Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11/08/2024, 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe
-
Size
78KB
-
MD5
8a85c274a40b5d50dba30b945242c9dd
-
SHA1
7e1a98af9b4a0e0c2fbb94e51fbf6736d1f0dc31
-
SHA256
fcc2791b908c36bdacdb47aace4c012de84582a163198b10a0faea1ec41225ff
-
SHA512
58e168fd0e56ea222a268c760348c43d254e3ebce4c2f655358088dace2f3c807b45a9173b08b04ee979daebfc610c96cb290129d5ecef30a5f0e364c7548008
-
SSDEEP
1536:widqkub+aVgWyv3tySdvVIE2jxUnjCnd0r2/pYWWDehbfb506+ji:NdFub+Bnv3oQtXaQjAt/nueNfd06h
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2288 IExplorer.exe 2976 IExplorer.exe 2632 IExplorer.exe 2756 IExplorer.exe 3048 IExplorer.exe 2836 IExplorer.exe 2696 IExplorer.exe 2540 IExplorer.exe 2956 IExplorer.exe 712 IExplorer.exe 1744 IExplorer.exe 1896 IExplorer.exe 1708 IExplorer.exe 1424 IExplorer.exe 772 IExplorer.exe 1944 IExplorer.exe 2404 IExplorer.exe 2056 IExplorer.exe 568 IExplorer.exe 1128 IExplorer.exe 356 IExplorer.exe 964 IExplorer.exe 1796 IExplorer.exe 2504 IExplorer.exe 2116 IExplorer.exe 944 IExplorer.exe 788 IExplorer.exe 1612 IExplorer.exe 2180 IExplorer.exe 376 IExplorer.exe 2076 IExplorer.exe 1888 IExplorer.exe 2168 IExplorer.exe 908 IExplorer.exe 1764 IExplorer.exe 1032 IExplorer.exe 2300 IExplorer.exe 1716 IExplorer.exe 2316 IExplorer.exe 2992 IExplorer.exe 768 IExplorer.exe 3060 IExplorer.exe 2728 IExplorer.exe 2732 IExplorer.exe 2532 IExplorer.exe 2792 IExplorer.exe 2780 IExplorer.exe 3000 IExplorer.exe 2580 IExplorer.exe 2588 IExplorer.exe 2544 IExplorer.exe 1212 IExplorer.exe 2004 IExplorer.exe 1120 IExplorer.exe 2844 IExplorer.exe 1744 IExplorer.exe 1912 IExplorer.exe 1028 IExplorer.exe 1708 IExplorer.exe 1452 IExplorer.exe 1980 IExplorer.exe 1852 IExplorer.exe 2092 IExplorer.exe 2868 IExplorer.exe -
Loads dropped DLL 64 IoCs
pid Process 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 2288 IExplorer.exe 2288 IExplorer.exe 2976 IExplorer.exe 2976 IExplorer.exe 2632 IExplorer.exe 2632 IExplorer.exe 2756 IExplorer.exe 2756 IExplorer.exe 3048 IExplorer.exe 3048 IExplorer.exe 2836 IExplorer.exe 2836 IExplorer.exe 2696 IExplorer.exe 2696 IExplorer.exe 2540 IExplorer.exe 2540 IExplorer.exe 2956 IExplorer.exe 2956 IExplorer.exe 712 IExplorer.exe 712 IExplorer.exe 1744 IExplorer.exe 1744 IExplorer.exe 1896 IExplorer.exe 1896 IExplorer.exe 1708 IExplorer.exe 1708 IExplorer.exe 1424 IExplorer.exe 1424 IExplorer.exe 772 IExplorer.exe 772 IExplorer.exe 1944 IExplorer.exe 1944 IExplorer.exe 2404 IExplorer.exe 2404 IExplorer.exe 2056 IExplorer.exe 2056 IExplorer.exe 568 IExplorer.exe 568 IExplorer.exe 1128 IExplorer.exe 1128 IExplorer.exe 356 IExplorer.exe 356 IExplorer.exe 964 IExplorer.exe 964 IExplorer.exe 1796 IExplorer.exe 1796 IExplorer.exe 2504 IExplorer.exe 2504 IExplorer.exe 2116 IExplorer.exe 2116 IExplorer.exe 944 IExplorer.exe 944 IExplorer.exe 788 IExplorer.exe 788 IExplorer.exe 1612 IExplorer.exe 1612 IExplorer.exe 2180 IExplorer.exe 2180 IExplorer.exe 376 IExplorer.exe 376 IExplorer.exe 2076 IExplorer.exe 2076 IExplorer.exe -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 2288 IExplorer.exe 2976 IExplorer.exe 2632 IExplorer.exe 2756 IExplorer.exe 3048 IExplorer.exe 2836 IExplorer.exe 2696 IExplorer.exe 2540 IExplorer.exe 2956 IExplorer.exe 712 IExplorer.exe 1744 IExplorer.exe 1896 IExplorer.exe 1708 IExplorer.exe 1424 IExplorer.exe 772 IExplorer.exe 1944 IExplorer.exe 2404 IExplorer.exe 2056 IExplorer.exe 568 IExplorer.exe 1128 IExplorer.exe 356 IExplorer.exe 964 IExplorer.exe 1796 IExplorer.exe 2504 IExplorer.exe 2116 IExplorer.exe 944 IExplorer.exe 788 IExplorer.exe 1612 IExplorer.exe 2180 IExplorer.exe 376 IExplorer.exe 2076 IExplorer.exe 1888 IExplorer.exe 2168 IExplorer.exe 908 IExplorer.exe 1764 IExplorer.exe 1032 IExplorer.exe 1716 IExplorer.exe 2316 IExplorer.exe 2992 IExplorer.exe 768 IExplorer.exe 3060 IExplorer.exe 2728 IExplorer.exe 2732 IExplorer.exe 2532 IExplorer.exe 2792 IExplorer.exe 2780 IExplorer.exe 3000 IExplorer.exe 2580 IExplorer.exe 2588 IExplorer.exe 2544 IExplorer.exe 1212 IExplorer.exe 2004 IExplorer.exe 1120 IExplorer.exe 2844 IExplorer.exe 1744 IExplorer.exe 1912 IExplorer.exe 1028 IExplorer.exe 1708 IExplorer.exe 1452 IExplorer.exe 1980 IExplorer.exe 1852 IExplorer.exe 2092 IExplorer.exe 2868 IExplorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2812 wrote to memory of 2288 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 31 PID 2812 wrote to memory of 2288 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 31 PID 2812 wrote to memory of 2288 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 31 PID 2812 wrote to memory of 2288 2812 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 31 PID 2288 wrote to memory of 2976 2288 IExplorer.exe 32 PID 2288 wrote to memory of 2976 2288 IExplorer.exe 32 PID 2288 wrote to memory of 2976 2288 IExplorer.exe 32 PID 2288 wrote to memory of 2976 2288 IExplorer.exe 32 PID 2976 wrote to memory of 2632 2976 IExplorer.exe 33 PID 2976 wrote to memory of 2632 2976 IExplorer.exe 33 PID 2976 wrote to memory of 2632 2976 IExplorer.exe 33 PID 2976 wrote to memory of 2632 2976 IExplorer.exe 33 PID 2632 wrote to memory of 2756 2632 IExplorer.exe 34 PID 2632 wrote to memory of 2756 2632 IExplorer.exe 34 PID 2632 wrote to memory of 2756 2632 IExplorer.exe 34 PID 2632 wrote to memory of 2756 2632 IExplorer.exe 34 PID 2756 wrote to memory of 3048 2756 IExplorer.exe 35 PID 2756 wrote to memory of 3048 2756 IExplorer.exe 35 PID 2756 wrote to memory of 3048 2756 IExplorer.exe 35 PID 2756 wrote to memory of 3048 2756 IExplorer.exe 35 PID 3048 wrote to memory of 2836 3048 IExplorer.exe 36 PID 3048 wrote to memory of 2836 3048 IExplorer.exe 36 PID 3048 wrote to memory of 2836 3048 IExplorer.exe 36 PID 3048 wrote to memory of 2836 3048 IExplorer.exe 36 PID 2836 wrote to memory of 2696 2836 IExplorer.exe 37 PID 2836 wrote to memory of 2696 2836 IExplorer.exe 37 PID 2836 wrote to memory of 2696 2836 IExplorer.exe 37 PID 2836 wrote to memory of 2696 2836 IExplorer.exe 37 PID 2696 wrote to memory of 2540 2696 IExplorer.exe 38 PID 2696 wrote to memory of 2540 2696 IExplorer.exe 38 PID 2696 wrote to memory of 2540 2696 IExplorer.exe 38 PID 2696 wrote to memory of 2540 2696 IExplorer.exe 38 PID 2540 wrote to memory of 2956 2540 IExplorer.exe 39 PID 2540 wrote to memory of 2956 2540 IExplorer.exe 39 PID 2540 wrote to memory of 2956 2540 IExplorer.exe 39 PID 2540 wrote to memory of 2956 2540 IExplorer.exe 39 PID 2956 wrote to memory of 712 2956 IExplorer.exe 40 PID 2956 wrote to memory of 712 2956 IExplorer.exe 40 PID 2956 wrote to memory of 712 2956 IExplorer.exe 40 PID 2956 wrote to memory of 712 2956 IExplorer.exe 40 PID 712 wrote to memory of 1744 712 IExplorer.exe 86 PID 712 wrote to memory of 1744 712 IExplorer.exe 86 PID 712 wrote to memory of 1744 712 IExplorer.exe 86 PID 712 wrote to memory of 1744 712 IExplorer.exe 86 PID 1744 wrote to memory of 1896 1744 IExplorer.exe 42 PID 1744 wrote to memory of 1896 1744 IExplorer.exe 42 PID 1744 wrote to memory of 1896 1744 IExplorer.exe 42 PID 1744 wrote to memory of 1896 1744 IExplorer.exe 42 PID 1896 wrote to memory of 1708 1896 IExplorer.exe 89 PID 1896 wrote to memory of 1708 1896 IExplorer.exe 89 PID 1896 wrote to memory of 1708 1896 IExplorer.exe 89 PID 1896 wrote to memory of 1708 1896 IExplorer.exe 89 PID 1708 wrote to memory of 1424 1708 IExplorer.exe 44 PID 1708 wrote to memory of 1424 1708 IExplorer.exe 44 PID 1708 wrote to memory of 1424 1708 IExplorer.exe 44 PID 1708 wrote to memory of 1424 1708 IExplorer.exe 44 PID 1424 wrote to memory of 772 1424 IExplorer.exe 45 PID 1424 wrote to memory of 772 1424 IExplorer.exe 45 PID 1424 wrote to memory of 772 1424 IExplorer.exe 45 PID 1424 wrote to memory of 772 1424 IExplorer.exe 45 PID 772 wrote to memory of 1944 772 IExplorer.exe 46 PID 772 wrote to memory of 1944 772 IExplorer.exe 46 PID 772 wrote to memory of 1944 772 IExplorer.exe 46 PID 772 wrote to memory of 1944 772 IExplorer.exe 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:712 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1944 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2404 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2056 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:568 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1128 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:356 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:964 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1796 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2504 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2116 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:944 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:788 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1612 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2180 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:376 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2076 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"33⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1888 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"34⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2168 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"35⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:908 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"36⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"37⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1032 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2300 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"42⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:768 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"44⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2728 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"45⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2732 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"46⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"47⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2792 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"48⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"52⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1120 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"56⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"58⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"60⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"62⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"64⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2092 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"66⤵
- System Location Discovery: System Language Discovery
PID:2344 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"67⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1240 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"68⤵
- Drops file in System32 directory
PID:1436 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"69⤵PID:448
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"70⤵PID:1000
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"71⤵PID:2392
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"72⤵
- System Location Discovery: System Language Discovery
PID:356 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"73⤵PID:2188
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"74⤵
- System Location Discovery: System Language Discovery
PID:1672 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"75⤵PID:928
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"76⤵PID:1704
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"77⤵PID:1232
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"78⤵
- Adds Run key to start application
PID:2224 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"79⤵PID:1568
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"80⤵
- Adds Run key to start application
PID:2180 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"81⤵
- System Location Discovery: System Language Discovery
PID:2440 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"82⤵PID:2208
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"83⤵PID:380
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"84⤵
- Drops file in System32 directory
PID:1444 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"85⤵
- System Location Discovery: System Language Discovery
PID:2432 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"86⤵PID:2456
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"87⤵PID:2276
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"88⤵PID:316
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"89⤵PID:2808
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"90⤵
- Adds Run key to start application
PID:2296 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"91⤵
- System Location Discovery: System Language Discovery
PID:2664 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"92⤵PID:2772
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"93⤵
- Adds Run key to start application
PID:2176 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"94⤵
- System Location Discovery: System Language Discovery
PID:2480 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"95⤵PID:2640
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"96⤵PID:2548
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"97⤵PID:2724
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"98⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:3000 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"99⤵
- Drops file in System32 directory
PID:2696 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"100⤵
- System Location Discovery: System Language Discovery
PID:600 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"101⤵PID:3032
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"102⤵PID:1580
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"103⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2592 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"104⤵
- Adds Run key to start application
PID:1748 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"105⤵PID:1988
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"106⤵
- System Location Discovery: System Language Discovery
PID:1896 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"107⤵PID:2364
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"108⤵PID:792
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"109⤵PID:1452
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"110⤵PID:1604
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"111⤵PID:1852
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"112⤵PID:3068
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"113⤵
- Adds Run key to start application
PID:2356 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"114⤵
- Adds Run key to start application
PID:664 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"115⤵
- Adds Run key to start application
PID:1240 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"116⤵PID:1196
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"117⤵PID:2388
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"118⤵PID:620
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"119⤵PID:1304
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"120⤵PID:1936
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"121⤵PID:1676
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-