Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
07/04/2025, 13:41
General
-
Target
JaffaCakes118_9f5b73d693ce3216672d03ab07dd7ea5.exe
-
Size
1.1MB
-
MD5
9f5b73d693ce3216672d03ab07dd7ea5
-
SHA1
c06441d12ccc651ceb41c543553165f6561383c8
-
SHA256
63374f345942d7afa0ff9d54f360525cc1b11b1a6a78f53612973dbf646d2549
-
SHA512
4c3d87bde877eface5c5b4c5daf87cd25e271ce3d1f9bfddf02a1b51d9a320a3f1b2cb4ca06a615b2f06b6e7fcd08410d919579271ccb4cde7cbbc4c142dc6ad
-
SSDEEP
24576:h5Y8WP5oudlRLl3hP13iM40oh7kt3nuGz:BWP5oAlbNpii90Gz
Score
10/10
Malware Config
Signatures
-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload 1 IoCs
-
Modifies firewall policy service 3 TTPs 10 IoCs
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Executes dropped EXE 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry key 1 TTPs 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9f5b73d693ce3216672d03ab07dd7ea5.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9f5b73d693ce3216672d03ab07dd7ea5.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\crypteda.exeC:\Users\Admin\AppData\Local\Temp\\crypteda.exe2⤵
- Adds policy Run key to start application
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\crypteda.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\crypteda.exe:*:Enabled:Windows Messanger" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\crypteda.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\crypteda.exe:*:Enabled:Windows Messanger" /f4⤵
- Modifies firewall policy service
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Modifies firewall policy service
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\test.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\test.exe:*:Enabled:Windows Messanger" /f3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\test.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\test.exe:*:Enabled:Windows Messanger" /f4⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\test.exe1⤵
-
C:\Users\Admin\AppData\Roaming\test.exeC:\Users\Admin\AppData\Roaming\test.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336KB
MD5a1c471963337042df2e63fdc89090c1c
SHA1b70973de41a2aa7b64169cc50fc6f4673691f061
SHA25623fd031539704e2a635fe6a8c3f68d49cf6a4c4b24e2deaddbd7d57e556a5b79
SHA512195df886f75182b3c4881b21208990390dd1e575979d1d6a78b98b650ddf2cac07035370eb17e73e3c51ebfb4bad8e95f41742ff4a19ab9861e2789a8b26574e
-
Filesize
4KB
-
Filesize
664KB
-
Filesize
9.6MB
-
Filesize
4.8MB
-
Filesize
624KB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
304KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB