Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
13-12-2024 05:49
General
-
Target
ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe
-
Size
86KB
-
MD5
ea2d40381b1c68070db71dadd170eff1
-
SHA1
5f53767f22319bc717fe9f2fd81d737fa8855e99
-
SHA256
89fb932451a6666919926ca0255d9e250d1f53f3b3c9d9e3f5b770e9aa490be7
-
SHA512
fa136b674a542fa7e326edca01a182cc051cd9503af6a02ca61efa760af2eceac6446d98d9f1471291b265d6d3c325ed9278d0afe5d6800ad78ba253e737ecd0
-
SSDEEP
768:78Jqh2/DRlS2R2Q8ExPtsTNXfmW/uDs8jr3333333rl3l8IkNxqTkm580oocyZ4i:FhqzJFCNvmWGDjSpT8ZT4wrpDG3mR
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage 19 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath3⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath5⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath7⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe8⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath9⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe10⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe12⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath13⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe14⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath15⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe16⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath17⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe18⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath19⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe20⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath21⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe22⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath23⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe24⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath25⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe26⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath27⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe28⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath29⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe30⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath31⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe32⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath33⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe34⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath35⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe36⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath37⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe38⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath39⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe40⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath41⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe42⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath43⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe44⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath45⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe46⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath47⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe48⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath49⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe50⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath51⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe52⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath53⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe54⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath55⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe56⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath57⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe58⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath59⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe60⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath61⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe62⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath63⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe64⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath65⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe66⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath67⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe68⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath69⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe70⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath71⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe72⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath73⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe74⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath75⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe76⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath77⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe78⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath79⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe80⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath81⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe82⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath83⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe84⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath85⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe86⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath87⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe88⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath89⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe90⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath91⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe92⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath93⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe94⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath95⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe96⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath97⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe98⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath99⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe100⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath101⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe102⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath103⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe104⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath105⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe106⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath107⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe108⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath109⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe110⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath111⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe112⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath113⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe114⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath115⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe116⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath117⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe118⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath119⤵
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exe120⤵
-
C:\Users\Admin\AppData\Local\Temp\ea2d40381b1c68070db71dadd170eff1_JaffaCakes118.exeStubPath121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-