14dc6c810d05eb1495553e3b8ae5957295ba74ff05c33f01953f60045f78fa87

General

Target

9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Size

278KB
MD5

9e48e6f06510660156ad80342a8b06a4
SHA1

b8ffe03975a171c4cf231a2e714e75e1ac9e061d
SHA256

14dc6c810d05eb1495553e3b8ae5957295ba74ff05c33f01953f60045f78fa87
SHA512

c3522957117e157f8c5edc142ae5b4eebe9d25c6c8490d1564b6f12b20be026600bb17bb3407d20ebcb546a7ce65ceef97714ce1d9bc3fbc79c65e8cda349b0e
SSDEEP

6144:ZplxR++UT/dwsoMi1TQ+yBuFzQgqj2NHez2TfUXJ/8DCcqWiKY1:ZjxR9UTV5i1U+yOsgqj2lC2I18DfqWda

Score

9^/10

collection discovery

Malware Config

Signatures

Detected Nirsoft tools 4 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

Processes:

resource	yara_rule
behavioral1/memory/2512-19-0x0000000000400000-0x000000000041E000-memory.dmp	Nirsoft
behavioral1/memory/2512-24-0x0000000000400000-0x000000000041E000-memory.dmp	Nirsoft
behavioral1/memory/2512-23-0x0000000000400000-0x000000000041E000-memory.dmp	Nirsoft
behavioral1/memory/2860-61-0x0000000000400000-0x0000000000414000-memory.dmp	Nirsoft

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

Processes:

9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

Suspicious use of SetThreadContext 7 IoCs

Processes:

9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

description	pid	process	target process
PID 1880 set thread context of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 set thread context of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 set thread context of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 set thread context of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 set thread context of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 set thread context of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 set thread context of 708	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	2512	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
Token: SeDebugPrivilege	2860	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2512
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2124
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2860
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - Accesses Microsoft Outlook accounts
  - System Location Discovery: System Language Discovery
  PID:2784
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2656
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2504
- C:\Users\Admin\AppData\Local\Temp\9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
  /stext C:\Users\Admin\AppData\Local\Temp\temp.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\temp.txt

Filesize
33B

MD5
fec8656dbc9772ee24163ae3d57f41d9

SHA1
4e82071ada9bdc0002decba8b18b22a6dfdd127d

SHA256
7a3295b2c8c4797b8e5b4616bcc19bca30266371a54666855cbc67d443a3e4f4

SHA512
7c5965e41515a34db05c442587607bb51b6a3a8662df39513474f0d12c1236d882989d8c8bc99d24be27531c0e0df76af8c4beaf45e041767ab6ba2c72fc9326

Download Submit
memory/1880-0-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2124-46-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-30-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-33-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-45-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-39-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-36-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-44-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2124-28-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2512-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2512-16-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-10-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-24-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-8-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-6-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2656-110-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2860-61-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-55-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-52-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-58-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-50-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2860-48-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

description	pid	process	target process
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2512	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2124	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2860	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2784	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2656	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 2504	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 708	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 708	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 708	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe
PID 1880 wrote to memory of 708	1880	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe	9e48e6f06510660156ad80342a8b06a4_JaffaCakes118.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads