Overview

overview

10

Static

static

3

JaffaCakes...b1.dll

windows7-x64

10

JaffaCakes...b1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2025, 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_2c98cb4e139ce5a1a21e668a8cd9feb1.dll

  • Size

    1.7MB

  • MD5

    2c98cb4e139ce5a1a21e668a8cd9feb1

  • SHA1

    9e079138fd276f7993bba2a62c9a27fd5e6c8607

  • SHA256

    7730c0e556bed612863399019d411fa1d03486d1fc32028ea0cad2f1a9a5ffc6

  • SHA512

    2ccf577f61d60f7e014d42f98d06f8d8f05d2928f65510d9fbb50df9e2d8586114a04b8a450c62cfe36585026c43ac7b511ff2a05b7b6fd694353c2ebb7f890a

  • SSDEEP

    24576:o4pLEZif00JxEAXqCvRAQKNDmWEAeApxOGlFZ4h0pZB5v31rIyOlIM+SSZPU:oGYZifFEAXr6fraYp3Oy3Sc8

Score
10/10
unicornstealerdiscoveryspywarestealer

Malware Config

Signatures

  • UnicornStealer

    UnicornStealer is a modular infostealer written in C++.

    stealerunicornstealer
  • Unicornstealer family
    unicornstealer
  • Unicorn Stealer payload 17 IoCs
    stealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2c98cb4e139ce5a1a21e668a8cd9feb1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2c98cb4e139ce5a1a21e668a8cd9feb1.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Windows\system32\svchost.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:2696
        • C:\Windows\SysWOW64\dllhost.exe
          "C:\Windows\system32\dllhost.exe"
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2364-31-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-14-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-52-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-53-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-56-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-54-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-44-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-36-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-58-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-15-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-26-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-16-0x0000000000080000-0x0000000000089000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2364-30-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-20-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-22-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-23-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-28-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2696-18-0x00000000048F0000-0x0000000004A40000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2696-13-0x00000000048F0000-0x0000000004A40000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2696-12-0x00000000000E0000-0x00000000000E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-8-0x0000000000090000-0x0000000000092000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2780-0-0x0000000002110000-0x00000000022C5000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2780-10-0x0000000002110000-0x00000000022C5000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2780-9-0x00000000022A6000-0x00000000022B0000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2780-6-0x0000000002110000-0x00000000022C5000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2780-7-0x00000000022A6000-0x00000000022B0000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2780-1-0x0000000002110000-0x00000000022C5000-memory.dmp

    Filesize

    1.7MB

    Download