Analysis
-
max time kernel
147s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
12-10-2024 13:01
General
-
Target
3a267cfdc8cb0a4126c439e028fc46b2_JaffaCakes118.exe
-
Size
124KB
-
MD5
3a267cfdc8cb0a4126c439e028fc46b2
-
SHA1
7635d7ac8308155d259484461c9da243da18c6bd
-
SHA256
e00016ae3f99c81e04e916f5476fc1d965f5553572f4b7b81c6d7f1209f8f807
-
SHA512
1d2ae1a8a9e22ab5bbeda306faf5bb1fa29bf5704b57a19ee04fdac8173415d7449c7ac1cc2a719788c7cc5d183450624300e091bcf43a9cc45b0fe8298e470a
-
SSDEEP
768:/0xUM1fz0WPBTKLijLzwvxqbtAHG15hGzpAnvCZgWyrB8aywc+57Tyw0ewDteA4V:u5T6imGtFTR8BGgz6OiT6iX
Score
8/10
Malware Config
Signatures
-
Disables RegEdit via registry modification 46 IoCs
-
Adds Run key to start application 2 TTPs 46 IoCs
-
Drops file in System32 directory 6 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies Internet Explorer start page 1 TTPs 46 IoCs
-
Modifies registry class 64 IoCs
-
Runs .reg file with regedit 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a267cfdc8cb0a4126c439e028fc46b2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3a267cfdc8cb0a4126c439e028fc46b2_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\WINDOWS\system32\8.bat2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\1.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\2.reg2⤵
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\3.reg2⤵
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\4.reg2⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\WINDOWS\system32\5.reg2⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
557B
MD5066019dffcca73a50173cece9ecda48e
SHA1e235ac3df1591aba0c127bc33dce60e61deca6b0
SHA256c90d7fd8caee732fdb95baf724ad03ab18a5f16f4cc7849ecff76544e311b941
SHA512aeff739a01012dc1f0dcbe92aac3ad8a5eda05721dab2abe51b24fcdba23111de030da6379074906ccc4b6f1d448b27197d86596dadd109f1bf44a07e47ffa45
-
Filesize
162B
MD567eb522f01ddf3540a1423d94bdca031
SHA15a70dfa47d9a7873f28d4fc1012536f023c35d1a
SHA2562db7d61eb3af901cb76b221ab52c721139d84fc467c25daa6a5b91198208c849
SHA5128d13094b1202f1b01ef0e4a16282e09e14fa28e8dfe7dec59dd7bbf8c03ab0313996f71f4446e8f4e0a1a42f59bae4e465eaf8434c536fec8a77c2e64910cec2
-
Filesize
150B
MD5c108d1477b9a9556017d3f082e9535fb
SHA10a6eabe5bf50bb111402b15c226511af118361df
SHA256bd9e6ddbd2361c2bdb74f98c295146989e96d606f0fef5b2c91ec86b6c29f20b
SHA5120d34c36d7ada05dcea4d74246ccf440011ff74c17a43eb8390fe6eb19cd8041f72e994cc64c3c33f92cc6c39e84c84359430fc34de678e6278f0493cfe9bca6f
-
Filesize
160B
MD5c6fbbff5fa1aca2a29088303fdb77053
SHA1c50c4c767298a3342075eab37c9f96725e76bbe1
SHA2560f2d8c9204c0d3cc12baae200dd81badbaf4e12d348596cb893d52779e9a697a
SHA51248020c19de8c2f3d5016b55b2605481760ec209637b1300f192780d2ee6e037724bf5f622801811bdfeda3d35a366fb12064ae9823f8b0803341802d0cf3212f
-
Filesize
427B
MD51a0ac885aa4c434f2ebfa6bfdf782819
SHA1538fbc3c82db8468f4ec9bf8a3dedb0c13794431
SHA256f7ad06cce6741d3dc6beb16b4dc6de9d443d52dcdcd1d4f7c2229d177c95989a
SHA512efd2e15825393caaa7e61ac8687661203a69191a32fc28ce94019bcb44b0b96b3b50fdddd45a26d62a6603608ed12c5fcf28769796229adf317c5db7e84f1b0c
-
Filesize
11KB
MD516b229fdb7eaf32fd45e65683e862286
SHA1f5e06d185e409714fe8ab83cc4b10423ac630b09
SHA256e66a3e0bf8d91aad7cfc1fc491222da4b8896748007d811c66d1ece60bd25be1
SHA512aaee20aa488c6a7ba9f271b1dd7644acc4d7500dc93427e0c196ca3f77773ef73d1cb248b2a77ed6f31626906f8a846459fb878c278a9af9ebb192e245cd7170
-
Filesize
1000KB
-
Filesize
1.1MB