID:836
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"83⤵
- Suspicious use of SetThreadContext
PID:316 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe84⤵PID:1756
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"85⤵
- Suspicious use of SetThreadContext
PID:2068 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe86⤵PID:1708
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"87⤵
- Suspicious use of SetThreadContext
PID:1984 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe88⤵PID:1644
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"89⤵
- Suspicious use of SetThreadContext
PID:3032 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe90⤵PID:1768
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"91⤵
- Suspicious use of SetThreadContext
PID:1728 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe92⤵PID:912
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"93⤵
- Suspicious use of SetThreadContext
PID:888 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe94⤵
- Drops file in System32 directory
PID:3028 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"95⤵
- Suspicious use of SetThreadContext
PID:1656 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe96⤵PID:2988
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"97⤵
- Suspicious use of SetThreadContext
PID:2716 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe98⤵
- Drops file in System32 directory
PID:2784 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"99⤵
- Suspicious use of SetThreadContext
PID:2932 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe100⤵PID:2724
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"101⤵
- Suspicious use of SetThreadContext
PID:1536 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe102⤵PID:2780
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"103⤵
- Suspicious use of SetThreadContext
PID:2692 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe104⤵PID:3044
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"105⤵
- Suspicious use of SetThreadContext
PID:2264 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe106⤵PID:652
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"107⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
PID:2888 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe108⤵
- Drops file in System32 directory
PID:2444 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"109⤵
- Suspicious use of SetThreadContext
PID:1044 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe110⤵PID:2908
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"111⤵
- Suspicious use of SetThreadContext
PID:2600 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe112⤵
- Drops file in System32 directory
PID:2884 -
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"113⤵
- Suspicious use of SetThreadContext
PID:1280 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe114⤵PID:2132
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"115⤵
- Suspicious use of SetThreadContext
PID:1908 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe116⤵PID:1036
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"117⤵
- Suspicious use of SetThreadContext
PID:2112 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe118⤵PID:1952
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"119⤵
- Suspicious use of SetThreadContext
PID:2832 -
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe120⤵PID:1992
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"121⤵
- Suspicious use of SetThreadContext
PID:860
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-