939c8e4e96fc43c92160c9ffbc82849638ed6a66d68357520a6f55215ad1a0c3

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
Size

196KB
MD5

02f50614b91a07c40d760570221595f3
SHA1

0586df43c47e8fc6fe5a86760ee75a7b3aeb5923
SHA256

939c8e4e96fc43c92160c9ffbc82849638ed6a66d68357520a6f55215ad1a0c3
SHA512

5f77851d459b56a8ac04b078ca08a5a53c0d027d434dc9a7c94f82ac7e494dcc4a14c591d4cabbabaac3e35aeb8673b08c78926a718431e5ae51fc789f52601d
SSDEEP

3072:4ravoqkMaPAUkbC0Td7iqh8b622bre5rT+NFx7UWxP2lVvMT:4r6o1Yjbfd2qh89ngp2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 19 IoCs

pid	Process
1648	Unicorn-31425.exe
3000	Unicorn-39723.exe
2600	Unicorn-56806.exe
2772	Unicorn-12369.exe
2900	Unicorn-33344.exe
2388	Unicorn-57294.exe
2144	Unicorn-5400.exe
1564	Unicorn-55156.exe
1264	Unicorn-26375.exe
1568	Unicorn-46241.exe
2280	Unicorn-55322.exe
1132	Unicorn-31140.exe
2008	Unicorn-9650.exe
2728	Unicorn-38239.exe
2076	Unicorn-26541.exe
768	Unicorn-14777.exe
1400	Unicorn-32650.exe
2708	Unicorn-40818.exe
1784	Unicorn-20952.exe

Loads dropped DLL 45 IoCs

pid	Process
1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
1648	Unicorn-31425.exe
1648	Unicorn-31425.exe
1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
3000	Unicorn-39723.exe
3000	Unicorn-39723.exe
1648	Unicorn-31425.exe
1648	Unicorn-31425.exe
2600	Unicorn-56806.exe
2600	Unicorn-56806.exe
2772	Unicorn-12369.exe
2772	Unicorn-12369.exe
3000	Unicorn-39723.exe
3000	Unicorn-39723.exe
2600	Unicorn-56806.exe
2388	Unicorn-57294.exe
2600	Unicorn-56806.exe
2388	Unicorn-57294.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
2772	Unicorn-12369.exe
2772	Unicorn-12369.exe
1564	Unicorn-55156.exe
1564	Unicorn-55156.exe
2144	Unicorn-5400.exe
2144	Unicorn-5400.exe
1568	Unicorn-46241.exe
1568	Unicorn-46241.exe
2388	Unicorn-57294.exe
2388	Unicorn-57294.exe
2280	Unicorn-55322.exe
2280	Unicorn-55322.exe
2076	Unicorn-26541.exe
2076	Unicorn-26541.exe
2144	Unicorn-5400.exe
2008	Unicorn-9650.exe
2144	Unicorn-5400.exe
2008	Unicorn-9650.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1548	2900	WerFault.exe	32
1884	1784	WerFault.exe	47
1600	2280	WerFault.exe	39
844	2076	WerFault.exe	43

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
1648	Unicorn-31425.exe
3000	Unicorn-39723.exe
2600	Unicorn-56806.exe
2772	Unicorn-12369.exe
2900	Unicorn-33344.exe
2388	Unicorn-57294.exe
2144	Unicorn-5400.exe
1564	Unicorn-55156.exe
1568	Unicorn-46241.exe
1264	Unicorn-26375.exe
2280	Unicorn-55322.exe
2076	Unicorn-26541.exe
2008	Unicorn-9650.exe
1132	Unicorn-31140.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 1648	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	28
PID 1900 wrote to memory of 1648	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	28
PID 1900 wrote to memory of 1648	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	28
PID 1900 wrote to memory of 1648	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	28
PID 1648 wrote to memory of 3000	1648	Unicorn-31425.exe	29
PID 1648 wrote to memory of 3000	1648	Unicorn-31425.exe	29
PID 1648 wrote to memory of 3000	1648	Unicorn-31425.exe	29
PID 1648 wrote to memory of 3000	1648	Unicorn-31425.exe	29
PID 1900 wrote to memory of 2600	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	30
PID 1900 wrote to memory of 2600	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	30
PID 1900 wrote to memory of 2600	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	30
PID 1900 wrote to memory of 2600	1900	02f50614b91a07c40d760570221595f3_JaffaCakes118.exe	30
PID 3000 wrote to memory of 2772	3000	Unicorn-39723.exe	31
PID 3000 wrote to memory of 2772	3000	Unicorn-39723.exe	31
PID 3000 wrote to memory of 2772	3000	Unicorn-39723.exe	31
PID 3000 wrote to memory of 2772	3000	Unicorn-39723.exe	31
PID 1648 wrote to memory of 2900	1648	Unicorn-31425.exe	32
PID 1648 wrote to memory of 2900	1648	Unicorn-31425.exe	32
PID 1648 wrote to memory of 2900	1648	Unicorn-31425.exe	32
PID 1648 wrote to memory of 2900	1648	Unicorn-31425.exe	32
PID 2600 wrote to memory of 2388	2600	Unicorn-56806.exe	33
PID 2600 wrote to memory of 2388	2600	Unicorn-56806.exe	33
PID 2600 wrote to memory of 2388	2600	Unicorn-56806.exe	33
PID 2600 wrote to memory of 2388	2600	Unicorn-56806.exe	33
PID 2772 wrote to memory of 2144	2772	Unicorn-12369.exe	34
PID 2772 wrote to memory of 2144	2772	Unicorn-12369.exe	34
PID 2772 wrote to memory of 2144	2772	Unicorn-12369.exe	34
PID 2772 wrote to memory of 2144	2772	Unicorn-12369.exe	34
PID 3000 wrote to memory of 1564	3000	Unicorn-39723.exe	35
PID 3000 wrote to memory of 1564	3000	Unicorn-39723.exe	35
PID 3000 wrote to memory of 1564	3000	Unicorn-39723.exe	35
PID 3000 wrote to memory of 1564	3000	Unicorn-39723.exe	35
PID 2600 wrote to memory of 1264	2600	Unicorn-56806.exe	36
PID 2600 wrote to memory of 1264	2600	Unicorn-56806.exe	36
PID 2600 wrote to memory of 1264	2600	Unicorn-56806.exe	36
PID 2600 wrote to memory of 1264	2600	Unicorn-56806.exe	36
PID 2388 wrote to memory of 1568	2388	Unicorn-57294.exe	37
PID 2388 wrote to memory of 1568	2388	Unicorn-57294.exe	37
PID 2388 wrote to memory of 1568	2388	Unicorn-57294.exe	37
PID 2388 wrote to memory of 1568	2388	Unicorn-57294.exe	37
PID 2900 wrote to memory of 1548	2900	Unicorn-33344.exe	38
PID 2900 wrote to memory of 1548	2900	Unicorn-33344.exe	38
PID 2900 wrote to memory of 1548	2900	Unicorn-33344.exe	38
PID 2900 wrote to memory of 1548	2900	Unicorn-33344.exe	38
PID 2772 wrote to memory of 2280	2772	Unicorn-12369.exe	39
PID 2772 wrote to memory of 2280	2772	Unicorn-12369.exe	39
PID 2772 wrote to memory of 2280	2772	Unicorn-12369.exe	39
PID 2772 wrote to memory of 2280	2772	Unicorn-12369.exe	39
PID 1564 wrote to memory of 1132	1564	Unicorn-55156.exe	40
PID 1564 wrote to memory of 1132	1564	Unicorn-55156.exe	40
PID 1564 wrote to memory of 1132	1564	Unicorn-55156.exe	40
PID 1564 wrote to memory of 1132	1564	Unicorn-55156.exe	40
PID 2144 wrote to memory of 2008	2144	Unicorn-5400.exe	41
PID 2144 wrote to memory of 2008	2144	Unicorn-5400.exe	41
PID 2144 wrote to memory of 2008	2144	Unicorn-5400.exe	41
PID 2144 wrote to memory of 2008	2144	Unicorn-5400.exe	41
PID 1568 wrote to memory of 2728	1568	Unicorn-46241.exe	42
PID 1568 wrote to memory of 2728	1568	Unicorn-46241.exe	42
PID 1568 wrote to memory of 2728	1568	Unicorn-46241.exe	42
PID 1568 wrote to memory of 2728	1568	Unicorn-46241.exe	42
PID 2388 wrote to memory of 2076	2388	Unicorn-57294.exe	43
PID 2388 wrote to memory of 2076	2388	Unicorn-57294.exe	43
PID 2388 wrote to memory of 2076	2388	Unicorn-57294.exe	43
PID 2388 wrote to memory of 2076	2388	Unicorn-57294.exe	43

C:\Users\Admin\AppData\Local\Temp\02f50614b91a07c40d760570221595f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02f50614b91a07c40d760570221595f3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40818.exe
        7⤵
        Executes dropped EXE
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        10⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        9⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        6⤵
        Executes dropped EXE
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        7⤵
        Program crash
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        Executes dropped EXE
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        11⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        12⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        8⤵
        
        PID:1696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        6⤵
        Program crash
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56290.exe
        6⤵
        
        PID:1404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        5⤵
        Executes dropped EXE
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        5⤵
        Executes dropped EXE
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        7⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        5⤵
        Program crash
        
        PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe

Filesize
196KB

MD5
09bc11647d83e43c2422b8edc8a811f5

SHA1
13f5c10fa8b40e1f655f1e2cf4c13a58b6493364

SHA256
ac40f38bc51124d72d6405ed19618c00ea1b2d2e9454e8f29bfc3da1da017d23

SHA512
f848f13d3aee0da3b5e7c3905818f115e0dc98c1f5635670315a70336e4fdbc50201e38441fd60a748d6223a920042d412c689ce1daedeacd331c2dd7bd8fe57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe

Filesize
196KB

MD5
cf2d08dead38ba4b0a0352239ee3effd

SHA1
31fb278fe00de42c93793d37aa2eac323871325b

SHA256
dbad7ea0e4d8e3eff85cea6bf44591a5be536befebc6101a26bb4039fc0af28e

SHA512
c41530326263072a64ac816f1d81fbb34e9b30366da47b5f795927327187087f27f5ae134931d0e6b5a78a92d6bfb05cac8ee6f49835599fb9301a8459ddb346

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe

Filesize
196KB

MD5
735937c0e89f9c36812dec7148409359

SHA1
013a970ea4b20b8f2159dcceefca07a3ab12946d

SHA256
4646635a0a8ba163513684221ed9ba1c5d01a9fcc4b2844a578bcdcba59fcd51

SHA512
d25bb89dbfa2efbf0206463d1e2d6074df6e3491ab74e743a213d29761a9c64668c3cc42c80f3b34844966e6790cb914678752de1a7f86893b9dc82d094d7bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe

Filesize
196KB

MD5
d27b90253031a79b8c8a43c5586d5dbb

SHA1
4758fb4c8c8cfc7416b09295d1f5dc1653c18e14

SHA256
55e25fc79b12ad7653a74bbd5cd85be8988d8b5f56d730762f22caa663382b85

SHA512
029b6e427879cde35ca82dacd58a6c622187c09fc5f5488cf2074316197d09ff2176c6fb9220629783ad3d676002403f5154f9dd18af5d5291388b6b09090b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe

Filesize
196KB

MD5
4afedce8bb3db0fc623a17fc2c94022c

SHA1
c9a7220e3370059abf6b9f84a86603c2b0b5b6c5

SHA256
2a426eecdf91c751067f83a9f896649b4455dbc8a8362a48fc5afb436d7c4408

SHA512
8107935e2fc0ac90072e94ccd15c93603dad9cf3a9fd0904ac3d70b77c5626ed6f46e4a0f6a7fbc92b586626e4eaed182bb33acdb7f3374f3b1df720041c90db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe

Filesize
196KB

MD5
da8bb329f17b456a8d31e9f7f3aede1b

SHA1
6a07d78fd24641506e48a90d7d3754fe2ad3eb12

SHA256
fe3d172ecec9fb11bb952ca2c3da2b1bde484b5170641fcc4ff12e95c9671b56

SHA512
33f44720ae8779385e86dc9ca844c74608e3f61362026e81dff73cd401f7d1c63d29325d9a156ffdbc6ac17444e5637c725afc5568b46e9cf31ebdc70b82af5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe

Filesize
196KB

MD5
356b97786568bc69673c990d29c49f6f

SHA1
1c24bc00e9a8635f9b6789cf24e3875de80851c3

SHA256
6e83133f476a20e2df8fb6f26c35de3588b1558ae0b9aadf1582dbf910251430

SHA512
628d5a8fff54cc7ce1e3c6d1d28e7614f54132394af527f9dee3520a08f30609493707732cc4172528591075d162b074b96eb4178564eab8390e7da5764574d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe

Filesize
196KB

MD5
0946a28fd812c5c9cf7d38bc2be35420

SHA1
efb4e4d134ed5ea22a4b7f4cde37dcf7727273dd

SHA256
1e4478987f9a2100b7b9f181a48a212abb2537029799a6d59ca314901d5b9cd9

SHA512
995c70706d5e251f0ee9a5a6d5713a0d6ac455d4ac596b811592d479b8b824e1c70540e119f923d48c32487d7a209864638f12e95bf11664f5020841dfb2c8a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe

Filesize
196KB

MD5
407bd776d602ae777b84e0e0c5b19629

SHA1
adb559ef44b4f113d3ea4bcabf0da733fd852f82

SHA256
0c5c2ef43eef9451991d31be3296f99fd42d59974bf598112328cd47e19eeaf6

SHA512
4d9e1a5315ab132beb2530ddf4a01c0b4523643c0d690d741671506e1ec0869f85db2d59ffd8d64d7372de4134f3c375c2ee2f379de39db045935c74d9b418c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe

Filesize
196KB

MD5
2421a630cbcc530b8c0bbbc5b5f036d4

SHA1
d4cdda8ac348fbb857778dbe1a0fc105a5a8c35d

SHA256
5dc47d9578ccdd760de7dbeaea5efa532fa936e0e306ae4c868cbfd71bbbc317

SHA512
dc74df3ca9e171f0dd1848baf45309f5adf7a052894b3f9d1c5ca680c0d1619402d7d24046fbcf59772e5cb0eda67e8b7922821e92c7049fac978d636a67f27a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe

Filesize
196KB

MD5
fcf37e926a198e85231018bd867d9c09

SHA1
681ea8d7460cb7dc8c34b934b923ae96f709d95f

SHA256
cf4d79a12b089a840d4870511bde2eb4ff0231d7444b4562e2197b02c67832a0

SHA512
29184cd2419ec723e18e27ec9a264a968bb7ac31c8550313c4522aeb95fdb1c3801ebff0070258c9882a274266ab7e59d79959b3e6d06ae615800e3a399f5af0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe

Filesize
196KB

MD5
6d71019a35075636448c95936b2c64f8

SHA1
eb5809dc28f93bb26db1cd5add12a7e216a4cd08

SHA256
d3f01ab28914b3d44b949e6f1472fb4bd1ce2f83d9b48d62dfd501790a78e0d3

SHA512
779deb45d8dba24369fbbabebbacf012ad4e31fc213d723a7de907d880ffb40f3c2edc7009666e1fe88743f03a0a72d70876690319c3bd2808cec0f43351b988

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe

Filesize
196KB

MD5
2e1c37569475d9df22bad56a69288013

SHA1
4709f3ed2b6df3710e6602430df25359a3c94641

SHA256
09f2f101d1103bd7baa58db56538c55282816b23e914fae231116a8e1b9856e5

SHA512
510186e18842bbbb7d227fbcd52a79a0eaee7d0789cb604c63edefb9caea4f1f2a0d23140af6779180910131772766bb5d4c944462f778d18410e7fd86798c98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe

Filesize
196KB

MD5
55ad5726179f93e20cd5af5b7c320da4

SHA1
6be07fb569fb1a401b7ce5d7ce6ae6cb93b996c3

SHA256
c91c42fbe5b46e4e43dc44ea879cce4afa2a41cc61ae2b68d8d95b37efa53825

SHA512
a01ed75aeb34213fe5a6aa9ae3970ef18e38b4273b79257d85bd6c815b0d83ec3ffebaac898789f4310cd739ac3df6c7ee69d5d800a410acfc71cb101653f6b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe

Filesize
196KB

MD5
f77c57d239c4bb029c351449eb7a2599

SHA1
e752f6124cc106d1e3c0e8587ea14a4d1b35f76c

SHA256
2eaf98dd4e0503afcdb3d57eb3c408f88ea941fccbfffb78c9f49e9ca9718c3d

SHA512
e12db155b7f9abc9505b5a908d0444636d59d19fa440287165240a0a29a8152f4a25086a1b0376176f9fee1edb98e9ad78f33d24e5a5330c784ce94ff5a7f880

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe

Filesize
24KB

MD5
390486d0b6e383970309e5cf69e7794a

SHA1
cbe9196f0cc376db7d680ed301dc8d2efb8954d7

SHA256
9419cc8bea60b4d5e51c1ea73cb2c09bd078ee3f33c25ef4a8eebd226f643208

SHA512
3dcc40ad64264623f1b13e67932d2cd919d0b312df8b614c1509d39c979df7f72d0b9124082c0f133bb7d6cce4aa34455f5b044ee2eb91d18e69f0a2f4ef258b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe

Filesize
196KB

MD5
93927626f2139dff00177873318fc882

SHA1
d645a9c355c6a579dcb3b06abe66cef7ee1138a9

SHA256
e6194798958b89bf113670624495e855834239ddb1298010c32411de7e0dda42

SHA512
b20f85686130481ffbfac9079bdf00f96b6671444b65d3e91b63e11c522bfed619f1d8dd8c362e5dc58c9ef078fdfd034a3f0f18b12844eaa2df6a0bb5bc504a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe

Filesize
196KB

MD5
1702570ca732fff1f01502e5a9165818

SHA1
34c8352f7d2892a6925430264b0760a5cd125672

SHA256
e0c7164f052770bb913b72d8cb6fa71eb1b3a17e7c41bab4f75c09385fa5ee43

SHA512
0d27d083fc8da6d09d9ef33fc832f39bb885819560ef0cfd903b6128bb440beb987d95ef57340d4608eb2b2e03cabd74bfb72942263e140326f918f77a2e748d

Download Submit
memory/1952-253-0x00000000028D0000-0x0000000002A2C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads