Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
29/03/2025, 20:16
General
-
Target
JaffaCakes118_9782af747d74702719c2da418256e164.exe
-
Size
235KB
-
MD5
9782af747d74702719c2da418256e164
-
SHA1
0ed275cbaeb7ad327172547dc036abdfdca163f5
-
SHA256
2bb11676d3671ade6eb5192012a52e7e1cc339ee6f6c36b3fb0942758856707e
-
SHA512
94bd7410ee4f8314a0ce84617a0c87f9b197e54ebd99227cafb8572850cd7abaf12e400c5d368c7277a2e220dfd04078fe448d53410a82bc3429c207a04f8a78
-
SSDEEP
6144:mutjlpnPEdCtNULSvL68fdda7JWcApjHDn:muVznsSfjXDtDXn
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9782af747d74702719c2da418256e164.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9782af747d74702719c2da418256e164.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9782af747d74702719c2da418256e164.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9782af747d74702719c2da418256e164.exe"2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Users\Admin\AppData\Local\Temp\JAFFAC~1.EXE3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Users\Admin\AppData\Local\Temp\JAFFAC~1.EXE4⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe34⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe36⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe38⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe40⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe42⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe44⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe46⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe48⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe50⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe52⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe54⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe56⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe58⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe60⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe62⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe64⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe66⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe67⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe68⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe69⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe70⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe71⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe72⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe73⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe74⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe75⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe76⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe77⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe78⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe79⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe80⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe81⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe82⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe83⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe85⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe86⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe87⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe88⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe89⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe90⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe91⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe92⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe93⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe94⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe95⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe96⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe97⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe98⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe99⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe100⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe101⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe102⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe103⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe104⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe105⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe106⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe107⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe108⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe109⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe110⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe111⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe112⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe113⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe114⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe115⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe116⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe117⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe118⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe119⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\SysWOW64\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe120⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wmiptsn.exe"C:\Windows\system32\wmiptsn.exe" C:\Windows\SysWOW64\wmiptsn.exe121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-