2f6642aa38f7e67db36a681f8c57b3f707c649265f43c6d16d186b48f2366341

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe
Size

72KB
MD5

4bec172378979fc11eacb4d19136ce61
SHA1

33a57acd5114cf20d3eec10b20b45412941bbba2
SHA256

2f6642aa38f7e67db36a681f8c57b3f707c649265f43c6d16d186b48f2366341
SHA512

744844defb670ec95c3a571eebc8f3c3950a12abf594c92f904bfcea7fa320930ff7f3f8c0bc0819321bb02ff3adc794c02bdecd87d58920742e1e84c8bb6181
SSDEEP

768:zSfZ6FdI9zT/EJ2EreVgPMRsQzOFrRvaz6:eh6Pk5yZaz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4764	kerne1132.exe
4544	kerne1132.exe
1648	kerne1132.exe
3528	kerne1132.exe
4184	kerne1132.exe
1604	kerne1132.exe
5104	kerne1132.exe
4312	kerne1132.exe
2740	kerne1132.exe
4240	kerne1132.exe
3736	kerne1132.exe
1212	kerne1132.exe
4364	kerne1132.exe
440	kerne1132.exe
4664	kerne1132.exe
4412	kerne1132.exe
3584	kerne1132.exe
3784	kerne1132.exe
4372	kerne1132.exe
3716	kerne1132.exe
2464	kerne1132.exe
2812	kerne1132.exe
2028	kerne1132.exe
2320	kerne1132.exe
2360	kerne1132.exe
5044	kerne1132.exe
3772	kerne1132.exe
3496	kerne1132.exe
1168	kerne1132.exe
1032	kerne1132.exe
224	kerne1132.exe
4500	kerne1132.exe
1776	kerne1132.exe
1920	kerne1132.exe
2704	kerne1132.exe
1456	kerne1132.exe
4064	kerne1132.exe
1576	kerne1132.exe
4848	kerne1132.exe
668	kerne1132.exe
4272	kerne1132.exe
1828	kerne1132.exe
4424	kerne1132.exe
5112	kerne1132.exe
3568	kerne1132.exe
232	kerne1132.exe
4260	kerne1132.exe
4404	kerne1132.exe
32	kerne1132.exe
4436	kerne1132.exe
344	kerne1132.exe
776	kerne1132.exe
872	kerne1132.exe
2376	kerne1132.exe
4024	kerne1132.exe
2824	kerne1132.exe
1184	kerne1132.exe
3916	kerne1132.exe
1444	kerne1132.exe
3524	kerne1132.exe
4584	kerne1132.exe
1220	kerne1132.exe
2224	kerne1132.exe
3992	kerne1132.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File opened for modification	C:\Windows\SysWOW64\kerne1132.exe	4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe
File created	C:\Windows\SysWOW64\kerne1132.exe	kerne1132.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4764	208	4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe	86
PID 208 wrote to memory of 4764	208	4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe	86
PID 208 wrote to memory of 4764	208	4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe	86
PID 4764 wrote to memory of 4544	4764	kerne1132.exe	87
PID 4764 wrote to memory of 4544	4764	kerne1132.exe	87
PID 4764 wrote to memory of 4544	4764	kerne1132.exe	87
PID 4544 wrote to memory of 1648	4544	kerne1132.exe	88
PID 4544 wrote to memory of 1648	4544	kerne1132.exe	88
PID 4544 wrote to memory of 1648	4544	kerne1132.exe	88
PID 1648 wrote to memory of 3528	1648	kerne1132.exe	89
PID 1648 wrote to memory of 3528	1648	kerne1132.exe	89
PID 1648 wrote to memory of 3528	1648	kerne1132.exe	89
PID 3528 wrote to memory of 4184	3528	kerne1132.exe	90
PID 3528 wrote to memory of 4184	3528	kerne1132.exe	90
PID 3528 wrote to memory of 4184	3528	kerne1132.exe	90
PID 4184 wrote to memory of 1604	4184	kerne1132.exe	91
PID 4184 wrote to memory of 1604	4184	kerne1132.exe	91
PID 4184 wrote to memory of 1604	4184	kerne1132.exe	91
PID 1604 wrote to memory of 5104	1604	kerne1132.exe	92
PID 1604 wrote to memory of 5104	1604	kerne1132.exe	92
PID 1604 wrote to memory of 5104	1604	kerne1132.exe	92
PID 5104 wrote to memory of 4312	5104	kerne1132.exe	93
PID 5104 wrote to memory of 4312	5104	kerne1132.exe	93
PID 5104 wrote to memory of 4312	5104	kerne1132.exe	93
PID 4312 wrote to memory of 2740	4312	kerne1132.exe	94
PID 4312 wrote to memory of 2740	4312	kerne1132.exe	94
PID 4312 wrote to memory of 2740	4312	kerne1132.exe	94
PID 2740 wrote to memory of 4240	2740	kerne1132.exe	95
PID 2740 wrote to memory of 4240	2740	kerne1132.exe	95
PID 2740 wrote to memory of 4240	2740	kerne1132.exe	95
PID 4240 wrote to memory of 3736	4240	kerne1132.exe	96
PID 4240 wrote to memory of 3736	4240	kerne1132.exe	96
PID 4240 wrote to memory of 3736	4240	kerne1132.exe	96
PID 3736 wrote to memory of 1212	3736	kerne1132.exe	97
PID 3736 wrote to memory of 1212	3736	kerne1132.exe	97
PID 3736 wrote to memory of 1212	3736	kerne1132.exe	97
PID 1212 wrote to memory of 4364	1212	kerne1132.exe	98
PID 1212 wrote to memory of 4364	1212	kerne1132.exe	98
PID 1212 wrote to memory of 4364	1212	kerne1132.exe	98
PID 4364 wrote to memory of 440	4364	kerne1132.exe	99
PID 4364 wrote to memory of 440	4364	kerne1132.exe	99
PID 4364 wrote to memory of 440	4364	kerne1132.exe	99
PID 440 wrote to memory of 4664	440	kerne1132.exe	100
PID 440 wrote to memory of 4664	440	kerne1132.exe	100
PID 440 wrote to memory of 4664	440	kerne1132.exe	100
PID 4664 wrote to memory of 4412	4664	kerne1132.exe	101
PID 4664 wrote to memory of 4412	4664	kerne1132.exe	101
PID 4664 wrote to memory of 4412	4664	kerne1132.exe	101
PID 4412 wrote to memory of 3584	4412	kerne1132.exe	102
PID 4412 wrote to memory of 3584	4412	kerne1132.exe	102
PID 4412 wrote to memory of 3584	4412	kerne1132.exe	102
PID 3584 wrote to memory of 3784	3584	kerne1132.exe	103
PID 3584 wrote to memory of 3784	3584	kerne1132.exe	103
PID 3584 wrote to memory of 3784	3584	kerne1132.exe	103
PID 3784 wrote to memory of 4372	3784	kerne1132.exe	104
PID 3784 wrote to memory of 4372	3784	kerne1132.exe	104
PID 3784 wrote to memory of 4372	3784	kerne1132.exe	104
PID 4372 wrote to memory of 3716	4372	kerne1132.exe	105
PID 4372 wrote to memory of 3716	4372	kerne1132.exe	105
PID 4372 wrote to memory of 3716	4372	kerne1132.exe	105
PID 3716 wrote to memory of 2464	3716	kerne1132.exe	106
PID 3716 wrote to memory of 2464	3716	kerne1132.exe	106
PID 3716 wrote to memory of 2464	3716	kerne1132.exe	106
PID 2464 wrote to memory of 2812	2464	kerne1132.exe	107

C:\Users\Admin\AppData\Local\Temp\4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4bec172378979fc11eacb4d19136ce61_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\SysWOW64\kerne1132.exe
  C:\Windows\system32\kerne1132.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4764
- - C:\Windows\SysWOW64\kerne1132.exe
    C:\Windows\system32\kerne1132.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4544
  - - C:\Windows\SysWOW64\kerne1132.exe
      C:\Windows\system32\kerne1132.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1648
    - - C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3528
      - C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4184
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1604
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:5104
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4312
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2740
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4240
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3736
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1212
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4364
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:440
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4664
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3584
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3784
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4372
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3716
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        23⤵
        Executes dropped EXE
        
        PID:2812
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2028
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        25⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        26⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5044
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        28⤵
        Executes dropped EXE
        
        PID:3772
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3496
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1168
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1032
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        32⤵
        Executes dropped EXE
        
        PID:224
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4500
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1776
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        35⤵
        Executes dropped EXE
        
        PID:1920
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        36⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        37⤵
        Executes dropped EXE
        
        PID:1456
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        38⤵
        Executes dropped EXE
        
        PID:4064
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        39⤵
        Executes dropped EXE
        
        PID:1576
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        40⤵
        Executes dropped EXE
        
        PID:4848
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        41⤵
        Executes dropped EXE
        
        PID:668
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        42⤵
        Executes dropped EXE
        
        PID:4272
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        43⤵
        Executes dropped EXE
        
        PID:1828
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        44⤵
        Executes dropped EXE
        
        PID:4424
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        45⤵
        Executes dropped EXE
        
        PID:5112
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        46⤵
        Executes dropped EXE
        
        PID:3568
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        47⤵
        Executes dropped EXE
        
        PID:232
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        48⤵
        Executes dropped EXE
        
        PID:4260
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        49⤵
        Executes dropped EXE
        
        PID:4404
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:32
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4436
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:344
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        53⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:872
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2376
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4024
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        57⤵
        Executes dropped EXE
        
        PID:2824
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        58⤵
        Executes dropped EXE
        
        PID:1184
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3916
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1444
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        61⤵
        Executes dropped EXE
        
        PID:3524
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4584
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        63⤵
        Executes dropped EXE
        
        PID:1220
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2224
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3992
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        66⤵
        Drops file in System32 directory
        
        PID:1580
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        67⤵
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        68⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        69⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        70⤵
        Drops file in System32 directory
        
        PID:1616
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        71⤵
        Drops file in System32 directory
        
        PID:4540
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        72⤵
        Drops file in System32 directory
        
        PID:2640
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        73⤵
        Drops file in System32 directory
        
        PID:1320
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        74⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        75⤵
        Drops file in System32 directory
        
        PID:4360
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        76⤵
        Drops file in System32 directory
        
        PID:1460
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        77⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        78⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        79⤵
        
        PID:552
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        80⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        81⤵
        Drops file in System32 directory
        
        PID:1172
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        82⤵
        Drops file in System32 directory
        
        PID:816
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        83⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        84⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        85⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        86⤵
        Drops file in System32 directory
        
        PID:1288
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        87⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        88⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        89⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        90⤵
        Drops file in System32 directory
        
        PID:1552
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        91⤵
        Drops file in System32 directory
        
        PID:4500
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        92⤵
        Drops file in System32 directory
        
        PID:1776
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        93⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        94⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        95⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        96⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        97⤵
        Drops file in System32 directory
        
        PID:2328
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        98⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        99⤵
        Drops file in System32 directory
        
        PID:2004
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        100⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        101⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        102⤵
        Drops file in System32 directory
        
        PID:2520
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        103⤵
        Drops file in System32 directory
        
        PID:3672
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        104⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        105⤵
        Drops file in System32 directory
        
        PID:2916
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        106⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        107⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        108⤵
        
        PID:864
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        109⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        110⤵
        
        PID:232
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        111⤵
        Drops file in System32 directory
        
        PID:2292
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        112⤵
        Drops file in System32 directory
        
        PID:2116
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        113⤵
        Drops file in System32 directory
        
        PID:1884
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        114⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        115⤵
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        116⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        117⤵
        Drops file in System32 directory
        
        PID:872
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        118⤵
        Drops file in System32 directory
        
        PID:1712
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        119⤵
        Drops file in System32 directory
        
        PID:3528
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        120⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        121⤵
        
        PID:368
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        122⤵
        Drops file in System32 directory
        
        PID:4112
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        123⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        124⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        125⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        126⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        127⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        128⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        129⤵
        Drops file in System32 directory
        
        PID:1564
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        130⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        131⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        132⤵
        Drops file in System32 directory
        
        PID:4664
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        133⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        134⤵
        Drops file in System32 directory
        
        PID:3812
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        135⤵
        
        PID:516
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        136⤵
        Drops file in System32 directory
        
        PID:4016
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        137⤵
        Drops file in System32 directory
        
        PID:1484
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        138⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        139⤵
        
        PID:764
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        140⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        141⤵
        Drops file in System32 directory
        
        PID:2696
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        142⤵
        Drops file in System32 directory
        
        PID:2632
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        143⤵
        Drops file in System32 directory
        
        PID:1320
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        144⤵
        Drops file in System32 directory
        
        PID:2812
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        145⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\kerne1132.exe
        
        C:\Windows\system32\kerne1132.exe
        146⤵
        
        PID:4068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\kerne1132.exe

Filesize
72KB

MD5
4bec172378979fc11eacb4d19136ce61

SHA1
33a57acd5114cf20d3eec10b20b45412941bbba2

SHA256
2f6642aa38f7e67db36a681f8c57b3f707c649265f43c6d16d186b48f2366341

SHA512
744844defb670ec95c3a571eebc8f3c3950a12abf594c92f904bfcea7fa320930ff7f3f8c0bc0819321bb02ff3adc794c02bdecd87d58920742e1e84c8bb6181

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads