Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07/09/2024, 06:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe
-
Size
65KB
-
MD5
d14dfb8f410d26e5bc97924b85fcd75a
-
SHA1
e80ea0ca2fa700ae7247d5b7f5ceaa0dd54821c6
-
SHA256
3b6d0a9b35acff3700a13a5dcede039112ab07f165366217aeb82be9d3cb19ab
-
SHA512
e1e3b40972e1394fe7f6ed04e4b7657f78f78dba68124268493a39d19cf99894e606790b526aad5d7366a79a523197d56bc20fc6da80942febb1a86d2aaf9e0f
-
SSDEEP
1536:br1lpvB0CVz20s881t/DjebgCuP3axE31X469SQSIJ9:Vlpv5i5bjNCuvLFt9SBIJ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 3052 mdmi386.exe 2200 mdmi386.exe 3060 mdmi386.exe 2736 mdmi386.exe 2840 mdmi386.exe 2780 mdmi386.exe 2348 mdmi386.exe 2872 mdmi386.exe 2652 mdmi386.exe 2792 mdmi386.exe 2856 mdmi386.exe 2676 mdmi386.exe 2796 mdmi386.exe 2328 mdmi386.exe 2644 mdmi386.exe 684 mdmi386.exe 1500 mdmi386.exe 2616 mdmi386.exe 1940 mdmi386.exe 2600 mdmi386.exe 1200 mdmi386.exe 2140 mdmi386.exe 992 mdmi386.exe 1516 mdmi386.exe 1104 mdmi386.exe 1768 mdmi386.exe 3040 mdmi386.exe 2968 mdmi386.exe 2972 mdmi386.exe 2716 mdmi386.exe 2396 mdmi386.exe 2224 mdmi386.exe 2300 mdmi386.exe 1668 mdmi386.exe 2400 mdmi386.exe 2312 mdmi386.exe 2296 mdmi386.exe 1052 mdmi386.exe 1332 mdmi386.exe 1964 mdmi386.exe 924 mdmi386.exe 648 mdmi386.exe 444 mdmi386.exe 2336 mdmi386.exe 1928 mdmi386.exe 2256 mdmi386.exe 972 mdmi386.exe 1628 mdmi386.exe 1484 mdmi386.exe 2208 mdmi386.exe 1532 mdmi386.exe 1064 mdmi386.exe 3004 mdmi386.exe 1948 mdmi386.exe 1032 mdmi386.exe 2380 mdmi386.exe 2096 mdmi386.exe 1788 mdmi386.exe 1784 mdmi386.exe 880 mdmi386.exe 1592 mdmi386.exe 884 mdmi386.exe 2364 mdmi386.exe 1960 mdmi386.exe -
Loads dropped DLL 64 IoCs
pid Process 3032 d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe 3032 d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe 3052 mdmi386.exe 3052 mdmi386.exe 2200 mdmi386.exe 2200 mdmi386.exe 3060 mdmi386.exe 3060 mdmi386.exe 2736 mdmi386.exe 2736 mdmi386.exe 2840 mdmi386.exe 2840 mdmi386.exe 2780 mdmi386.exe 2780 mdmi386.exe 2348 mdmi386.exe 2348 mdmi386.exe 2872 mdmi386.exe 2872 mdmi386.exe 2652 mdmi386.exe 2652 mdmi386.exe 2792 mdmi386.exe 2792 mdmi386.exe 2856 mdmi386.exe 2856 mdmi386.exe 2676 mdmi386.exe 2676 mdmi386.exe 2796 mdmi386.exe 2796 mdmi386.exe 2328 mdmi386.exe 2328 mdmi386.exe 2644 mdmi386.exe 2644 mdmi386.exe 684 mdmi386.exe 684 mdmi386.exe 1500 mdmi386.exe 1500 mdmi386.exe 2616 mdmi386.exe 2616 mdmi386.exe 1940 mdmi386.exe 1940 mdmi386.exe 2600 mdmi386.exe 2600 mdmi386.exe 1200 mdmi386.exe 1200 mdmi386.exe 2140 mdmi386.exe 2140 mdmi386.exe 992 mdmi386.exe 992 mdmi386.exe 1516 mdmi386.exe 1516 mdmi386.exe 1104 mdmi386.exe 1104 mdmi386.exe 1768 mdmi386.exe 1768 mdmi386.exe 3040 mdmi386.exe 3040 mdmi386.exe 2968 mdmi386.exe 2968 mdmi386.exe 2972 mdmi386.exe 2972 mdmi386.exe 2716 mdmi386.exe 2716 mdmi386.exe 2396 mdmi386.exe 2396 mdmi386.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe mdmi386.exe File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found File created C:\Windows\SysWOW64\mdmi386.exe Process not Found -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mdmi386.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3032 wrote to memory of 3052 3032 d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe 30 PID 3032 wrote to memory of 3052 3032 d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe 30 PID 3032 wrote to memory of 3052 3032 d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe 30 PID 3032 wrote to memory of 3052 3032 d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe 30 PID 3052 wrote to memory of 2200 3052 mdmi386.exe 31 PID 3052 wrote to memory of 2200 3052 mdmi386.exe 31 PID 3052 wrote to memory of 2200 3052 mdmi386.exe 31 PID 3052 wrote to memory of 2200 3052 mdmi386.exe 31 PID 2200 wrote to memory of 3060 2200 mdmi386.exe 32 PID 2200 wrote to memory of 3060 2200 mdmi386.exe 32 PID 2200 wrote to memory of 3060 2200 mdmi386.exe 32 PID 2200 wrote to memory of 3060 2200 mdmi386.exe 32 PID 3060 wrote to memory of 2736 3060 mdmi386.exe 33 PID 3060 wrote to memory of 2736 3060 mdmi386.exe 33 PID 3060 wrote to memory of 2736 3060 mdmi386.exe 33 PID 3060 wrote to memory of 2736 3060 mdmi386.exe 33 PID 2736 wrote to memory of 2840 2736 mdmi386.exe 34 PID 2736 wrote to memory of 2840 2736 mdmi386.exe 34 PID 2736 wrote to memory of 2840 2736 mdmi386.exe 34 PID 2736 wrote to memory of 2840 2736 mdmi386.exe 34 PID 2840 wrote to memory of 2780 2840 mdmi386.exe 35 PID 2840 wrote to memory of 2780 2840 mdmi386.exe 35 PID 2840 wrote to memory of 2780 2840 mdmi386.exe 35 PID 2840 wrote to memory of 2780 2840 mdmi386.exe 35 PID 2780 wrote to memory of 2348 2780 mdmi386.exe 36 PID 2780 wrote to memory of 2348 2780 mdmi386.exe 36 PID 2780 wrote to memory of 2348 2780 mdmi386.exe 36 PID 2780 wrote to memory of 2348 2780 mdmi386.exe 36 PID 2348 wrote to memory of 2872 2348 mdmi386.exe 37 PID 2348 wrote to memory of 2872 2348 mdmi386.exe 37 PID 2348 wrote to memory of 2872 2348 mdmi386.exe 37 PID 2348 wrote to memory of 2872 2348 mdmi386.exe 37 PID 2872 wrote to memory of 2652 2872 mdmi386.exe 38 PID 2872 wrote to memory of 2652 2872 mdmi386.exe 38 PID 2872 wrote to memory of 2652 2872 mdmi386.exe 38 PID 2872 wrote to memory of 2652 2872 mdmi386.exe 38 PID 2652 wrote to memory of 2792 2652 mdmi386.exe 39 PID 2652 wrote to memory of 2792 2652 mdmi386.exe 39 PID 2652 wrote to memory of 2792 2652 mdmi386.exe 39 PID 2652 wrote to memory of 2792 2652 mdmi386.exe 39 PID 2792 wrote to memory of 2856 2792 mdmi386.exe 40 PID 2792 wrote to memory of 2856 2792 mdmi386.exe 40 PID 2792 wrote to memory of 2856 2792 mdmi386.exe 40 PID 2792 wrote to memory of 2856 2792 mdmi386.exe 40 PID 2856 wrote to memory of 2676 2856 mdmi386.exe 41 PID 2856 wrote to memory of 2676 2856 mdmi386.exe 41 PID 2856 wrote to memory of 2676 2856 mdmi386.exe 41 PID 2856 wrote to memory of 2676 2856 mdmi386.exe 41 PID 2676 wrote to memory of 2796 2676 mdmi386.exe 42 PID 2676 wrote to memory of 2796 2676 mdmi386.exe 42 PID 2676 wrote to memory of 2796 2676 mdmi386.exe 42 PID 2676 wrote to memory of 2796 2676 mdmi386.exe 42 PID 2796 wrote to memory of 2328 2796 mdmi386.exe 43 PID 2796 wrote to memory of 2328 2796 mdmi386.exe 43 PID 2796 wrote to memory of 2328 2796 mdmi386.exe 43 PID 2796 wrote to memory of 2328 2796 mdmi386.exe 43 PID 2328 wrote to memory of 2644 2328 mdmi386.exe 44 PID 2328 wrote to memory of 2644 2328 mdmi386.exe 44 PID 2328 wrote to memory of 2644 2328 mdmi386.exe 44 PID 2328 wrote to memory of 2644 2328 mdmi386.exe 44 PID 2644 wrote to memory of 684 2644 mdmi386.exe 45 PID 2644 wrote to memory of 684 2644 mdmi386.exe 45 PID 2644 wrote to memory of 684 2644 mdmi386.exe 45 PID 2644 wrote to memory of 684 2644 mdmi386.exe 45
Processes
-
C:\Users\Admin\AppData\Local\Temp\d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d14dfb8f410d26e5bc97924b85fcd75a_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
PID:684 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1500 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2616 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1940 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2600 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1200 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2140 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:992 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1516 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1104 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1768 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3040 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2968 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2972 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2716 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2396 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"33⤵
- Executes dropped EXE
PID:2224 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"34⤵
- Executes dropped EXE
PID:2300 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"35⤵
- Executes dropped EXE
PID:1668 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"36⤵
- Executes dropped EXE
PID:2400 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"37⤵
- Executes dropped EXE
PID:2312 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"38⤵
- Executes dropped EXE
PID:2296 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"39⤵
- Executes dropped EXE
PID:1052 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"40⤵
- Executes dropped EXE
PID:1332 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"41⤵
- Executes dropped EXE
PID:1964 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"42⤵
- Executes dropped EXE
PID:924 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"43⤵
- Executes dropped EXE
PID:648 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"44⤵
- Executes dropped EXE
PID:444 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"45⤵
- Executes dropped EXE
PID:2336 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"46⤵
- Executes dropped EXE
PID:1928 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"47⤵
- Executes dropped EXE
PID:2256 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"48⤵
- Executes dropped EXE
PID:972 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"49⤵
- Executes dropped EXE
PID:1628 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"50⤵
- Executes dropped EXE
PID:1484 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"51⤵
- Executes dropped EXE
PID:2208 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1532 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"53⤵
- Executes dropped EXE
PID:1064 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"54⤵
- Executes dropped EXE
PID:3004 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"55⤵
- Executes dropped EXE
PID:1948 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"56⤵
- Executes dropped EXE
PID:1032 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"57⤵
- Executes dropped EXE
PID:2380 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"58⤵
- Executes dropped EXE
PID:2096 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"59⤵
- Executes dropped EXE
PID:1788 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"60⤵
- Executes dropped EXE
PID:1784 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"61⤵
- Executes dropped EXE
PID:880 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"62⤵
- Executes dropped EXE
PID:1592 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"63⤵
- Executes dropped EXE
PID:884 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"64⤵
- Executes dropped EXE
PID:2364 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"65⤵
- Executes dropped EXE
PID:1960 -
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"66⤵PID:1912
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"67⤵PID:2508
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"68⤵PID:2904
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"69⤵PID:2548
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"70⤵PID:1636
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"71⤵PID:2472
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"72⤵PID:1564
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"73⤵PID:1456
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"74⤵PID:1872
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"75⤵PID:1864
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"76⤵PID:2476
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"77⤵PID:2564
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"78⤵PID:2120
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"79⤵PID:1820
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"80⤵PID:1268
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"81⤵PID:276
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"82⤵PID:2432
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"83⤵PID:2340
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"84⤵PID:3032
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"85⤵PID:2024
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"86⤵PID:2576
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"87⤵PID:2592
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"88⤵PID:2976
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"89⤵PID:2172
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"90⤵PID:2012
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"91⤵PID:3060
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"92⤵PID:1612
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"93⤵PID:3048
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"94⤵PID:1316
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"95⤵PID:320
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"96⤵PID:2720
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"97⤵PID:2756
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"98⤵PID:2152
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"99⤵PID:2836
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"100⤵PID:2732
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"101⤵PID:2864
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"102⤵PID:2828
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"103⤵PID:2772
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"104⤵PID:2900
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"105⤵PID:3056
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"106⤵PID:2664
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"107⤵PID:2896
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"108⤵PID:2920
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"109⤵PID:2168
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"110⤵PID:2892
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"111⤵PID:2888
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"112⤵PID:2632
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"113⤵PID:2624
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"114⤵PID:2692
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"115⤵PID:2700
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"116⤵PID:1764
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"117⤵PID:3068
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"118⤵PID:2796
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"119⤵PID:2288
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"120⤵PID:1932
-
C:\Windows\SysWOW64\mdmi386.exe"mdmi386.exe"121⤵PID:1752
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-