1f2abd5e87f62f63ea93db3b2deecd2749bdc03b07c1b1e9bdd5d52162453bd2

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
Size

196KB
MD5

dc349166e82cbe8a308c47315a713ab2
SHA1

006739534a71b3b1ae725f20135b62dcee22b937
SHA256

1f2abd5e87f62f63ea93db3b2deecd2749bdc03b07c1b1e9bdd5d52162453bd2
SHA512

a7d82c548f7821c086403a3d3260ddbd00526a3a479f849155b4b556036b36205e9838216517070dc10df0f98026837e3924f82c393264410aa653f757f22bf1
SSDEEP

3072:sreboqkMaPAUkbn0Td7iqe8b622brIKrT+NFx7gWxP2lVvMe:srqo1YjbUd2qe8kngV2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2528	Unicorn-35979.exe
2588	Unicorn-26161.exe
2648	Unicorn-6295.exe
2688	Unicorn-41148.exe
2472	Unicorn-24620.exe
2556	Unicorn-12922.exe
2712	Unicorn-15392.exe
1904	Unicorn-35258.exe
2748	Unicorn-3161.exe
2532	Unicorn-40664.exe
2224	Unicorn-57323.exe
2328	Unicorn-23193.exe
1504	Unicorn-63841.exe
1520	Unicorn-43976.exe
1568	Unicorn-41449.exe
1532	Unicorn-63841.exe
2428	Unicorn-21583.exe
2244	Unicorn-13415.exe
1272	Unicorn-25113.exe
1644	Unicorn-54311.exe
776	Unicorn-9749.exe
2152	Unicorn-7414.exe
3044	Unicorn-13122.exe
1548	Unicorn-32988.exe
952	Unicorn-4762.exe
908	Unicorn-53963.exe
2248	Unicorn-123.exe
2808	Unicorn-56532.exe
2012	Unicorn-12162.exe
2932	Unicorn-23668.exe
2720	Unicorn-53538.exe
2724	Unicorn-17336.exe
2584	Unicorn-14809.exe
2308	Unicorn-3304.exe
2816	Unicorn-23170.exe
2560	Unicorn-56506.exe
2492	Unicorn-10834.exe
2496	Unicorn-30762.exe
2528	Unicorn-48530.exe
2032	Unicorn-16346.exe
2692	Unicorn-46003.exe
2760	Unicorn-26137.exe
1960	Unicorn-42473.exe
1972	Unicorn-62339.exe
332	Unicorn-29475.exe
2644	Unicorn-9952.exe
2592	Unicorn-26542.exe
1696	Unicorn-59729.exe
1004	Unicorn-30927.exe
324	Unicorn-50793.exe
564	Unicorn-50793.exe
2092	Unicorn-17929.exe
2844	Unicorn-58613.exe
2256	Unicorn-12941.exe
1480	Unicorn-52324.exe
1664	Unicorn-32458.exe
2380	Unicorn-64815.exe
1788	Unicorn-32112.exe
2580	Unicorn-49136.exe
1772	Unicorn-12816.exe
2416	Unicorn-24039.exe
2804	Unicorn-18357.exe
2696	Unicorn-12335.exe
2280	Unicorn-15610.exe

Loads dropped DLL 64 IoCs

pid	Process
352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
2528	Unicorn-35979.exe
352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
2528	Unicorn-35979.exe
352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
2648	Unicorn-6295.exe
2648	Unicorn-6295.exe
2588	Unicorn-26161.exe
2588	Unicorn-26161.exe
2528	Unicorn-35979.exe
2528	Unicorn-35979.exe
2648	Unicorn-6295.exe
2648	Unicorn-6295.exe
2688	Unicorn-41148.exe
2688	Unicorn-41148.exe
2472	Unicorn-24620.exe
2472	Unicorn-24620.exe
2588	Unicorn-26161.exe
2588	Unicorn-26161.exe
2556	Unicorn-12922.exe
2556	Unicorn-12922.exe
2712	Unicorn-15392.exe
2712	Unicorn-15392.exe
2748	Unicorn-3161.exe
2532	Unicorn-40664.exe
2748	Unicorn-3161.exe
2532	Unicorn-40664.exe
1904	Unicorn-35258.exe
1904	Unicorn-35258.exe
2688	Unicorn-41148.exe
2688	Unicorn-41148.exe
2472	Unicorn-24620.exe
2224	Unicorn-57323.exe
2472	Unicorn-24620.exe
2224	Unicorn-57323.exe
2556	Unicorn-12922.exe
2556	Unicorn-12922.exe
2328	Unicorn-23193.exe
2328	Unicorn-23193.exe
2712	Unicorn-15392.exe
2712	Unicorn-15392.exe
1504	Unicorn-63841.exe
1504	Unicorn-63841.exe
2224	Unicorn-57323.exe
1272	Unicorn-25113.exe
2224	Unicorn-57323.exe
1272	Unicorn-25113.exe
2748	Unicorn-3161.exe
2748	Unicorn-3161.exe
1532	Unicorn-63841.exe
1532	Unicorn-63841.exe
1904	Unicorn-35258.exe
1904	Unicorn-35258.exe
1568	Unicorn-41449.exe
1568	Unicorn-41449.exe
2532	Unicorn-40664.exe
2532	Unicorn-40664.exe
1520	Unicorn-43976.exe
1520	Unicorn-43976.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
2312	2244	WerFault.exe	46
3016	2428	WerFault.exe	44
2456	3044	WerFault.exe	50
2284	2152	WerFault.exe	49
2080	2584	WerFault.exe	62
2252	2032	WerFault.exe	70
824	2248	WerFault.exe	53
2268	908	WerFault.exe	54
1820	2496	WerFault.exe	68
2112	1480	WerFault.exe	91
1872	1696	WerFault.exe	78
2172	1004	WerFault.exe	80
3040	1972	WerFault.exe	74
1544	2092	WerFault.exe	84
2868	2416	WerFault.exe	100

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
2528	Unicorn-35979.exe
2648	Unicorn-6295.exe
2588	Unicorn-26161.exe
2688	Unicorn-41148.exe
2472	Unicorn-24620.exe
2556	Unicorn-12922.exe
2712	Unicorn-15392.exe
1904	Unicorn-35258.exe
2748	Unicorn-3161.exe
2532	Unicorn-40664.exe
2224	Unicorn-57323.exe
2328	Unicorn-23193.exe
1504	Unicorn-63841.exe
1532	Unicorn-63841.exe
1568	Unicorn-41449.exe
1520	Unicorn-43976.exe
2244	Unicorn-13415.exe
1272	Unicorn-25113.exe
2428	Unicorn-21583.exe
1644	Unicorn-54311.exe
776	Unicorn-9749.exe
2152	Unicorn-7414.exe
3044	Unicorn-13122.exe
1548	Unicorn-32988.exe
952	Unicorn-4762.exe
2248	Unicorn-123.exe
908	Unicorn-53963.exe
2012	Unicorn-12162.exe
2932	Unicorn-23668.exe
2808	Unicorn-56532.exe
2724	Unicorn-17336.exe
2584	Unicorn-14809.exe
2720	Unicorn-53538.exe
2816	Unicorn-23170.exe
2308	Unicorn-3304.exe
2560	Unicorn-56506.exe
2492	Unicorn-10834.exe
2496	Unicorn-30762.exe
2528	Unicorn-48530.exe
2032	Unicorn-16346.exe
2692	Unicorn-46003.exe
1960	Unicorn-42473.exe
1972	Unicorn-62339.exe
2760	Unicorn-26137.exe
2592	Unicorn-26542.exe
1004	Unicorn-30927.exe
564	Unicorn-50793.exe
2256	Unicorn-12941.exe
324	Unicorn-50793.exe
332	Unicorn-29475.exe
1480	Unicorn-52324.exe
2092	Unicorn-17929.exe
2844	Unicorn-58613.exe
2644	Unicorn-9952.exe
1696	Unicorn-59729.exe
2380	Unicorn-64815.exe
1788	Unicorn-32112.exe
1664	Unicorn-32458.exe
2580	Unicorn-49136.exe
2804	Unicorn-18357.exe
1772	Unicorn-12816.exe
2416	Unicorn-24039.exe
2696	Unicorn-12335.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 352 wrote to memory of 2528	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	28
PID 352 wrote to memory of 2528	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	28
PID 352 wrote to memory of 2528	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	28
PID 352 wrote to memory of 2528	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	28
PID 2528 wrote to memory of 2588	2528	Unicorn-35979.exe	29
PID 2528 wrote to memory of 2588	2528	Unicorn-35979.exe	29
PID 2528 wrote to memory of 2588	2528	Unicorn-35979.exe	29
PID 2528 wrote to memory of 2588	2528	Unicorn-35979.exe	29
PID 352 wrote to memory of 2648	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	30
PID 352 wrote to memory of 2648	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	30
PID 352 wrote to memory of 2648	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	30
PID 352 wrote to memory of 2648	352	dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2688	2648	Unicorn-6295.exe	31
PID 2648 wrote to memory of 2688	2648	Unicorn-6295.exe	31
PID 2648 wrote to memory of 2688	2648	Unicorn-6295.exe	31
PID 2648 wrote to memory of 2688	2648	Unicorn-6295.exe	31
PID 2588 wrote to memory of 2472	2588	Unicorn-26161.exe	32
PID 2588 wrote to memory of 2472	2588	Unicorn-26161.exe	32
PID 2588 wrote to memory of 2472	2588	Unicorn-26161.exe	32
PID 2588 wrote to memory of 2472	2588	Unicorn-26161.exe	32
PID 2528 wrote to memory of 2556	2528	Unicorn-35979.exe	33
PID 2528 wrote to memory of 2556	2528	Unicorn-35979.exe	33
PID 2528 wrote to memory of 2556	2528	Unicorn-35979.exe	33
PID 2528 wrote to memory of 2556	2528	Unicorn-35979.exe	33
PID 2648 wrote to memory of 2712	2648	Unicorn-6295.exe	34
PID 2648 wrote to memory of 2712	2648	Unicorn-6295.exe	34
PID 2648 wrote to memory of 2712	2648	Unicorn-6295.exe	34
PID 2648 wrote to memory of 2712	2648	Unicorn-6295.exe	34
PID 2688 wrote to memory of 1904	2688	Unicorn-41148.exe	35
PID 2688 wrote to memory of 1904	2688	Unicorn-41148.exe	35
PID 2688 wrote to memory of 1904	2688	Unicorn-41148.exe	35
PID 2688 wrote to memory of 1904	2688	Unicorn-41148.exe	35
PID 2472 wrote to memory of 2748	2472	Unicorn-24620.exe	36
PID 2472 wrote to memory of 2748	2472	Unicorn-24620.exe	36
PID 2472 wrote to memory of 2748	2472	Unicorn-24620.exe	36
PID 2472 wrote to memory of 2748	2472	Unicorn-24620.exe	36
PID 2588 wrote to memory of 2532	2588	Unicorn-26161.exe	37
PID 2588 wrote to memory of 2532	2588	Unicorn-26161.exe	37
PID 2588 wrote to memory of 2532	2588	Unicorn-26161.exe	37
PID 2588 wrote to memory of 2532	2588	Unicorn-26161.exe	37
PID 2556 wrote to memory of 2224	2556	Unicorn-12922.exe	38
PID 2556 wrote to memory of 2224	2556	Unicorn-12922.exe	38
PID 2556 wrote to memory of 2224	2556	Unicorn-12922.exe	38
PID 2556 wrote to memory of 2224	2556	Unicorn-12922.exe	38
PID 2712 wrote to memory of 2328	2712	Unicorn-15392.exe	39
PID 2712 wrote to memory of 2328	2712	Unicorn-15392.exe	39
PID 2712 wrote to memory of 2328	2712	Unicorn-15392.exe	39
PID 2712 wrote to memory of 2328	2712	Unicorn-15392.exe	39
PID 2748 wrote to memory of 1504	2748	Unicorn-3161.exe	40
PID 2748 wrote to memory of 1504	2748	Unicorn-3161.exe	40
PID 2748 wrote to memory of 1504	2748	Unicorn-3161.exe	40
PID 2748 wrote to memory of 1504	2748	Unicorn-3161.exe	40
PID 2532 wrote to memory of 1568	2532	Unicorn-40664.exe	41
PID 2532 wrote to memory of 1568	2532	Unicorn-40664.exe	41
PID 2532 wrote to memory of 1568	2532	Unicorn-40664.exe	41
PID 2532 wrote to memory of 1568	2532	Unicorn-40664.exe	41
PID 1904 wrote to memory of 1532	1904	Unicorn-35258.exe	42
PID 1904 wrote to memory of 1532	1904	Unicorn-35258.exe	42
PID 1904 wrote to memory of 1532	1904	Unicorn-35258.exe	42
PID 1904 wrote to memory of 1532	1904	Unicorn-35258.exe	42
PID 2688 wrote to memory of 1520	2688	Unicorn-41148.exe	43
PID 2688 wrote to memory of 1520	2688	Unicorn-41148.exe	43
PID 2688 wrote to memory of 1520	2688	Unicorn-41148.exe	43
PID 2688 wrote to memory of 1520	2688	Unicorn-41148.exe	43

C:\Users\Admin\AppData\Local\Temp\dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc349166e82cbe8a308c47315a713ab2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 248
        8⤵
        Program crash
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        10⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        6⤵
        Program crash
        
        PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 244
        9⤵
        Program crash
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        8⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 224
        8⤵
        Program crash
        
        PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15610.exe
        10⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        11⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        8⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 244
        8⤵
        Program crash
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 244
        6⤵
        Program crash
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        8⤵
        Program crash
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 248
        7⤵
        Program crash
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        7⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 244
        7⤵
        Program crash
        
        PID:2252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 228
        6⤵
        Program crash
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        7⤵
        Program crash
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        7⤵
        
        PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        9⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12335.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47482.exe
        9⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 244
        7⤵
        Program crash
        
        PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        6⤵
        Program crash
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 220
        6⤵
        Program crash
        
        PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe

Filesize
196KB

MD5
d782b0a281435affe561da7e184b328b

SHA1
92facc3b450225b742488684dfb3bea536502d48

SHA256
a8a069f22f4e45a28add99dbccdd9ba180697a429cec03ff512277fabbba3fe6

SHA512
a07a20098bcbf71f15c71816aa8beb05024c54572d0852f7c825d3f421daf81d2f66e7cf5f22f725c92f03ce806a087e7c7c4e197ee07308a6633fd3151c5e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe

Filesize
196KB

MD5
e43e6db6cb86a8eb5babb25c738e0e45

SHA1
4cc76ee67932a39861774ef1ec0e34587f5f0156

SHA256
61c281301d8a736956533284b80f7259cc5d05bf2153e11c83cc54b037c49b97

SHA512
16cbb80a1a67c32d6a5632d1df50db3cc0731dae99a68c3354309118b42401685aad2ee68e9a5c478641d61490e567b9e67d1400c047beb2949426c45790a4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe

Filesize
196KB

MD5
a07ecadc7e81936e342da30dced34e5a

SHA1
ffa15a0da95e3efa44e35967e5e3c8d914d5d9ad

SHA256
c107fc9a9d45710990cf13feaed431615bb888104d4e8c888283da4c8906d0d3

SHA512
512704c734cf3a260eb83214c33b80089cd7ef91a384ee023ceec63e46e3087e27c965dc902920574d4924549af5cd3beca7b1790c6ae71a9e597a931aee110e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe

Filesize
196KB

MD5
1a2795c47f10005266641139830883db

SHA1
1d590f481c2ea09f5453c553d0c54a2eaed9db08

SHA256
39f01f74896b8ca5d8f153d3ab1362703165f1a2fc280839aba7dc172e55b526

SHA512
006dc991d045052b068bb93151fee1984dfa0109806c00c5fbb93c4183d74b2894cbb047295dfd9faf27cea529654d0035cfa88d50616a5e5c005c7d22773474

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe

Filesize
196KB

MD5
03e5e0a9773fd6d221e514ccbe78e152

SHA1
506456d7539c52819f6ea8efbb00a1a82d95d2ec

SHA256
0a588b3efb4a45d51bd4d4903b4b3acabb43e52de96dfc00e0228089846f9f80

SHA512
85ef79cc3d5ee84a0ba01706173af57575e0e4bfc6883b494d0342c28be29b2c3f32ca2d74b2af4799b0807377c29fb4c5a0ba8f740528c66ef0dbb00a546ed8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe

Filesize
196KB

MD5
641e2da87cc8146ab5f84552e90bbfa4

SHA1
d6df582aba6d1b10f2e2ec2416a8eb2dcb2b6615

SHA256
7305326e30d65fa7a1d0f9e45cd7b30cd7e41d58da12de9d680b58fe944c0fc5

SHA512
ffab226e142e722e8cf050db5b71a51fd8e6bb55424206034af2a0d68f6dac7cf02cf782432b283fbc39cb5e40a653402475d7641772d161eda473c5098d5e15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe

Filesize
196KB

MD5
9c52676e01de63aa86437c13b48b200b

SHA1
5fb73dd94f64b2453e7407a09e145ac3f178c611

SHA256
572a46f2a6cd3b2af287a9e6f084fa8c0177af97a38c20fbe9aa24b9f3a202d0

SHA512
6eb6c9312bb592725ec725d57a2e42600b8c4269f435a5ad441d7565ff4238a921e5f0cb89c0e5b98231017c32a381ac350d9b2384dfbf18d333e6f3a373f7fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe

Filesize
196KB

MD5
ad8a325b0da685fc8ff9281b28628ba6

SHA1
74e1f1b5411150ad697c4d99ce2fdc4556af1fc7

SHA256
a4e16e49c483f5b3dd2ea7a3ca147341bedfe6e3a48f95474c461cd0a66b0399

SHA512
34b66b4aa5ec6e75bf88dd01d4f1240b833f6bb31ad665dcc3f26b73e239954f8bdbff4143c5a7c11984ac33de646b96901312ec4ab6afef42d5fdf1d37d53fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe

Filesize
196KB

MD5
1aa8d603015473f8a2c3e135f63957be

SHA1
d29d4529e52c0d0bab8ecaadf918446c813b2c99

SHA256
d46c34c07bf0e20ca32d3a33345e9e07168257eb5a658aa343c264620b5f4f85

SHA512
598ac662135deda245cf95fde2de83e10ad1ddca949c9eedc4b67f13841c4de48cf53abd10ce6938c9ad7e17dff359200fd9809c1c9ede3b398a1c8fd9735812

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe

Filesize
196KB

MD5
65b80eb0f8e7ebe2f79c123236c08954

SHA1
cb33f4e1ac0f2d63f9e69ee234ff6549533ea60d

SHA256
f9bb9e28ea5d705f7cd3426825b7e829cdd12e08dfedbd8d3e548f8da9934df5

SHA512
193128b5b690d3f3f1290fbc60ee50c206e69bc2996ebf3b5372a32f0c3c078fbc2290494383caf60bf16fa518397d54c29b32a93a0794e2a3576c87580ff8bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe

Filesize
196KB

MD5
1591fbb2615edc0c21d7af6ae64bc707

SHA1
fc48817bcdb7a0a59e869c777988f96124a6d408

SHA256
56ae97ae7892c3da1ab839f3d9111bd63e9c5be7d9ac1d0797a18cb518fcad45

SHA512
9fca3a5a60e4514f322107a156fd49562e050153e27a0005de4c0af5d43ba8b1c968a896f016bf8e5c451b18c8dc2dee00d3e47bc102ad647437a176327006ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe

Filesize
196KB

MD5
7ae740980fa2541397250c2b22048ee0

SHA1
6118cb6c899e1e955f68cf2e0329c9e52e65bbc1

SHA256
a223dce413b757ae270cc06d067eaabfd6c2d5ef3fd4a9f337e2be6e1b0b7157

SHA512
de5c72060e5a7e7a1e849bb83f4a0fc10bed56e7da77fdef74db5ac9b8ceff869b96854beffa640de74dde0778b79d961ba54fe603aaa7fc2c5130d3b5daab5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe

Filesize
196KB

MD5
ed9df422b0778799664984192f653cac

SHA1
fe81c3b57c4085db22e680af4b57fc1794a9b21d

SHA256
006f4902fa29567ccfe223d712778a23340fa49741db0b02021e9e92d5ffaddd

SHA512
172970e51d4bcd769c74175e08505e6434b3bf3e719edbd0b4fa8a8f5c1eda754c512d60519463aa2cf3fa60a8478992f93b5692faf5d6935eda1c7a522e573e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe

Filesize
196KB

MD5
ee8e951168b58b9b68e4bb1c4271d06e

SHA1
7ec9f55190302aaf1829c99c9767666fac8e7da3

SHA256
024445a82ed78295156f8452794877ba60c151060fee102b8b2342c5a664a621

SHA512
b7c29d4b77a4afe3656a480598a094c1d92ef559cf1d071e168fd4465e3ccc78c86b0adffa110814f5146596a2aec4452d40d6754de206a498262faf25427063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe

Filesize
196KB

MD5
8f9eae9129d00b9e7859de1a08ff288e

SHA1
6d619187d1170b5a22b0f3fa2e449c3ef6af0153

SHA256
89ecbec80ad6702a3cb818e446eaaf5b3c86317ce5f23adbff00af4c215d7a3d

SHA512
dfb05772c335222a563c8150da963ebd7a888f74d3d17ce997df86d2e731a4d09df6c6e0777be2a803b3d4304d096abf707607fa5fb4d007408725be7c343e31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe

Filesize
196KB

MD5
148cad9f20c84cb2c64f78cd2b48ed86

SHA1
5012c7c5763fade0be65bb0a280ca5166e0ab71a

SHA256
349085368e325dffe76d3195fc21d8b61335db5098034835c843a0e876068b50

SHA512
b44970c3b4684c7d861dccdd3639763b91138587afc1a831bbd41ac5f84b0955f504651decb3c7f5b3137d37b8fdf64eb49c0768f292ab368a905414b6c45c80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe

Filesize
196KB

MD5
904136c1b9f120f00f77e1d05a9ef5aa

SHA1
e370ae9698b487a9e9b6ae70e5a026ee7494e03b

SHA256
a805e6825af4cf3f864ab07f20faa9f1d06ad489c63b46dbb4316e06e0f6f22b

SHA512
eb7f415c6af50a6ddff34c8ad9b4e93cc3b7382665733b68e5e1a288b38420932cfd7d1b26436a46b9cb2d92ae1fafcaf168a3ad6fcc456f4e382bdeca91ddc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe

Filesize
196KB

MD5
d13a461b7f666d9e575c0ce42b8bb57a

SHA1
07aafa7010b49ba290625b40feaf1dff323eaa6f

SHA256
25478032f19b3f19ca058dd11a9834cf57a66b4259dab3371a2d6916b64ce3ed

SHA512
9c86c58c1bf7c804296405403659c9cdecbf7a188b847835d22f22e153e735c2e6d55d962ccfc4cf84a5a0e88988788193204f0d894cc292718ae4e11a7f5292

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads