Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 22:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe
Resource
win7-20240729-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe
-
Size
17KB
-
MD5
a87579d691aad2f371bbae09006099b7
-
SHA1
b596e2494c0991f62ac9b5fd0a624dfdb60ce7e8
-
SHA256
b5241ab14857b6b8827ebe8bbc18308503863ec9c35e4c2f6b8dd0fec18ddfd5
-
SHA512
953f966b64ef45d37227f34206b94e1ab1aed58c970c400767b74b492c77a7503752eebd2edf7d1ccf1f54ef07cc8a075f1b0568fdf3945b4892c183da5be333
-
SSDEEP
384:FM8IYnjBPeBFQv9yOTqCjlGVqCtRq6spFC9+Vf:FM8IijMcv9yOT2hECu
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys Process not Found File opened for modification C:\Windows\SysWOW64\drivers\Hdv32.sys MMDXYBQE1035.exe -
Executes dropped EXE 64 IoCs
pid Process 1044 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 2528 MMDXYBQE1035.exe 1076 MMDXYBQE1035.exe 4544 MMDXYBQE1035.exe 2788 MMDXYBQE1035.exe 2216 MMDXYBQE1035.exe 3140 MMDXYBQE1035.exe 3652 MMDXYBQE1035.exe 4124 MMDXYBQE1035.exe 1848 MMDXYBQE1035.exe 4072 MMDXYBQE1035.exe 512 MMDXYBQE1035.exe 2280 MMDXYBQE1035.exe 636 MMDXYBQE1035.exe 3016 MMDXYBQE1035.exe 4768 MMDXYBQE1035.exe 4824 MMDXYBQE1035.exe 5088 MMDXYBQE1035.exe 4908 MMDXYBQE1035.exe 1008 MMDXYBQE1035.exe 3632 MMDXYBQE1035.exe 3640 MMDXYBQE1035.exe 2536 MMDXYBQE1035.exe 4796 MMDXYBQE1035.exe 3380 MMDXYBQE1035.exe 4124 MMDXYBQE1035.exe 1744 MMDXYBQE1035.exe 2280 MMDXYBQE1035.exe 1516 MMDXYBQE1035.exe 1488 MMDXYBQE1035.exe 4136 MMDXYBQE1035.exe 1580 MMDXYBQE1035.exe 2216 MMDXYBQE1035.exe 3576 MMDXYBQE1035.exe 2400 MMDXYBQE1035.exe 4548 MMDXYBQE1035.exe 2608 MMDXYBQE1035.exe 5168 MMDXYBQE1035.exe 5248 MMDXYBQE1035.exe 5340 MMDXYBQE1035.exe 5420 MMDXYBQE1035.exe 5580 MMDXYBQE1035.exe 5636 MMDXYBQE1035.exe 5732 MMDXYBQE1035.exe 5812 MMDXYBQE1035.exe 5988 MMDXYBQE1035.exe 6056 MMDXYBQE1035.exe 2416 MMDXYBQE1035.exe 5464 MMDXYBQE1035.exe 5640 MMDXYBQE1035.exe 2216 MMDXYBQE1035.exe 5816 MMDXYBQE1035.exe 5636 MMDXYBQE1035.exe 4832 MMDXYBQE1035.exe 5712 MMDXYBQE1035.exe 5132 MMDXYBQE1035.exe 5960 MMDXYBQE1035.exe 5384 MMDXYBQE1035.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe MMDXYBQE1035.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe attrib.exe File opened for modification C:\Windows\SysWOW64\MMDXYBQE1035.exe Process not Found -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MMDXYBQE1035.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 1044 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 2136 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 408 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 2312 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 4884 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 1792 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe 5072 MMDXYBQE1035.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found 656 Process not Found -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4136 wrote to memory of 1044 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 84 PID 4136 wrote to memory of 1044 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 84 PID 4136 wrote to memory of 1044 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 84 PID 4136 wrote to memory of 3500 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 85 PID 4136 wrote to memory of 3500 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 85 PID 4136 wrote to memory of 3500 4136 a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe 85 PID 1044 wrote to memory of 2136 1044 MMDXYBQE1035.exe 86 PID 1044 wrote to memory of 2136 1044 MMDXYBQE1035.exe 86 PID 1044 wrote to memory of 2136 1044 MMDXYBQE1035.exe 86 PID 1044 wrote to memory of 4292 1044 MMDXYBQE1035.exe 87 PID 1044 wrote to memory of 4292 1044 MMDXYBQE1035.exe 87 PID 1044 wrote to memory of 4292 1044 MMDXYBQE1035.exe 87 PID 2136 wrote to memory of 408 2136 MMDXYBQE1035.exe 89 PID 2136 wrote to memory of 408 2136 MMDXYBQE1035.exe 89 PID 2136 wrote to memory of 408 2136 MMDXYBQE1035.exe 89 PID 2136 wrote to memory of 2012 2136 MMDXYBQE1035.exe 90 PID 2136 wrote to memory of 2012 2136 MMDXYBQE1035.exe 90 PID 2136 wrote to memory of 2012 2136 MMDXYBQE1035.exe 90 PID 408 wrote to memory of 2312 408 MMDXYBQE1035.exe 92 PID 408 wrote to memory of 2312 408 MMDXYBQE1035.exe 92 PID 408 wrote to memory of 2312 408 MMDXYBQE1035.exe 92 PID 408 wrote to memory of 4152 408 MMDXYBQE1035.exe 93 PID 408 wrote to memory of 4152 408 MMDXYBQE1035.exe 93 PID 408 wrote to memory of 4152 408 MMDXYBQE1035.exe 93 PID 2312 wrote to memory of 4884 2312 MMDXYBQE1035.exe 96 PID 2312 wrote to memory of 4884 2312 MMDXYBQE1035.exe 96 PID 2312 wrote to memory of 4884 2312 MMDXYBQE1035.exe 96 PID 2312 wrote to memory of 2960 2312 MMDXYBQE1035.exe 97 PID 2312 wrote to memory of 2960 2312 MMDXYBQE1035.exe 97 PID 2312 wrote to memory of 2960 2312 MMDXYBQE1035.exe 97 PID 4884 wrote to memory of 1792 4884 MMDXYBQE1035.exe 98 PID 4884 wrote to memory of 1792 4884 MMDXYBQE1035.exe 98 PID 4884 wrote to memory of 1792 4884 MMDXYBQE1035.exe 98 PID 4884 wrote to memory of 2860 4884 MMDXYBQE1035.exe 99 PID 4884 wrote to memory of 2860 4884 MMDXYBQE1035.exe 99 PID 4884 wrote to memory of 2860 4884 MMDXYBQE1035.exe 99 PID 1792 wrote to memory of 5072 1792 MMDXYBQE1035.exe 100 PID 1792 wrote to memory of 5072 1792 MMDXYBQE1035.exe 100 PID 1792 wrote to memory of 5072 1792 MMDXYBQE1035.exe 100 PID 1792 wrote to memory of 1112 1792 MMDXYBQE1035.exe 102 PID 1792 wrote to memory of 1112 1792 MMDXYBQE1035.exe 102 PID 1792 wrote to memory of 1112 1792 MMDXYBQE1035.exe 102 PID 5072 wrote to memory of 2528 5072 MMDXYBQE1035.exe 105 PID 5072 wrote to memory of 2528 5072 MMDXYBQE1035.exe 105 PID 5072 wrote to memory of 2528 5072 MMDXYBQE1035.exe 105 PID 5072 wrote to memory of 4140 5072 MMDXYBQE1035.exe 106 PID 5072 wrote to memory of 4140 5072 MMDXYBQE1035.exe 106 PID 5072 wrote to memory of 4140 5072 MMDXYBQE1035.exe 106 PID 2528 wrote to memory of 1076 2528 MMDXYBQE1035.exe 107 PID 2528 wrote to memory of 1076 2528 MMDXYBQE1035.exe 107 PID 2528 wrote to memory of 1076 2528 MMDXYBQE1035.exe 107 PID 2528 wrote to memory of 3156 2528 MMDXYBQE1035.exe 108 PID 2528 wrote to memory of 3156 2528 MMDXYBQE1035.exe 108 PID 2528 wrote to memory of 3156 2528 MMDXYBQE1035.exe 108 PID 1076 wrote to memory of 4544 1076 MMDXYBQE1035.exe 111 PID 1076 wrote to memory of 4544 1076 MMDXYBQE1035.exe 111 PID 1076 wrote to memory of 4544 1076 MMDXYBQE1035.exe 111 PID 1076 wrote to memory of 4856 1076 MMDXYBQE1035.exe 112 PID 1076 wrote to memory of 4856 1076 MMDXYBQE1035.exe 112 PID 1076 wrote to memory of 4856 1076 MMDXYBQE1035.exe 112 PID 4544 wrote to memory of 2788 4544 MMDXYBQE1035.exe 114 PID 4544 wrote to memory of 2788 4544 MMDXYBQE1035.exe 114 PID 4544 wrote to memory of 2788 4544 MMDXYBQE1035.exe 114 PID 4544 wrote to memory of 3064 4544 MMDXYBQE1035.exe 115 -
Views/modifies file attributes 1 TTPs 64 IoCs
pid Process 6856 attrib.exe 6844 attrib.exe 7832 attrib.exe 10608 Process not Found 12592 Process not Found 7880 attrib.exe 10564 Process not Found 13204 Process not Found 9384 attrib.exe 10668 attrib.exe 12608 Process not Found 14288 Process not Found 13980 Process not Found 13360 Process not Found 9268 attrib.exe 10172 attrib.exe 11920 attrib.exe 10752 Process not Found 14212 Process not Found 12140 attrib.exe 13000 Process not Found 6940 attrib.exe 10328 attrib.exe 9600 Process not Found 12228 Process not Found 12424 Process not Found 6288 attrib.exe 7944 attrib.exe 10732 attrib.exe 12240 Process not Found 13572 Process not Found 13504 Process not Found 12800 Process not Found 1824 Process not Found 13604 Process not Found 10196 attrib.exe 13176 Process not Found 11392 Process not Found 13940 Process not Found 5604 Process not Found 6420 attrib.exe 6480 attrib.exe 8060 attrib.exe 11420 Process not Found 13360 Process not Found 7816 attrib.exe 12292 Process not Found 14088 Process not Found 9700 attrib.exe 9732 attrib.exe 11248 attrib.exe 8332 Process not Found 13768 Process not Found 6896 attrib.exe 8420 attrib.exe 7956 attrib.exe 9436 attrib.exe 9680 attrib.exe 2964 attrib.exe 7724 attrib.exe 11564 Process not Found 10108 attrib.exe 13400 Process not Found 6828 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a87579d691aad2f371bbae09006099b7_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe4⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:408 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4884 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe8⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1076 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4544 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe12⤵
- Executes dropped EXE
PID:2788 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe13⤵
- Executes dropped EXE
PID:2216 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe14⤵
- Executes dropped EXE
PID:3140 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3652 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe16⤵
- Executes dropped EXE
PID:4124 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe17⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:1848 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4072 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe19⤵
- Executes dropped EXE
PID:512 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe20⤵
- Executes dropped EXE
PID:2280 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe21⤵
- Executes dropped EXE
PID:636 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe22⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:3016 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe23⤵
- Executes dropped EXE
PID:4768 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe24⤵
- Executes dropped EXE
PID:4824 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe25⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:5088 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe26⤵
- Executes dropped EXE
PID:4908 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe27⤵
- Executes dropped EXE
PID:1008 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe28⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:3632 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe29⤵
- Executes dropped EXE
PID:3640 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe30⤵
- Executes dropped EXE
PID:2536 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe31⤵
- Executes dropped EXE
PID:4796 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe32⤵
- Executes dropped EXE
PID:3380 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe33⤵
- Executes dropped EXE
PID:4124 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe34⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:1744 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe35⤵
- Executes dropped EXE
PID:2280 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe36⤵
- Executes dropped EXE
PID:1516 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe37⤵
- Executes dropped EXE
PID:1488 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe38⤵
- Executes dropped EXE
PID:4136 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe39⤵
- Drops file in Drivers directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1580 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe40⤵
- Executes dropped EXE
PID:2216 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe41⤵
- Executes dropped EXE
PID:3576 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe42⤵
- Executes dropped EXE
PID:2400 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe43⤵
- Executes dropped EXE
PID:4548 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe44⤵
- Executes dropped EXE
PID:2608 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe45⤵
- Executes dropped EXE
PID:5168 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe46⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:5248 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe47⤵
- Executes dropped EXE
PID:5340 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe48⤵
- Executes dropped EXE
PID:5420 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe49⤵
- Executes dropped EXE
PID:5580 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5636 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe51⤵
- Executes dropped EXE
PID:5732 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:5812 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe53⤵
- Executes dropped EXE
PID:5988 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe54⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:6056 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe55⤵
- Executes dropped EXE
PID:2416 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe56⤵
- Executes dropped EXE
PID:5464 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe57⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:5640 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe58⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:2216 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe59⤵
- Executes dropped EXE
PID:5816 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe60⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:5636 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe61⤵
- Executes dropped EXE
PID:4832 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe62⤵
- Executes dropped EXE
PID:5712 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe63⤵
- Executes dropped EXE
PID:5132 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe64⤵
- Executes dropped EXE
PID:5960 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe65⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:5384 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe66⤵PID:6056
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe67⤵PID:3536
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe68⤵
- Drops file in Drivers directory
PID:6164 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe69⤵PID:6396
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe70⤵PID:6480
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe71⤵
- Drops file in Drivers directory
PID:6608 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe72⤵PID:6676
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe73⤵PID:6832
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe74⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:6924 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe75⤵PID:7000
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe76⤵
- Drops file in Drivers directory
PID:7100 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe77⤵PID:6124
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe78⤵PID:6288
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe79⤵PID:6612
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe80⤵
- System Location Discovery: System Language Discovery
PID:6796 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe81⤵
- Drops file in Drivers directory
PID:5940 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe82⤵PID:4832
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe83⤵PID:6576
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe84⤵PID:6672
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe85⤵
- Drops file in Drivers directory
PID:6296 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe86⤵
- Drops file in Drivers directory
PID:5708 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe87⤵PID:6952
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe88⤵
- Drops file in Drivers directory
PID:5852 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe89⤵PID:6224
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe90⤵PID:6272
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe91⤵PID:7292
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe92⤵PID:7424
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe93⤵PID:7564
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe94⤵PID:7652
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe95⤵PID:7772
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe96⤵PID:8056
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe97⤵
- Drops file in Drivers directory
PID:8188 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe98⤵
- Drops file in Drivers directory
PID:7272 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe99⤵PID:5800
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe100⤵
- Drops file in Drivers directory
PID:7532 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe101⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
PID:5820 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe102⤵PID:6952
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe103⤵PID:7848
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe104⤵PID:6288
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe105⤵
- Drops file in Drivers directory
PID:7244 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe106⤵
- Drops file in System32 directory
PID:7460 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe107⤵
- Drops file in Drivers directory
PID:7288 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe108⤵PID:7748
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe109⤵PID:8260
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe110⤵PID:8448
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe111⤵
- Drops file in Drivers directory
PID:8504 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe112⤵PID:8588
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe113⤵
- Drops file in Drivers directory
PID:8676 -
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe114⤵PID:8860
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe115⤵PID:9120
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe116⤵PID:9204
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe117⤵PID:7416
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe118⤵PID:8272
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe119⤵PID:7916
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe120⤵PID:7844
-
C:\Windows\SysWOW64\MMDXYBQE1035.exeC:\Windows\system32\MMDXYBQE1035.exe121⤵PID:7132
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-