Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-12-2024 03:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe
-
Size
911KB
-
MD5
d07687c1ad211e9b05d1fddf8a093cab
-
SHA1
c5f0ad91e998d41e79b6e54a9f868c641076007e
-
SHA256
bf45dedf03288636a2674b70d3fd42ee69cdcdfb4c7351e7ef972fb41465a90f
-
SHA512
5287164700a1676bcdf69536a94707d370487956fc1aeb9c47a81d0b8ce590708419d8d87940a564190264b561fb4757bd941f2e7f271514176dbccdc55cded6
-
SSDEEP
24576:Qg3UqSjMikbvWd88NatBgCbEuo276MKsQ31dW:UqSjNi+bsfVbEuo27+j31dW
Malware Config
Signatures
-
Darkcomet family
-
Suspicious use of SetThreadContext 20 IoCs
description pid Process procid_target PID 2432 set thread context of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2756 set thread context of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2404 set thread context of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2624 set thread context of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 536 set thread context of 2856 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 39 PID 2856 set thread context of 2452 2856 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 41 PID 2452 set thread context of 2872 2452 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 43 PID 2872 set thread context of 2612 2872 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 45 PID 2612 set thread context of 1612 2612 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 47 PID 1612 set thread context of 1996 1612 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 49 PID 1996 set thread context of 1164 1996 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 51 PID 1164 set thread context of 2036 1164 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 53 PID 2036 set thread context of 444 2036 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 55 PID 444 set thread context of 2508 444 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 57 PID 2508 set thread context of 1552 2508 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 59 PID 1552 set thread context of 952 1552 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 61 PID 952 set thread context of 2380 952 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 63 PID 2380 set thread context of 1804 2380 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 65 PID 1804 set thread context of 1712 1804 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 67 PID 1712 set thread context of 3064 1712 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 69 -
Suspicious use of AdjustPrivilegeToken 21 IoCs
description pid Process Token: SeDebugPrivilege 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2856 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2452 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2872 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2612 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 1612 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 1996 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 1164 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2036 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 444 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2508 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 1552 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 952 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 2380 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 1804 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 1712 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe Token: SeDebugPrivilege 3064 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2432 wrote to memory of 2700 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 30 PID 2432 wrote to memory of 2700 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 30 PID 2432 wrote to memory of 2700 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 30 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2432 wrote to memory of 2756 2432 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 31 PID 2756 wrote to memory of 2712 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 32 PID 2756 wrote to memory of 2712 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 32 PID 2756 wrote to memory of 2712 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 32 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2756 wrote to memory of 2404 2756 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 33 PID 2404 wrote to memory of 2608 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 34 PID 2404 wrote to memory of 2608 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 34 PID 2404 wrote to memory of 2608 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 34 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2404 wrote to memory of 2624 2404 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 35 PID 2624 wrote to memory of 1680 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 36 PID 2624 wrote to memory of 1680 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 36 PID 2624 wrote to memory of 1680 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 36 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 2624 wrote to memory of 536 2624 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 37 PID 536 wrote to memory of 576 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 38 PID 536 wrote to memory of 576 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 38 PID 536 wrote to memory of 576 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 38 PID 536 wrote to memory of 2856 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 39 PID 536 wrote to memory of 2856 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 39 PID 536 wrote to memory of 2856 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 39 PID 536 wrote to memory of 2856 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 39 PID 536 wrote to memory of 2856 536 d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe 39
Processes
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe2⤵PID:2700
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe2⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe3⤵PID:2712
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe3⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe4⤵PID:2608
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe4⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe5⤵PID:1680
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe5⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe6⤵PID:576
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe6⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2856 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe7⤵PID:2536
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe7⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe8⤵PID:1940
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe8⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe9⤵PID:1800
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe9⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2612 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe10⤵PID:1856
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe10⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1612 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe11⤵PID:2384
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe11⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1996 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe12⤵PID:3048
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe12⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1164 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe13⤵PID:672
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe13⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2036 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe14⤵PID:1548
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe14⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:444 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe15⤵PID:1932
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe15⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe16⤵PID:1392
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe16⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1552 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe17⤵PID:916
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe17⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:952 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe18⤵PID:1760
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe18⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2380 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe19⤵PID:2312
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe19⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1804 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe20⤵PID:1604
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe20⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1712 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe21⤵PID:2808
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe21⤵
- Suspicious use of AdjustPrivilegeToken
PID:3064 -
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe22⤵PID:2572
-
-
C:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\d07687c1ad211e9b05d1fddf8a093cab_JaffaCakes118.exe22⤵PID:2716
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-