Analysis
-
max time kernel
73s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/09/2024, 11:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
14 signatures
150 seconds
General
-
Target
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe
-
Size
3.2MB
-
MD5
d62da64ea2fe5ff1e73e8e466348ead2
-
SHA1
8f4fac662b3cd339d06598b62de05ad5e0191fa3
-
SHA256
6a4e14d5d843a9a9a472b77c76f5cc81c02a9929ceb2b07011bb9be34028ed8f
-
SHA512
9efa58806ad0be2efa1f65ec36f3748bc1495bfca6c803598b78a20a72ef09730fad63c46c3c869ae936fae6f2a8b1e936fa9bba2345ec0f539d092f2f2411fc
-
SSDEEP
49152:oV2kFLjLZaYWVe1JxQEOWVhQxZLuDLNFuyO3bu8yF3val1mj01vFkTST8xZ16pd+:o/FXLYrcCEO9LsJFuhLuO3NqfxZsYr
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts _TMP.EXE File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe -
Executes dropped EXE 64 IoCs
pid Process 2120 _TMP.EXE 2556 SETUP.EXE 1692 _TMP.EXE 2732 btorrentcli.exe 2172 btorrentcli.exe 2576 btorrentcli.exe 1020 btorrentcli.exe 2928 btorrentcli.exe 536 btorrentcli.exe 2888 btorrentcli.exe 2552 btorrentcli.exe 488 btorrentcli.exe 1572 btorrentcli.exe 1784 btorrentcli.exe 1528 btorrentcli.exe 1940 btorrentcli.exe 1416 btorrentcli.exe 2992 btorrentcli.exe 1632 btorrentcli.exe 2708 btorrentcli.exe 2588 btorrentcli.exe 2736 btorrentcli.exe 2628 btorrentcli.exe 2012 btorrentcli.exe 1088 btorrentcli.exe 1864 btorrentcli.exe 2928 btorrentcli.exe 1348 btorrentcli.exe 2232 btorrentcli.exe 2968 btorrentcli.exe 440 btorrentcli.exe 1844 btorrentcli.exe 3024 btorrentcli.exe 1784 btorrentcli.exe 1400 btorrentcli.exe 1952 btorrentcli.exe 3008 btorrentcli.exe 1604 btorrentcli.exe 2120 btorrentcli.exe 2452 btorrentcli.exe 2708 btorrentcli.exe 2212 btorrentcli.exe 2156 btorrentcli.exe 2420 btorrentcli.exe 2944 btorrentcli.exe 1440 btorrentcli.exe 832 btorrentcli.exe 2432 btorrentcli.exe 112 btorrentcli.exe 1228 btorrentcli.exe 900 btorrentcli.exe 1464 btorrentcli.exe 276 btorrentcli.exe 1504 btorrentcli.exe 568 btorrentcli.exe 2092 btorrentcli.exe 2260 btorrentcli.exe 2056 btorrentcli.exe 2704 btorrentcli.exe 2860 btorrentcli.exe 2684 btorrentcli.exe 2636 btorrentcli.exe 2796 btorrentcli.exe 2316 btorrentcli.exe -
Loads dropped DLL 64 IoCs
pid Process 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 2120 _TMP.EXE 2556 SETUP.EXE 1692 _TMP.EXE 1692 _TMP.EXE 2732 btorrentcli.exe 2172 btorrentcli.exe 2172 btorrentcli.exe 2556 SETUP.EXE 2576 btorrentcli.exe 1020 btorrentcli.exe 1020 btorrentcli.exe 536 btorrentcli.exe 536 btorrentcli.exe 2552 btorrentcli.exe 2552 btorrentcli.exe 1572 btorrentcli.exe 1572 btorrentcli.exe 1528 btorrentcli.exe 1528 btorrentcli.exe 1416 btorrentcli.exe 1416 btorrentcli.exe 1632 btorrentcli.exe 1632 btorrentcli.exe 2588 btorrentcli.exe 2588 btorrentcli.exe 2628 btorrentcli.exe 2628 btorrentcli.exe 1088 btorrentcli.exe 1088 btorrentcli.exe 2928 btorrentcli.exe 2928 btorrentcli.exe 2232 btorrentcli.exe 2232 btorrentcli.exe 440 btorrentcli.exe 440 btorrentcli.exe 3024 btorrentcli.exe 3024 btorrentcli.exe 1400 btorrentcli.exe 1400 btorrentcli.exe 3008 btorrentcli.exe 3008 btorrentcli.exe 2120 btorrentcli.exe 2120 btorrentcli.exe 2708 btorrentcli.exe 2708 btorrentcli.exe 2156 btorrentcli.exe 2156 btorrentcli.exe 2944 btorrentcli.exe 2944 btorrentcli.exe 832 btorrentcli.exe 832 btorrentcli.exe 112 btorrentcli.exe 112 btorrentcli.exe 900 btorrentcli.exe 900 btorrentcli.exe 276 btorrentcli.exe 276 btorrentcli.exe 568 btorrentcli.exe 568 btorrentcli.exe 2260 btorrentcli.exe 2260 btorrentcli.exe 2704 btorrentcli.exe -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" _TMP.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 2120 set thread context of 1692 2120 _TMP.EXE 33 PID 2732 set thread context of 2172 2732 btorrentcli.exe 37 PID 2576 set thread context of 1020 2576 btorrentcli.exe 41 PID 2928 set thread context of 536 2928 btorrentcli.exe 44 PID 2888 set thread context of 2552 2888 btorrentcli.exe 49 PID 488 set thread context of 1572 488 btorrentcli.exe 53 PID 1784 set thread context of 1528 1784 btorrentcli.exe 57 PID 1940 set thread context of 1416 1940 btorrentcli.exe 61 PID 2992 set thread context of 1632 2992 btorrentcli.exe 65 PID 2708 set thread context of 2588 2708 btorrentcli.exe 69 PID 2736 set thread context of 2628 2736 btorrentcli.exe 73 PID 2012 set thread context of 1088 2012 btorrentcli.exe 77 PID 1864 set thread context of 2928 1864 btorrentcli.exe 81 PID 1348 set thread context of 2232 1348 btorrentcli.exe 85 PID 2968 set thread context of 440 2968 btorrentcli.exe 89 PID 1844 set thread context of 3024 1844 btorrentcli.exe 93 PID 1784 set thread context of 1400 1784 btorrentcli.exe 97 PID 1952 set thread context of 3008 1952 btorrentcli.exe 101 PID 1604 set thread context of 2120 1604 btorrentcli.exe 105 PID 2452 set thread context of 2708 2452 btorrentcli.exe 109 PID 2212 set thread context of 2156 2212 btorrentcli.exe 113 PID 2420 set thread context of 2944 2420 btorrentcli.exe 117 PID 1440 set thread context of 832 1440 btorrentcli.exe 121 PID 2432 set thread context of 112 2432 btorrentcli.exe 125 PID 1228 set thread context of 900 1228 btorrentcli.exe 129 PID 1464 set thread context of 276 1464 btorrentcli.exe 133 PID 1504 set thread context of 568 1504 btorrentcli.exe 137 PID 2092 set thread context of 2260 2092 btorrentcli.exe 141 PID 2056 set thread context of 2704 2056 btorrentcli.exe 145 PID 2860 set thread context of 2684 2860 btorrentcli.exe 149 PID 2636 set thread context of 2796 2636 btorrentcli.exe 264 PID 2316 set thread context of 2872 2316 btorrentcli.exe 157 PID 1440 set thread context of 2764 1440 btorrentcli.exe 161 PID 1700 set thread context of 1148 1700 btorrentcli.exe 165 PID 1228 set thread context of 1336 1228 btorrentcli.exe 169 PID 1464 set thread context of 824 1464 btorrentcli.exe 173 PID 944 set thread context of 1492 944 btorrentcli.exe 177 PID 2520 set thread context of 1296 2520 btorrentcli.exe 181 PID 2000 set thread context of 2696 2000 btorrentcli.exe 185 PID 2984 set thread context of 2828 2984 btorrentcli.exe 189 PID 2144 set thread context of 1436 2144 btorrentcli.exe 193 PID 2316 set thread context of 1932 2316 btorrentcli.exe 197 PID 336 set thread context of 2188 336 btorrentcli.exe 201 PID 1860 set thread context of 2964 1860 btorrentcli.exe 205 PID 928 set thread context of 1732 928 btorrentcli.exe 209 PID 636 set thread context of 2020 636 btorrentcli.exe 213 PID 2152 set thread context of 236 2152 btorrentcli.exe 217 PID 2392 set thread context of 2408 2392 btorrentcli.exe 259 PID 2800 set thread context of 2984 2800 btorrentcli.exe 225 PID 2836 set thread context of 2144 2836 btorrentcli.exe 229 PID 2208 set thread context of 2484 2208 btorrentcli.exe 233 PID 2200 set thread context of 676 2200 btorrentcli.exe 237 PID 1960 set thread context of 1860 1960 btorrentcli.exe 279 PID 2004 set thread context of 1224 2004 btorrentcli.exe 245 PID 1612 set thread context of 1468 1612 btorrentcli.exe 249 PID 836 set thread context of 2152 836 btorrentcli.exe 253 PID 2980 set thread context of 2792 2980 btorrentcli.exe 257 PID 2616 set thread context of 2160 2616 btorrentcli.exe 261 PID 2736 set thread context of 564 2736 btorrentcli.exe 265 PID 772 set thread context of 2136 772 btorrentcli.exe 269 PID 2936 set thread context of 1048 2936 btorrentcli.exe 273 PID 2272 set thread context of 1880 2272 btorrentcli.exe 277 PID 844 set thread context of 2264 844 btorrentcli.exe 281 PID 1272 set thread context of 2036 1272 btorrentcli.exe 285 -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Hyena.MIF SETUP.EXE -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 1692 _TMP.EXE Token: SeIncBasePriorityPrivilege 2172 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1020 btorrentcli.exe Token: SeIncBasePriorityPrivilege 536 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2552 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1572 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1528 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1416 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1632 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2588 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2628 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1088 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2928 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2232 btorrentcli.exe Token: SeIncBasePriorityPrivilege 440 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3024 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1400 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3008 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2120 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2708 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2156 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2944 btorrentcli.exe Token: SeIncBasePriorityPrivilege 832 btorrentcli.exe Token: SeIncBasePriorityPrivilege 112 btorrentcli.exe Token: SeIncBasePriorityPrivilege 900 btorrentcli.exe Token: SeIncBasePriorityPrivilege 276 btorrentcli.exe Token: SeIncBasePriorityPrivilege 568 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2260 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2704 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2684 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2796 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2872 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2764 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1148 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1336 btorrentcli.exe Token: SeIncBasePriorityPrivilege 824 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1492 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1296 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2696 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2828 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1436 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1932 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2188 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2964 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1732 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2020 btorrentcli.exe Token: SeIncBasePriorityPrivilege 236 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2408 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2984 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2144 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2484 btorrentcli.exe Token: SeIncBasePriorityPrivilege 676 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1860 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1224 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1468 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2152 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2792 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2160 btorrentcli.exe Token: SeIncBasePriorityPrivilege 564 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2136 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1048 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1880 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2264 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2036 btorrentcli.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2516 wrote to memory of 2120 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 31 PID 2516 wrote to memory of 2120 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 31 PID 2516 wrote to memory of 2120 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 31 PID 2516 wrote to memory of 2120 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 31 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2516 wrote to memory of 2556 2516 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 32 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 2120 wrote to memory of 1692 2120 _TMP.EXE 33 PID 1692 wrote to memory of 2732 1692 _TMP.EXE 34 PID 1692 wrote to memory of 2732 1692 _TMP.EXE 34 PID 1692 wrote to memory of 2732 1692 _TMP.EXE 34 PID 1692 wrote to memory of 2732 1692 _TMP.EXE 34 PID 1692 wrote to memory of 2808 1692 _TMP.EXE 35 PID 1692 wrote to memory of 2808 1692 _TMP.EXE 35 PID 1692 wrote to memory of 2808 1692 _TMP.EXE 35 PID 1692 wrote to memory of 2808 1692 _TMP.EXE 35 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2732 wrote to memory of 2172 2732 btorrentcli.exe 37 PID 2172 wrote to memory of 2576 2172 btorrentcli.exe 38 PID 2172 wrote to memory of 2576 2172 btorrentcli.exe 38 PID 2172 wrote to memory of 2576 2172 btorrentcli.exe 38 PID 2172 wrote to memory of 2576 2172 btorrentcli.exe 38 PID 2172 wrote to memory of 2160 2172 btorrentcli.exe 39 PID 2172 wrote to memory of 2160 2172 btorrentcli.exe 39 PID 2172 wrote to memory of 2160 2172 btorrentcli.exe 39 PID 2172 wrote to memory of 2160 2172 btorrentcli.exe 39 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 2576 wrote to memory of 1020 2576 btorrentcli.exe 41 PID 1020 wrote to memory of 2928 1020 btorrentcli.exe 42 PID 1020 wrote to memory of 2928 1020 btorrentcli.exe 42 PID 1020 wrote to memory of 2928 1020 btorrentcli.exe 42 PID 1020 wrote to memory of 2928 1020 btorrentcli.exe 42 PID 1020 wrote to memory of 2816 1020 btorrentcli.exe 43 PID 1020 wrote to memory of 2816 1020 btorrentcli.exe 43 PID 1020 wrote to memory of 2816 1020 btorrentcli.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2576 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2928 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:536 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2888 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2552 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:488 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"13⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1572 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1784 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"15⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1528 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"16⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1940 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1416 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"18⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2992 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"19⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1632 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"20⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2708 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"21⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2588 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"22⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2736 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2628 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"24⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2012 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1088 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"26⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1864 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2928 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"28⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1348 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:2232 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"30⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2968 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:440 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"32⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1844 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"33⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3024 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"34⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1784 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"35⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1400 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"36⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1952 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"37⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3008 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"38⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1604 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"39⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2120 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"40⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2452 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"41⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2708 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"42⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2212 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"43⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2156 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"44⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2420 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"45⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2944 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"46⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1440 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"47⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:832 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"48⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2432 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"49⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:112 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"50⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1228 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"51⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:900 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"52⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1464 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"53⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:276 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"54⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1504 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"55⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:568 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"56⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2092 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"57⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2260 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"58⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2056 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"59⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2704 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"60⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2860 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"61⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2684 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"62⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2636 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"63⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:2796 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"64⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2316 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"65⤵
- Drops file in Drivers directory
- Suspicious use of AdjustPrivilegeToken
PID:2872 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"66⤵
- Suspicious use of SetThreadContext
PID:1440 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"67⤵
- Suspicious use of AdjustPrivilegeToken
PID:2764 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"68⤵
- Suspicious use of SetThreadContext
PID:1700 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"69⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1148 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"70⤵
- Suspicious use of SetThreadContext
PID:1228 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"71⤵
- Suspicious use of AdjustPrivilegeToken
PID:1336 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"72⤵
- Suspicious use of SetThreadContext
PID:1464 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"73⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:824 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"74⤵
- Suspicious use of SetThreadContext
PID:944 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"75⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1492 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"76⤵
- Suspicious use of SetThreadContext
PID:2520 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"77⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1296 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"78⤵
- Suspicious use of SetThreadContext
PID:2000 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"79⤵
- Suspicious use of AdjustPrivilegeToken
PID:2696 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"80⤵
- Suspicious use of SetThreadContext
PID:2984 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"81⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2828 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"82⤵
- Suspicious use of SetThreadContext
PID:2144 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"83⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1436 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"84⤵
- Suspicious use of SetThreadContext
PID:2316 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"85⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1932 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"86⤵
- Suspicious use of SetThreadContext
PID:336 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"87⤵
- Suspicious use of AdjustPrivilegeToken
PID:2188 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"88⤵
- Suspicious use of SetThreadContext
PID:1860 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"89⤵
- Suspicious use of AdjustPrivilegeToken
PID:2964 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"90⤵
- Suspicious use of SetThreadContext
PID:928 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"91⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1732 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"92⤵
- Suspicious use of SetThreadContext
PID:636 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"93⤵
- Suspicious use of AdjustPrivilegeToken
PID:2020 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"94⤵
- Suspicious use of SetThreadContext
PID:2152 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"95⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:236 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"96⤵
- Suspicious use of SetThreadContext
PID:2392 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"97⤵
- Suspicious use of AdjustPrivilegeToken
PID:2408 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"98⤵
- Suspicious use of SetThreadContext
PID:2800 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"99⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2984 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"100⤵
- Suspicious use of SetThreadContext
PID:2836 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"101⤵
- Drops file in Drivers directory
- Suspicious use of AdjustPrivilegeToken
PID:2144 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"102⤵
- Suspicious use of SetThreadContext
PID:2208 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"103⤵
- Suspicious use of AdjustPrivilegeToken
PID:2484 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"104⤵
- Suspicious use of SetThreadContext
PID:2200 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"105⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:676 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"106⤵
- Suspicious use of SetThreadContext
PID:1960 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"107⤵
- Suspicious use of AdjustPrivilegeToken
PID:1860 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"108⤵
- Suspicious use of SetThreadContext
PID:2004 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"109⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1224 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"110⤵
- Suspicious use of SetThreadContext
PID:1612 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"111⤵
- Drops file in Drivers directory
- Suspicious use of AdjustPrivilegeToken
PID:1468 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"112⤵
- Suspicious use of SetThreadContext
PID:836 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"113⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:2152 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"114⤵
- Suspicious use of SetThreadContext
PID:2980 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"115⤵
- Suspicious use of AdjustPrivilegeToken
PID:2792 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"116⤵
- Suspicious use of SetThreadContext
PID:2616 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"117⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2160 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"118⤵
- Suspicious use of SetThreadContext
PID:2736 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"119⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:564 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"120⤵
- Suspicious use of SetThreadContext
PID:772 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"121⤵
- Drops file in Drivers directory
- Suspicious use of AdjustPrivilegeToken
PID:2136
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-