3dc9fe2f1b7611ad050da4eed640284a7de8f36d3585b92536259330d4157673

Analysis

max time kernel
29s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
Size

192KB
MD5

047758619f088f4a0093d94a803ed754
SHA1

5bdca8205a7c1d18c53a73aa3958dc731a8c3fb1
SHA256

3dc9fe2f1b7611ad050da4eed640284a7de8f36d3585b92536259330d4157673
SHA512

8d48e791db05b0ccfa6fda4750b97ab6366fe25a38d703fc242401f74f4aab38ec461e1e7c611221a74213b8c944d1bd77b35a991205e8258830682687c886c5
SSDEEP

3072:HcGColAjg5ugbOjRqiuyu7865DSJQtWepjxRojuCllv1pFA:Hcboh0gbmqxyu7/EA0llv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 34 IoCs

pid	Process
1768	Unicorn-37928.exe
1580	Unicorn-4544.exe
2580	Unicorn-54300.exe
2888	Unicorn-60818.exe
1776	Unicorn-7533.exe
2504	Unicorn-5073.exe
3028	Unicorn-32360.exe
2836	Unicorn-20854.exe
2968	Unicorn-57056.exe
2516	Unicorn-3579.exe
2656	Unicorn-49251.exe
2696	Unicorn-23289.exe
2788	Unicorn-15120.exe
852	Unicorn-17019.exe
2116	Unicorn-61581.exe
2296	Unicorn-49884.exe
2268	Unicorn-8296.exe
652	Unicorn-30806.exe
1816	Unicorn-19108.exe
1152	Unicorn-27874.exe
2412	Unicorn-16368.exe
2104	Unicorn-56462.exe
1396	Unicorn-16307.exe
1576	Unicorn-33389.exe
608	Unicorn-61423.exe
2356	Unicorn-8138.exe
1892	Unicorn-333.exe
2308	Unicorn-24126.exe
2120	Unicorn-24126.exe
1548	Unicorn-43992.exe
2928	Unicorn-43992.exe
1108	Unicorn-43992.exe
1316	Unicorn-7079.exe
1748	Unicorn-31927.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
1768	Unicorn-37928.exe
2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
1768	Unicorn-37928.exe
2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
2580	Unicorn-54300.exe
2580	Unicorn-54300.exe
1580	Unicorn-4544.exe
1580	Unicorn-4544.exe
1768	Unicorn-37928.exe
1768	Unicorn-37928.exe
2888	Unicorn-60818.exe
2888	Unicorn-60818.exe
2580	Unicorn-54300.exe
2580	Unicorn-54300.exe
1776	Unicorn-7533.exe
1776	Unicorn-7533.exe
1580	Unicorn-4544.exe
2504	Unicorn-5073.exe
1580	Unicorn-4544.exe
2504	Unicorn-5073.exe
2836	Unicorn-20854.exe
2836	Unicorn-20854.exe
2968	Unicorn-57056.exe
2968	Unicorn-57056.exe
1776	Unicorn-7533.exe
1776	Unicorn-7533.exe
2516	Unicorn-3579.exe
2516	Unicorn-3579.exe
2504	Unicorn-5073.exe
2504	Unicorn-5073.exe
2656	Unicorn-49251.exe
2656	Unicorn-49251.exe
2696	Unicorn-23289.exe
2696	Unicorn-23289.exe
2836	Unicorn-20854.exe
2836	Unicorn-20854.exe
2968	Unicorn-57056.exe
2968	Unicorn-57056.exe
2788	Unicorn-15120.exe
2788	Unicorn-15120.exe
852	Unicorn-17019.exe
852	Unicorn-17019.exe
2116	Unicorn-61581.exe
2116	Unicorn-61581.exe
2516	Unicorn-3579.exe
2516	Unicorn-3579.exe
2296	Unicorn-49884.exe
2296	Unicorn-49884.exe
2268	Unicorn-8296.exe
2268	Unicorn-8296.exe
2656	Unicorn-49251.exe
2656	Unicorn-49251.exe
2696	Unicorn-23289.exe
2788	Unicorn-15120.exe
2788	Unicorn-15120.exe
2696	Unicorn-23289.exe
1152	Unicorn-27874.exe
652	Unicorn-30806.exe
2412	Unicorn-16368.exe
1152	Unicorn-27874.exe
2412	Unicorn-16368.exe
652	Unicorn-30806.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
1768	Unicorn-37928.exe
2580	Unicorn-54300.exe
1580	Unicorn-4544.exe
2888	Unicorn-60818.exe
1776	Unicorn-7533.exe
2504	Unicorn-5073.exe
2836	Unicorn-20854.exe
2968	Unicorn-57056.exe
2516	Unicorn-3579.exe
2656	Unicorn-49251.exe
2696	Unicorn-23289.exe
2788	Unicorn-15120.exe
852	Unicorn-17019.exe
2296	Unicorn-49884.exe
2116	Unicorn-61581.exe
2268	Unicorn-8296.exe
652	Unicorn-30806.exe
1816	Unicorn-19108.exe
1152	Unicorn-27874.exe
2412	Unicorn-16368.exe
1396	Unicorn-16307.exe
1576	Unicorn-33389.exe
1892	Unicorn-333.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1768	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	28
PID 2084 wrote to memory of 1768	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	28
PID 2084 wrote to memory of 1768	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	28
PID 2084 wrote to memory of 1768	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	28
PID 1768 wrote to memory of 1580	1768	Unicorn-37928.exe	29
PID 1768 wrote to memory of 1580	1768	Unicorn-37928.exe	29
PID 1768 wrote to memory of 1580	1768	Unicorn-37928.exe	29
PID 1768 wrote to memory of 1580	1768	Unicorn-37928.exe	29
PID 2084 wrote to memory of 2580	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	30
PID 2084 wrote to memory of 2580	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	30
PID 2084 wrote to memory of 2580	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	30
PID 2084 wrote to memory of 2580	2084	047758619f088f4a0093d94a803ed754_JaffaCakes118.exe	30
PID 2580 wrote to memory of 2888	2580	Unicorn-54300.exe	31
PID 2580 wrote to memory of 2888	2580	Unicorn-54300.exe	31
PID 2580 wrote to memory of 2888	2580	Unicorn-54300.exe	31
PID 2580 wrote to memory of 2888	2580	Unicorn-54300.exe	31
PID 1580 wrote to memory of 1776	1580	Unicorn-4544.exe	32
PID 1580 wrote to memory of 1776	1580	Unicorn-4544.exe	32
PID 1580 wrote to memory of 1776	1580	Unicorn-4544.exe	32
PID 1580 wrote to memory of 1776	1580	Unicorn-4544.exe	32
PID 1768 wrote to memory of 2504	1768	Unicorn-37928.exe	33
PID 1768 wrote to memory of 2504	1768	Unicorn-37928.exe	33
PID 1768 wrote to memory of 2504	1768	Unicorn-37928.exe	33
PID 1768 wrote to memory of 2504	1768	Unicorn-37928.exe	33
PID 2888 wrote to memory of 3028	2888	Unicorn-60818.exe	34
PID 2888 wrote to memory of 3028	2888	Unicorn-60818.exe	34
PID 2888 wrote to memory of 3028	2888	Unicorn-60818.exe	34
PID 2888 wrote to memory of 3028	2888	Unicorn-60818.exe	34
PID 2580 wrote to memory of 2836	2580	Unicorn-54300.exe	35
PID 2580 wrote to memory of 2836	2580	Unicorn-54300.exe	35
PID 2580 wrote to memory of 2836	2580	Unicorn-54300.exe	35
PID 2580 wrote to memory of 2836	2580	Unicorn-54300.exe	35
PID 1776 wrote to memory of 2968	1776	Unicorn-7533.exe	36
PID 1776 wrote to memory of 2968	1776	Unicorn-7533.exe	36
PID 1776 wrote to memory of 2968	1776	Unicorn-7533.exe	36
PID 1776 wrote to memory of 2968	1776	Unicorn-7533.exe	36
PID 1580 wrote to memory of 2656	1580	Unicorn-4544.exe	37
PID 1580 wrote to memory of 2656	1580	Unicorn-4544.exe	37
PID 1580 wrote to memory of 2656	1580	Unicorn-4544.exe	37
PID 1580 wrote to memory of 2656	1580	Unicorn-4544.exe	37
PID 2504 wrote to memory of 2516	2504	Unicorn-5073.exe	38
PID 2504 wrote to memory of 2516	2504	Unicorn-5073.exe	38
PID 2504 wrote to memory of 2516	2504	Unicorn-5073.exe	38
PID 2504 wrote to memory of 2516	2504	Unicorn-5073.exe	38
PID 2836 wrote to memory of 2696	2836	Unicorn-20854.exe	39
PID 2836 wrote to memory of 2696	2836	Unicorn-20854.exe	39
PID 2836 wrote to memory of 2696	2836	Unicorn-20854.exe	39
PID 2836 wrote to memory of 2696	2836	Unicorn-20854.exe	39
PID 2968 wrote to memory of 2788	2968	Unicorn-57056.exe	40
PID 2968 wrote to memory of 2788	2968	Unicorn-57056.exe	40
PID 2968 wrote to memory of 2788	2968	Unicorn-57056.exe	40
PID 2968 wrote to memory of 2788	2968	Unicorn-57056.exe	40
PID 1776 wrote to memory of 852	1776	Unicorn-7533.exe	41
PID 1776 wrote to memory of 852	1776	Unicorn-7533.exe	41
PID 1776 wrote to memory of 852	1776	Unicorn-7533.exe	41
PID 1776 wrote to memory of 852	1776	Unicorn-7533.exe	41
PID 2516 wrote to memory of 2116	2516	Unicorn-3579.exe	42
PID 2516 wrote to memory of 2116	2516	Unicorn-3579.exe	42
PID 2516 wrote to memory of 2116	2516	Unicorn-3579.exe	42
PID 2516 wrote to memory of 2116	2516	Unicorn-3579.exe	42
PID 2504 wrote to memory of 2296	2504	Unicorn-5073.exe	43
PID 2504 wrote to memory of 2296	2504	Unicorn-5073.exe	43
PID 2504 wrote to memory of 2296	2504	Unicorn-5073.exe	43
PID 2504 wrote to memory of 2296	2504	Unicorn-5073.exe	43

C:\Users\Admin\AppData\Local\Temp\047758619f088f4a0093d94a803ed754_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\047758619f088f4a0093d94a803ed754_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        8⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        7⤵
        Executes dropped EXE
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        11⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        7⤵
        Executes dropped EXE
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        9⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        6⤵
        Executes dropped EXE
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        6⤵
        Executes dropped EXE
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        6⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        8⤵
        
        PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        7⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        6⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50821.exe
        7⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        5⤵
        Executes dropped EXE
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        7⤵
        
        PID:2264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
      4⤵
      Executes dropped EXE
      PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        6⤵
        Executes dropped EXE
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        8⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        5⤵
        Executes dropped EXE
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        6⤵
        
        PID:344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        5⤵
        Executes dropped EXE
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        6⤵
        
        PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe

Filesize
192KB

MD5
8ac687e228c8cafa2193f0fa6e313d48

SHA1
df6c45067e7fd23f3f366b8e08e8c1c7b51c5489

SHA256
4bf501d91bf0054a1205a32ebce43d525dd76a0cb9eb34503672b585d0820b78

SHA512
e96ed3240b815966f3092733543f93e5d4e2e7e4db81a4626b1121acae97bef09510b1b83bf62b5492791206816b00d54e669bc8aeed99c18ef66280d2c54065

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe

Filesize
192KB

MD5
8517cbbd1e584e06764a58d92507d6e9

SHA1
a9a334254f06f2272304951850ec94d285c2bac5

SHA256
352350b01d47388a1f841ca95bf8134dd7494926eac9e95a2df200a49aa22936

SHA512
845329be2f014f50600b7b299ac161b76c713097f67e39335a981db4e1e971684462d2cb32873c14fea1d34f01a3782a41c5a0cc5d50d7104fefd11639afc0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe

Filesize
192KB

MD5
37fa67ca26144de8c57c70806aaa6145

SHA1
cb558df31af259c941241c29ccea884cdc1db1bb

SHA256
b198fc3f4294787e091603f47ec75da74bf509ee3992c995831bdb7cfd9b5fee

SHA512
d092f4b657b4c9b389897d9b847b6de2fc20ea68b1af7a4341373611204e41e0ff004f265bbfe074248981c77fb284283a69b129892f555d8cc950f22c6fcdb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe

Filesize
192KB

MD5
2a26e0107fb4403ece9ac24bfb3aa18e

SHA1
28053bfe01efaffc54f1bd4968bdcfd3c3bef416

SHA256
abd58379ec4c00b11bd710adb3f3f7b3b5ac30a245031638c7d417632a9346de

SHA512
42a12081bcb0a145955c3ec8b4636cec96b85a237585f7349d647c6bb2fd0db7386405ae2feb13a20437ab4a9ee2c91347cfb91ea0cb96fffa198673123058ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe

Filesize
192KB

MD5
8961ce24bdf63cf6d8bc9e1a56b5deed

SHA1
2a5c671823176b6cba619b300eb3cb12d441a70f

SHA256
847c5795c4b840779fb7b31b940126d31507a30088fbc51bcf98a02e3173800b

SHA512
b3fd36af8cc218e61e55e93ac2041e4d2df776bcc8dc53316de26d221fc49cbf42a0f8dbb8d5fc160b6977dc7a32c738f6db38ac00769db924f1f8e856f3f7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe

Filesize
192KB

MD5
f92e47fbb723d8ff3c6da240ba72ab47

SHA1
aed62e5cfa94c58373a6ceece977a293690d3b6d

SHA256
9b60f9ea469b76dfed0c5c9c7639cffb235f330813ecdeb93399fa138f7e3584

SHA512
620bdcd67852db771ddb9fcbf6d81203b0557fd4f11132a0c779780f462e91234dd6553349fd319607382be9b8f96010805b7b6f7442a7daabf3655337b671d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe

Filesize
192KB

MD5
c6fde355773bfb86adab3de42317f184

SHA1
38641afae552d1a27bc2697031033a64899c566b

SHA256
f55fba6b2c7ae1ae64c1e2c63478b6c731ccfda499de0409dd3b9b08164728fe

SHA512
a93703cb9c2f6f9493dba848f93ee9a81a280e2a9612fcc8e15ae4b2a6360fb8ce4da3a57a425739271c7bb1416fd6452850a5a6dc31e01bd500f8b5a24f5c50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15120.exe

Filesize
192KB

MD5
a70bbc10381f1dc8ef2eb14671e12b0d

SHA1
bcbb7c279e00c3efc51445c8162256756a825992

SHA256
3adb7ac3094a0567babf3649be9aa6332dc9805edff49bfe5b6f15d024cc6195

SHA512
d4843f6349cab449598667cb27d67285c08d72ed821fd9fadf53b32871bbedbf00ba32b1a5deb648acd0a652c5cb730dceabe5ad501764c6752d25edd46b7d09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe

Filesize
192KB

MD5
9dcbcc825ccaa1ebe5e0a862aa07a8ba

SHA1
7198f4dc44e176259a2045e7a5df3ccd3eac4fb0

SHA256
4bfe125039a16ec36c304c3c5df60c6407fe15fa8b872bde781ee00f5b2c48b5

SHA512
96ef5124f890933182a84e7224e09b8bd286b4d3e1daf9eecaa230b1470c2dbe959277e6f4f6f7efb086465bf9a2acf63d8552286f346d623e9a9a619659ab7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe

Filesize
192KB

MD5
28b3915fcea30b4a96778b050aef1592

SHA1
2a73b3f7e0fef90082d3195ea8a1a59a6d61004e

SHA256
74b74af463f1097cc47f5a8ce2a70cab8cfe9861dea460ab41a0a58ba76d19b1

SHA512
ea953ab92287ccd201bd18af7237dfc633ca19ac1d299c1b6fcda14528f1bb178406094fc4b81272df3f8fc63e541512eec7ccc6575471f5622f131e064e6de9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe

Filesize
192KB

MD5
c29e4208784d2a9ae4032ea80e36f592

SHA1
3c94c5f080cf96d6b846fdb51968a9b0b71cb52d

SHA256
29e32b661e051bee3bdcd84e3a84180e80b3f1fba196edd6fb679c7a6d914268

SHA512
f81ecf76456e58704b932f4638efafb2ab46aac7f1f43630af9033d36d20df6372d4c1dcac52a9d72813d699791786d7e3b354af015803d479ea869e1bb74718

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe

Filesize
192KB

MD5
c83245ad1499d219263c94c6bfd89ef2

SHA1
23f5b890439815cc067fb93ae72800d37ba0323d

SHA256
dd72be922bff5394e6f3044ba25ffd3096bdb5c2ef3e9436baac1db611517e2d

SHA512
2d175838461a18277cdf5352c90c4742c36e5d5ff8a5499116145036029530aa3ead6a15793c9d8c0b9bb76dbee3acc763e8644828d1f0a585c58f80b1f7400b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe

Filesize
192KB

MD5
742b57387174ba409fc3dfc40291224d

SHA1
38025fa0c743ee120b8e8f385dd30049ce3951f4

SHA256
58bfbec73c969ef477dc9d101617121f25488fb4489c8b3dbca5a134dae26e94

SHA512
6fa8845c0da55bba8ea51dd56e95cbb2209ef23f1c8e8ee53e2c08f6bcf48fc94f7815331f7ec584dfad3b0ee487d4e799763ce3680efd805d1b9c694b0f9f76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe

Filesize
192KB

MD5
e30ac5f5a2820a88ac82eb0a4300fe2b

SHA1
40f8b8348cee89ecb05e443122461928a40f0acb

SHA256
894a580ac26d37ca1837df96eaa175e62f5379aebf3da1ea81fb40a9b1844471

SHA512
70656ed231f0ed3bc42e008dc2fd03aae32e1dc9b92757554b2bcd9d6760f2fca351d68d729931c9faeb8ae39542cd5b800af7755b38eafecccde1a69e29061d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe

Filesize
192KB

MD5
442d2e669d452997edfaf0ad0fe8511f

SHA1
9abda83fdf2432e0945b2752489264193598bc19

SHA256
ae9aee18a579abbd9797587acdf8b625929fd0e1d808b43de97f9465b15ed8f7

SHA512
9276bdf98ff458fd932e9197460191f9fc79201effd625069ca22c6d5e3a0037d554feb6e9833813a063a80a647f32f1d1f9e4a8623dfeb65bf61b08fe9ab8dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe

Filesize
192KB

MD5
9209137f399db43663744fd541075f27

SHA1
732b5c3013cedb8b97984f27e9637688df0cc2a4

SHA256
a623d6264887ee591acf8802359dc4a985d8ad7ec96aa4b67398009e19979c63

SHA512
8ef6501d931553cbc69451471a4262479c00d3b2d21dcb6ce51457d888379a2dc7550dc38bebe8776fdc87236982beb96cca71e9ae44f2f3a66f3dc6d83f27f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe

Filesize
192KB

MD5
f5e7d5dbe6f6bda623161184626d0d3e

SHA1
a7faef4c6feb14590e95e9f7e83c56ccd5a7ec42

SHA256
7be32e186c0825e4b0baff097878098b57e3da57d1686c65f0f03da74245c3d2

SHA512
fbb0cb3b17c0165936c5eeab1d712f5d173804038a958aa3ed16078218aab740fc1e0bf77eacef944fde67b579c6a4fe3e97dd14b1b6cf9f54fcad4ba3afb216

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe

Filesize
192KB

MD5
eeb8f2f2c10fbf6ebf1242e37d46c34c

SHA1
895c993137f6e5bcb827c2ef72e53c67d4b8d47e

SHA256
b7da95202ad9d75d00874ff2d3684537dc222ed8651bf62ff6d6e12f367a3cb8

SHA512
62d74c60435bfe7627db16db22321dfe3143e6f80cef57a5625b0238fb248925bfb23e20f55eecb1a831777c74d3bf5de7b13b7eb750c51a45ba9acca52544f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe

Filesize
192KB

MD5
4cd8264980e666f22612520c2e49502d

SHA1
1c538962bf4e49d806853ff145a6c222f9d07d2c

SHA256
808871fa7d389f3492710fee509d77d697acc4d29f9300645cff0de342ffb48f

SHA512
c7dedb775ac1227b662f929b0f6398b380b2476a25928fbf50ece130c50301daf5bce7aa9fa86fca2a94f0bb08809e54a3c9daf9883c0c435ba81c45e61b51be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe

Filesize
192KB

MD5
27be4d7159c3eab26da57e914db6500c

SHA1
829c0dad3f546ab7cce77bdc1975f7311c9c8aa6

SHA256
526bf0edc4a541fa401a57b8e361db3106e9ac16b56838150b97b3bd53229af4

SHA512
8db8f91ba405ca1c523c0b708e89229715ce49db619243dd2bf542d5db755583d61549620be14d57ccae384f0c512fa8558d6ce0873b0144bffcca96cb0cc4f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads