Overview

overview

7

Static

static

7

c0b6ad65dd...18.exe

windows7-x64

7

c0b6ad65dd...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0b6ad65dd559b72bc3e8ac9a0931a49_JaffaCakes118.exe

  • Size

    238KB

  • MD5

    c0b6ad65dd559b72bc3e8ac9a0931a49

  • SHA1

    0fdac98ec965cee92e3fe11e6b9eb7a40a98dab6

  • SHA256

    53b344f6557bcf013ec2f7bc87c490c4d565ef0c1bebdddf66be9536e38493d1

  • SHA512

    5d7288b4619b10fd25590f69c32ee0bf56b6011f4e2e4c73c18e651bca85b60d318a4bf2ef4e528b555c8e56e81330f93cea262e76d14640e29026e176b2e6c3

  • SSDEEP

    6144:DzIdQq3Jh/Z0n9jqvqmgmreXT0M0NrhSfwqMGy:DziQq3Jh4jqvq6eD0rrh9My

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0b6ad65dd559b72bc3e8ac9a0931a49_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c0b6ad65dd559b72bc3e8ac9a0931a49_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Windows\SysWOW64\iplog.exe
      C:\Windows\system32\iplog.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:384
      • C:\Windows\SysWOW64\iplog.exe
        C:\Windows\system32\iplog.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:3240
        • C:\Windows\SysWOW64\iplog.exe
          C:\Windows\system32\iplog.exe
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1928
          • C:\Windows\SysWOW64\iplog.exe
            C:\Windows\system32\iplog.exe
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3512
            • C:\Windows\SysWOW64\iplog.exe
              C:\Windows\system32\iplog.exe
              6⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1760
              • C:\Windows\SysWOW64\iplog.exe
                C:\Windows\system32\iplog.exe
                7⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:3264
                • C:\Windows\SysWOW64\iplog.exe
                  C:\Windows\system32\iplog.exe
                  8⤵
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:1432
                  • C:\Windows\SysWOW64\iplog.exe
                    C:\Windows\system32\iplog.exe
                    9⤵
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:4896
                    • C:\Windows\SysWOW64\iplog.exe
                      C:\Windows\system32\iplog.exe
                      10⤵
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:2372
                      • C:\Windows\SysWOW64\iplog.exe
                        C:\Windows\system32\iplog.exe
                        11⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of WriteProcessMemory
                        PID:1004
                        • C:\Windows\SysWOW64\iplog.exe
                          C:\Windows\system32\iplog.exe
                          12⤵
                          • Executes dropped EXE
                          • Drops file in System32 directory
                          • Suspicious use of WriteProcessMemory
                          PID:924
                          • C:\Windows\SysWOW64\iplog.exe
                            C:\Windows\system32\iplog.exe
                            13⤵
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            • Drops file in Windows directory
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of WriteProcessMemory
                            PID:2780
                            • C:\Windows\SysWOW64\iplog.exe
                              C:\Windows\system32\iplog.exe
                              14⤵
                              • Executes dropped EXE
                              • Drops file in System32 directory
                              • Drops file in Windows directory
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of WriteProcessMemory
                              PID:2620
                              • C:\Windows\SysWOW64\iplog.exe
                                C:\Windows\system32\iplog.exe
                                15⤵
                                • Executes dropped EXE
                                • Drops file in System32 directory
                                • Drops file in Windows directory
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of WriteProcessMemory
                                PID:628
                                • C:\Windows\SysWOW64\iplog.exe
                                  C:\Windows\system32\iplog.exe
                                  16⤵
                                  • Executes dropped EXE
                                  • Drops file in System32 directory
                                  • Drops file in Windows directory
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of WriteProcessMemory
                                  PID:1176
                                  • C:\Windows\SysWOW64\iplog.exe
                                    C:\Windows\system32\iplog.exe
                                    17⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    • Suspicious use of WriteProcessMemory
                                    PID:748
                                    • C:\Windows\SysWOW64\iplog.exe
                                      C:\Windows\system32\iplog.exe
                                      18⤵
                                      • Executes dropped EXE
                                      • Drops file in System32 directory
                                      • Drops file in Windows directory
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of WriteProcessMemory
                                      PID:1396
                                      • C:\Windows\SysWOW64\iplog.exe
                                        C:\Windows\system32\iplog.exe
                                        19⤵
                                        • Executes dropped EXE
                                        • Drops file in System32 directory
                                        • Drops file in Windows directory
                                        • Suspicious use of WriteProcessMemory
                                        PID:1812
                                        • C:\Windows\SysWOW64\iplog.exe
                                          C:\Windows\system32\iplog.exe
                                          20⤵
                                          • Executes dropped EXE
                                          • Drops file in Windows directory
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of WriteProcessMemory
                                          PID:5076
                                          • C:\Windows\SysWOW64\iplog.exe
                                            C:\Windows\system32\iplog.exe
                                            21⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of WriteProcessMemory
                                            PID:208
                                            • C:\Windows\SysWOW64\iplog.exe
                                              C:\Windows\system32\iplog.exe
                                              22⤵
                                              • Executes dropped EXE
                                              • Suspicious use of WriteProcessMemory
                                              PID:3892
                                              • C:\Windows\SysWOW64\iplog.exe
                                                C:\Windows\system32\iplog.exe
                                                23⤵
                                                • Executes dropped EXE
                                                • Drops file in Windows directory
                                                PID:4516
                                                • C:\Windows\SysWOW64\iplog.exe
                                                  C:\Windows\system32\iplog.exe
                                                  24⤵
                                                  • Executes dropped EXE
                                                  • Drops file in System32 directory
                                                  • Drops file in Windows directory
                                                  PID:1624
                                                  • C:\Windows\SysWOW64\iplog.exe
                                                    C:\Windows\system32\iplog.exe
                                                    25⤵
                                                    • Executes dropped EXE
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5012
                                                    • C:\Windows\SysWOW64\iplog.exe
                                                      C:\Windows\system32\iplog.exe
                                                      26⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Windows directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:2480
                                                      • C:\Windows\SysWOW64\iplog.exe
                                                        C:\Windows\system32\iplog.exe
                                                        27⤵
                                                        • Executes dropped EXE
                                                        • Drops file in System32 directory
                                                        • System Location Discovery: System Language Discovery
                                                        PID:1040
                                                        • C:\Windows\SysWOW64\iplog.exe
                                                          C:\Windows\system32\iplog.exe
                                                          28⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Windows directory
                                                          • System Location Discovery: System Language Discovery
                                                          PID:3672
                                                          • C:\Windows\SysWOW64\iplog.exe
                                                            C:\Windows\system32\iplog.exe
                                                            29⤵
                                                            • Executes dropped EXE
                                                            • Drops file in System32 directory
                                                            • Drops file in Windows directory
                                                            PID:2152
                                                            • C:\Windows\SysWOW64\iplog.exe
                                                              C:\Windows\system32\iplog.exe
                                                              30⤵
                                                              • Executes dropped EXE
                                                              • Drops file in System32 directory
                                                              • Drops file in Windows directory
                                                              • System Location Discovery: System Language Discovery
                                                              PID:3256
                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                C:\Windows\system32\iplog.exe
                                                                31⤵
                                                                • Executes dropped EXE
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                PID:4084
                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                  C:\Windows\system32\iplog.exe
                                                                  32⤵
                                                                  • Executes dropped EXE
                                                                  • Drops file in System32 directory
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:3492
                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                    C:\Windows\system32\iplog.exe
                                                                    33⤵
                                                                    • Executes dropped EXE
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5088
                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                      C:\Windows\system32\iplog.exe
                                                                      34⤵
                                                                      • Executes dropped EXE
                                                                      • Drops file in System32 directory
                                                                      • Drops file in Windows directory
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2336
                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                        C:\Windows\system32\iplog.exe
                                                                        35⤵
                                                                        • Executes dropped EXE
                                                                        • Drops file in Windows directory
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:2020
                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                          C:\Windows\system32\iplog.exe
                                                                          36⤵
                                                                          • Executes dropped EXE
                                                                          • Drops file in System32 directory
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:1568
                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                            C:\Windows\system32\iplog.exe
                                                                            37⤵
                                                                            • Executes dropped EXE
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:2684
                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                              C:\Windows\system32\iplog.exe
                                                                              38⤵
                                                                              • Executes dropped EXE
                                                                              • Drops file in Windows directory
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:4332
                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                C:\Windows\system32\iplog.exe
                                                                                39⤵
                                                                                • Executes dropped EXE
                                                                                • Drops file in System32 directory
                                                                                PID:3992
                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                  C:\Windows\system32\iplog.exe
                                                                                  40⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:1508
                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                    C:\Windows\system32\iplog.exe
                                                                                    41⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in System32 directory
                                                                                    • Drops file in Windows directory
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:5092
                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                      C:\Windows\system32\iplog.exe
                                                                                      42⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:3516
                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                        C:\Windows\system32\iplog.exe
                                                                                        43⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1052
                                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                                          C:\Windows\system32\iplog.exe
                                                                                          44⤵
                                                                                          • Executes dropped EXE
                                                                                          • Drops file in System32 directory
                                                                                          • Drops file in Windows directory
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:436
                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                            C:\Windows\system32\iplog.exe
                                                                                            45⤵
                                                                                            • Executes dropped EXE
                                                                                            • Drops file in System32 directory
                                                                                            • Drops file in Windows directory
                                                                                            PID:2668
                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                              C:\Windows\system32\iplog.exe
                                                                                              46⤵
                                                                                              • Executes dropped EXE
                                                                                              • Drops file in Windows directory
                                                                                              PID:1344
                                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                                C:\Windows\system32\iplog.exe
                                                                                                47⤵
                                                                                                • Executes dropped EXE
                                                                                                • Drops file in System32 directory
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                PID:2240
                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                  48⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:4664
                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                    49⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Drops file in Windows directory
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:2180
                                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                                      C:\Windows\system32\iplog.exe
                                                                                                      50⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Drops file in Windows directory
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:2892
                                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                                        C:\Windows\system32\iplog.exe
                                                                                                        51⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Drops file in System32 directory
                                                                                                        • Drops file in Windows directory
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:4544
                                                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                                                          C:\Windows\system32\iplog.exe
                                                                                                          52⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Drops file in Windows directory
                                                                                                          PID:2584
                                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                                            C:\Windows\system32\iplog.exe
                                                                                                            53⤵
                                                                                                            • Executes dropped EXE
                                                                                                            PID:2300
                                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                                              C:\Windows\system32\iplog.exe
                                                                                                              54⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Drops file in System32 directory
                                                                                                              • Drops file in Windows directory
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:3120
                                                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                                                C:\Windows\system32\iplog.exe
                                                                                                                55⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Drops file in System32 directory
                                                                                                                • Drops file in Windows directory
                                                                                                                PID:2104
                                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                                  56⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:3148
                                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                                    57⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Drops file in System32 directory
                                                                                                                    • Drops file in Windows directory
                                                                                                                    PID:776
                                                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                                                      C:\Windows\system32\iplog.exe
                                                                                                                      58⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Drops file in System32 directory
                                                                                                                      • Drops file in Windows directory
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:5068
                                                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                                                        C:\Windows\system32\iplog.exe
                                                                                                                        59⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Drops file in Windows directory
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:4148
                                                                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                                                                          C:\Windows\system32\iplog.exe
                                                                                                                          60⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Drops file in System32 directory
                                                                                                                          • Drops file in Windows directory
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:4044
                                                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                                                            C:\Windows\system32\iplog.exe
                                                                                                                            61⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Drops file in System32 directory
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:3236
                                                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                                                              C:\Windows\system32\iplog.exe
                                                                                                                              62⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Drops file in Windows directory
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              PID:1664
                                                                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                C:\Windows\system32\iplog.exe
                                                                                                                                63⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Drops file in Windows directory
                                                                                                                                PID:4896
                                                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                                                  64⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in System32 directory
                                                                                                                                  • Drops file in Windows directory
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  PID:2264
                                                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                                                    65⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in System32 directory
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:948
                                                                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                      C:\Windows\system32\iplog.exe
                                                                                                                                      66⤵
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:2712
                                                                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                        C:\Windows\system32\iplog.exe
                                                                                                                                        67⤵
                                                                                                                                        • Drops file in Windows directory
                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                        PID:1016
                                                                                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                          C:\Windows\system32\iplog.exe
                                                                                                                                          68⤵
                                                                                                                                          • Drops file in System32 directory
                                                                                                                                          • Drops file in Windows directory
                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                          PID:2008
                                                                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                            C:\Windows\system32\iplog.exe
                                                                                                                                            69⤵
                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                            PID:3948
                                                                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                              C:\Windows\system32\iplog.exe
                                                                                                                                              70⤵
                                                                                                                                              • Drops file in Windows directory
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              PID:4712
                                                                                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                C:\Windows\system32\iplog.exe
                                                                                                                                                71⤵
                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                PID:2488
                                                                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                                                                  72⤵
                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  PID:3964
                                                                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                                                                    73⤵
                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                    PID:4752
                                                                                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                      C:\Windows\system32\iplog.exe
                                                                                                                                                      74⤵
                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      PID:3280
                                                                                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                        C:\Windows\system32\iplog.exe
                                                                                                                                                        75⤵
                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        PID:2324
                                                                                                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                          C:\Windows\system32\iplog.exe
                                                                                                                                                          76⤵
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          PID:3260
                                                                                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                            C:\Windows\system32\iplog.exe
                                                                                                                                                            77⤵
                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:1732
                                                                                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                              C:\Windows\system32\iplog.exe
                                                                                                                                                              78⤵
                                                                                                                                                                PID:1136
                                                                                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                                                                                  79⤵
                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                  PID:3672
                                                                                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                                                                                    80⤵
                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:2308
                                                                                                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                      C:\Windows\system32\iplog.exe
                                                                                                                                                                      81⤵
                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                      PID:3348
                                                                                                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                        C:\Windows\system32\iplog.exe
                                                                                                                                                                        82⤵
                                                                                                                                                                          PID:3572
                                                                                                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                            C:\Windows\system32\iplog.exe
                                                                                                                                                                            83⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:2428
                                                                                                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                              C:\Windows\system32\iplog.exe
                                                                                                                                                                              84⤵
                                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              PID:1428
                                                                                                                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                C:\Windows\system32\iplog.exe
                                                                                                                                                                                85⤵
                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                PID:4168
                                                                                                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                                                                                                  86⤵
                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                  PID:2772
                                                                                                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                                                                                                    87⤵
                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                                                    PID:4176
                                                                                                                                                                                    • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                      C:\Windows\system32\iplog.exe
                                                                                                                                                                                      88⤵
                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                      PID:1580
                                                                                                                                                                                      • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                        C:\Windows\system32\iplog.exe
                                                                                                                                                                                        89⤵
                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                        PID:3928
                                                                                                                                                                                        • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                          C:\Windows\system32\iplog.exe
                                                                                                                                                                                          90⤵
                                                                                                                                                                                          • Drops file in Windows directory
                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                          PID:748
                                                                                                                                                                                          • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                            C:\Windows\system32\iplog.exe
                                                                                                                                                                                            91⤵
                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                                                            PID:3576
                                                                                                                                                                                            • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                              C:\Windows\system32\iplog.exe
                                                                                                                                                                                              92⤵
                                                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                                                              PID:1940
                                                                                                                                                                                              • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                                C:\Windows\system32\iplog.exe
                                                                                                                                                                                                93⤵
                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                PID:2072
                                                                                                                                                                                                • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                                  C:\Windows\system32\iplog.exe
                                                                                                                                                                                                  94⤵
                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                  PID:676
                                                                                                                                                                                                  • C:\Windows\SysWOW64\iplog.exe
                                                                                                                                                                                                    C:\Windows\system32\iplog.exe
                                                                                                                                                                                                    95⤵
                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                    PID:1808

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\iplog.exe
        Filesize

        238KB

        MD5

        c0b6ad65dd559b72bc3e8ac9a0931a49

        SHA1

        0fdac98ec965cee92e3fe11e6b9eb7a40a98dab6

        SHA256

        53b344f6557bcf013ec2f7bc87c490c4d565ef0c1bebdddf66be9536e38493d1

        SHA512

        5d7288b4619b10fd25590f69c32ee0bf56b6011f4e2e4c73c18e651bca85b60d318a4bf2ef4e528b555c8e56e81330f93cea262e76d14640e29026e176b2e6c3

        Download Submit

      • C:\Windows\SysWOW64\logkey.ini
        Filesize

        50B

        MD5

        798e9d09e53254c0e70dd121cf63419b

        SHA1

        3b240d9315d03a03d447d7e48038b1d4a17e8167

        SHA256

        51355a51199fd9af5654338e100c392da2fa7d30e42ed3314be20edaa4969ec3

        SHA512

        e67804418a45570045cc52507333b6af1904e3b7f415cb1b58fb1af3887d6bc3d199db4aeac8c598d78370edc9a9870e2638475ac702281045923b86871ac5df

        Download Submit

      • C:\Windows\sk.exe
        Filesize

        238KB

        MD5

        a954bd3c2be496fc9d476a944f9942e6

        SHA1

        e7b9dd17a1d963d7675af5545b7794ef61fd9721

        SHA256

        68c9c674a56e6dbff3847b2f687f9bc72a96d599b039d2b486b9e9102827d926

        SHA512

        dc6cbd2df26bb3c3f605af26213bc97439cff9fbb011cbe3ac300d07d867e33ee36304c307e1a5b178b899062846230acc7642d0d0f4d7c20db893b277a1f99f

        Download Submit

      • memory/208-179-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/384-11-0x0000000000660000-0x0000000000661000-memory.dmp

        Filesize

        4KB

        Download

      • memory/384-20-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/436-290-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/628-141-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/748-158-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/748-151-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/776-355-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/924-113-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/948-393-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1004-103-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1016-403-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1040-208-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1052-285-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1136-460-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1176-149-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1344-299-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1396-164-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1396-159-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1428-489-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1432-66-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1432-76-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1508-270-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1568-252-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1580-506-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1580-511-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1624-193-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1664-379-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1732-455-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1760-57-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1812-169-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1928-32-0x0000000000760000-0x0000000000761000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1928-31-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1928-40-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2008-408-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2020-247-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2104-344-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2152-218-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2180-314-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2240-304-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2264-388-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2300-334-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2308-490-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2324-440-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2324-445-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2336-242-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2372-95-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2372-84-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2428-484-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2480-203-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2488-424-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2584-329-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2620-123-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2620-132-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2668-294-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2684-256-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2712-398-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2772-500-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2780-122-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2892-319-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3120-339-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3148-350-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3148-345-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3236-374-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3240-30-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3240-21-0x0000000000650000-0x0000000000651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3256-223-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3260-450-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3264-67-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3280-439-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3348-474-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3492-232-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3512-49-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3516-280-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3572-479-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3672-465-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3672-213-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3892-184-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3928-516-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3948-413-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3964-429-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/3992-266-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4044-369-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4084-228-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4148-364-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4168-495-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4176-505-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4332-261-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4516-188-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4544-324-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4664-309-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4712-419-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4712-414-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4752-434-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4896-86-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4896-383-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4992-1-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4992-0-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4992-10-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/5012-198-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/5068-360-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/5076-174-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/5088-237-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/5092-275-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download