Analysis
-
max time kernel
42s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2024 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe
-
Size
78KB
-
MD5
8a85c274a40b5d50dba30b945242c9dd
-
SHA1
7e1a98af9b4a0e0c2fbb94e51fbf6736d1f0dc31
-
SHA256
fcc2791b908c36bdacdb47aace4c012de84582a163198b10a0faea1ec41225ff
-
SHA512
58e168fd0e56ea222a268c760348c43d254e3ebce4c2f655358088dace2f3c807b45a9173b08b04ee979daebfc610c96cb290129d5ecef30a5f0e364c7548008
-
SSDEEP
1536:widqkub+aVgWyv3tySdvVIE2jxUnjCnd0r2/pYWWDehbfb506+ji:NdFub+Bnv3oQtXaQjAt/nueNfd06h
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation IExplorer.exe -
Executes dropped EXE 64 IoCs
pid Process 2504 IExplorer.exe 4584 IExplorer.exe 5092 IExplorer.exe 1484 IExplorer.exe 3392 IExplorer.exe 3020 IExplorer.exe 1280 IExplorer.exe 2944 IExplorer.exe 1548 IExplorer.exe 3692 IExplorer.exe 3960 IExplorer.exe 1476 IExplorer.exe 1604 IExplorer.exe 2452 IExplorer.exe 4860 IExplorer.exe 2564 IExplorer.exe 1136 IExplorer.exe 1984 IExplorer.exe 4772 IExplorer.exe 3312 IExplorer.exe 856 IExplorer.exe 5000 IExplorer.exe 2504 IExplorer.exe 1160 IExplorer.exe 3056 IExplorer.exe 4636 IExplorer.exe 3624 IExplorer.exe 5100 IExplorer.exe 4616 IExplorer.exe 368 IExplorer.exe 2308 IExplorer.exe 2256 IExplorer.exe 1604 IExplorer.exe 2452 IExplorer.exe 2880 IExplorer.exe 60 IExplorer.exe 4192 IExplorer.exe 464 IExplorer.exe 1536 IExplorer.exe 1488 IExplorer.exe 3756 IExplorer.exe 2208 IExplorer.exe 3300 IExplorer.exe 3076 IExplorer.exe 2196 IExplorer.exe 2504 IExplorer.exe 4984 IExplorer.exe 1128 IExplorer.exe 4468 IExplorer.exe 5060 IExplorer.exe 2844 IExplorer.exe 3432 IExplorer.exe 2932 IExplorer.exe 3228 IExplorer.exe 4748 IExplorer.exe 524 IExplorer.exe 4868 IExplorer.exe 4040 IExplorer.exe 4820 IExplorer.exe 1540 IExplorer.exe 1640 IExplorer.exe 2856 IExplorer.exe 220 IExplorer.exe 4872 IExplorer.exe -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "IExplorer.exe" IExplorer.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe File created C:\Windows\SysWOW64\IExplorer.exe IExplorer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IExplorer.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 512 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 2504 IExplorer.exe 4584 IExplorer.exe 5092 IExplorer.exe 1484 IExplorer.exe 3392 IExplorer.exe 3020 IExplorer.exe 1280 IExplorer.exe 2944 IExplorer.exe 1548 IExplorer.exe 3692 IExplorer.exe 3960 IExplorer.exe 1476 IExplorer.exe 1604 IExplorer.exe 2452 IExplorer.exe 4860 IExplorer.exe 2564 IExplorer.exe 1136 IExplorer.exe 1984 IExplorer.exe 4772 IExplorer.exe 3312 IExplorer.exe 856 IExplorer.exe 5000 IExplorer.exe 2504 IExplorer.exe 1160 IExplorer.exe 3056 IExplorer.exe 4636 IExplorer.exe 3624 IExplorer.exe 5100 IExplorer.exe 4616 IExplorer.exe 368 IExplorer.exe 2308 IExplorer.exe 2256 IExplorer.exe 1604 IExplorer.exe 2452 IExplorer.exe 2880 IExplorer.exe 60 IExplorer.exe 4192 IExplorer.exe 464 IExplorer.exe 1536 IExplorer.exe 1488 IExplorer.exe 3756 IExplorer.exe 2208 IExplorer.exe 3300 IExplorer.exe 3076 IExplorer.exe 2196 IExplorer.exe 2504 IExplorer.exe 4984 IExplorer.exe 1128 IExplorer.exe 4468 IExplorer.exe 5060 IExplorer.exe 2844 IExplorer.exe 3432 IExplorer.exe 2932 IExplorer.exe 3228 IExplorer.exe 4748 IExplorer.exe 524 IExplorer.exe 4868 IExplorer.exe 4040 IExplorer.exe 4820 IExplorer.exe 1540 IExplorer.exe 1640 IExplorer.exe 2856 IExplorer.exe 220 IExplorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 512 wrote to memory of 2504 512 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 86 PID 512 wrote to memory of 2504 512 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 86 PID 512 wrote to memory of 2504 512 8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe 86 PID 2504 wrote to memory of 4584 2504 IExplorer.exe 87 PID 2504 wrote to memory of 4584 2504 IExplorer.exe 87 PID 2504 wrote to memory of 4584 2504 IExplorer.exe 87 PID 4584 wrote to memory of 5092 4584 IExplorer.exe 88 PID 4584 wrote to memory of 5092 4584 IExplorer.exe 88 PID 4584 wrote to memory of 5092 4584 IExplorer.exe 88 PID 5092 wrote to memory of 1484 5092 IExplorer.exe 89 PID 5092 wrote to memory of 1484 5092 IExplorer.exe 89 PID 5092 wrote to memory of 1484 5092 IExplorer.exe 89 PID 1484 wrote to memory of 3392 1484 IExplorer.exe 90 PID 1484 wrote to memory of 3392 1484 IExplorer.exe 90 PID 1484 wrote to memory of 3392 1484 IExplorer.exe 90 PID 3392 wrote to memory of 3020 3392 IExplorer.exe 91 PID 3392 wrote to memory of 3020 3392 IExplorer.exe 91 PID 3392 wrote to memory of 3020 3392 IExplorer.exe 91 PID 3020 wrote to memory of 1280 3020 IExplorer.exe 93 PID 3020 wrote to memory of 1280 3020 IExplorer.exe 93 PID 3020 wrote to memory of 1280 3020 IExplorer.exe 93 PID 1280 wrote to memory of 2944 1280 IExplorer.exe 94 PID 1280 wrote to memory of 2944 1280 IExplorer.exe 94 PID 1280 wrote to memory of 2944 1280 IExplorer.exe 94 PID 2944 wrote to memory of 1548 2944 IExplorer.exe 95 PID 2944 wrote to memory of 1548 2944 IExplorer.exe 95 PID 2944 wrote to memory of 1548 2944 IExplorer.exe 95 PID 1548 wrote to memory of 3692 1548 IExplorer.exe 96 PID 1548 wrote to memory of 3692 1548 IExplorer.exe 96 PID 1548 wrote to memory of 3692 1548 IExplorer.exe 96 PID 3692 wrote to memory of 3960 3692 IExplorer.exe 97 PID 3692 wrote to memory of 3960 3692 IExplorer.exe 97 PID 3692 wrote to memory of 3960 3692 IExplorer.exe 97 PID 3960 wrote to memory of 1476 3960 IExplorer.exe 98 PID 3960 wrote to memory of 1476 3960 IExplorer.exe 98 PID 3960 wrote to memory of 1476 3960 IExplorer.exe 98 PID 1476 wrote to memory of 1604 1476 IExplorer.exe 123 PID 1476 wrote to memory of 1604 1476 IExplorer.exe 123 PID 1476 wrote to memory of 1604 1476 IExplorer.exe 123 PID 1604 wrote to memory of 2452 1604 IExplorer.exe 124 PID 1604 wrote to memory of 2452 1604 IExplorer.exe 124 PID 1604 wrote to memory of 2452 1604 IExplorer.exe 124 PID 2452 wrote to memory of 4860 2452 IExplorer.exe 101 PID 2452 wrote to memory of 4860 2452 IExplorer.exe 101 PID 2452 wrote to memory of 4860 2452 IExplorer.exe 101 PID 4860 wrote to memory of 2564 4860 IExplorer.exe 102 PID 4860 wrote to memory of 2564 4860 IExplorer.exe 102 PID 4860 wrote to memory of 2564 4860 IExplorer.exe 102 PID 2564 wrote to memory of 1136 2564 IExplorer.exe 103 PID 2564 wrote to memory of 1136 2564 IExplorer.exe 103 PID 2564 wrote to memory of 1136 2564 IExplorer.exe 103 PID 1136 wrote to memory of 1984 1136 IExplorer.exe 104 PID 1136 wrote to memory of 1984 1136 IExplorer.exe 104 PID 1136 wrote to memory of 1984 1136 IExplorer.exe 104 PID 1984 wrote to memory of 4772 1984 IExplorer.exe 105 PID 1984 wrote to memory of 4772 1984 IExplorer.exe 105 PID 1984 wrote to memory of 4772 1984 IExplorer.exe 105 PID 4772 wrote to memory of 3312 4772 IExplorer.exe 106 PID 4772 wrote to memory of 3312 4772 IExplorer.exe 106 PID 4772 wrote to memory of 3312 4772 IExplorer.exe 106 PID 3312 wrote to memory of 856 3312 IExplorer.exe 109 PID 3312 wrote to memory of 856 3312 IExplorer.exe 109 PID 3312 wrote to memory of 856 3312 IExplorer.exe 109 PID 856 wrote to memory of 5000 856 IExplorer.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8a85c274a40b5d50dba30b945242c9dd_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:512 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5092 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1484 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3392 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3692 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3960 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"14⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"16⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4860 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3312 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"23⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:5000 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2504 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"25⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1160 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:3056 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4636 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"28⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:3624 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"29⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:5100 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"30⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:4616 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"31⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:368 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"32⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"33⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2256 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"36⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"37⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:60 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"38⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4192 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:464 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"40⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1536 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"41⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1488 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"42⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3756 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3300 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3076 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"46⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"47⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"48⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:4984 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4468 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"51⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:5060 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"52⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2844 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3432 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"55⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3228 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4748 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:524 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"58⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4868 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4040 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"60⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:4820 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1540 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"62⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1640 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"64⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:220 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"65⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4872 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"66⤵
- Checks computer location settings
PID:3484 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"67⤵
- Checks computer location settings
PID:3616 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"68⤵PID:948
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"69⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2196 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"70⤵PID:2616
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"71⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4268 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"72⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1740 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"73⤵PID:3316
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"74⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:4536 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"75⤵
- Checks computer location settings
PID:2960 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"76⤵PID:1592
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"77⤵
- Checks computer location settings
PID:4228 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"78⤵
- Adds Run key to start application
PID:3100 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"79⤵PID:1416
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"80⤵PID:540
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"81⤵
- System Location Discovery: System Language Discovery
PID:2248 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"82⤵PID:836
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"83⤵PID:4860
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"84⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4456 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"85⤵
- System Location Discovery: System Language Discovery
PID:2156 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"86⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1756 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"87⤵
- Drops file in System32 directory
PID:4520 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"88⤵PID:688
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"89⤵
- Drops file in System32 directory
PID:2476 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"90⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:3156 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"91⤵PID:1072
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"92⤵PID:2716
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"93⤵PID:4344
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"94⤵
- Adds Run key to start application
PID:3284 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"95⤵
- Drops file in System32 directory
PID:4776 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"96⤵PID:516
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"97⤵PID:4636
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"98⤵PID:3748
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"99⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4796 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"100⤵
- Checks computer location settings
- Adds Run key to start application
PID:3672 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"101⤵
- Adds Run key to start application
PID:2844 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"102⤵
- Adds Run key to start application
PID:2948 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"103⤵
- Drops file in System32 directory
PID:3960 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"104⤵PID:4640
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"105⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
PID:4148 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"106⤵
- System Location Discovery: System Language Discovery
PID:1576 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"107⤵PID:4040
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"108⤵PID:2564
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"109⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:4100 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"110⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:3724 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"111⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:3392 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"112⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1488 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"113⤵
- Drops file in System32 directory
PID:856 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"114⤵PID:5096
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"115⤵
- Adds Run key to start application
PID:3484 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"116⤵PID:1092
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"117⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4764 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"118⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1240 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"119⤵
- Drops file in System32 directory
PID:3684 -
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"120⤵PID:1260
-
C:\Windows\SysWOW64\IExplorer.exe"C:\Windows\System32\IExplorer.exe"121⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:4832
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-