d5edb91607674cc802591a50e426f353e4a3f977042846624899203a4f03be04

Analysis

max time kernel
110s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
Size

184KB
MD5

0d381fd85c5ad9ad9c089b13ff3f2619
SHA1

5cd69af2ad5865ac1dca8667aadeda3aa411b687
SHA256

d5edb91607674cc802591a50e426f353e4a3f977042846624899203a4f03be04
SHA512

bb390af1364b2c0708db0afdfee3e876886c9ec09e79a2a2b82d4b04dc4db700d03a0b23cf2cf38ab53cef07c364c360f4692e44ca26540c5395045d9a5f0f24
SSDEEP

3072:qoyqoTs0VJAQ10j+udxvl8Fy26rpO4OI9DBZBKPpKil+kyFb:qoPoFmQ1fujvl8s/fPil+kyF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 49 IoCs

pid	Process
2992	Unicorn-19471.exe
2996	Unicorn-46196.exe
2648	Unicorn-65225.exe
2616	Unicorn-11468.exe
2440	Unicorn-22329.exe
2584	Unicorn-15552.exe
1656	Unicorn-24873.exe
2924	Unicorn-35733.exe
2472	Unicorn-33041.exe
2736	Unicorn-41209.exe
804	Unicorn-56154.exe
1648	Unicorn-32115.exe
1776	Unicorn-55228.exe
1512	Unicorn-13640.exe
1412	Unicorn-18.exe
2928	Unicorn-61471.exe
2232	Unicorn-19047.exe
2252	Unicorn-62026.exe
2384	Unicorn-57470.exe
268	Unicorn-57470.exe
764	Unicorn-57470.exe
1400	Unicorn-37604.exe
468	Unicorn-37604.exe
580	Unicorn-37604.exe
840	Unicorn-24414.exe
552	Unicorn-24414.exe
1592	Unicorn-40719.exe
1540	Unicorn-33013.exe
240	Unicorn-61129.exe
696	Unicorn-50688.exe
1536	Unicorn-31825.exe
2276	Unicorn-9510.exe
1424	Unicorn-16117.exe
2324	Unicorn-12032.exe
1528	Unicorn-20201.exe
2596	Unicorn-58026.exe
2804	Unicorn-40621.exe
2152	Unicorn-28369.exe
2636	Unicorn-31384.exe
2824	Unicorn-17762.exe
2432	Unicorn-59349.exe
2400	Unicorn-59178.exe
2160	Unicorn-12670.exe
2424	Unicorn-9977.exe
1576	Unicorn-41258.exe
2100	Unicorn-30398.exe
2392	Unicorn-41798.exe
2956	Unicorn-41798.exe
2688	Unicorn-61664.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
2992	Unicorn-19471.exe
2992	Unicorn-19471.exe
2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
2996	Unicorn-46196.exe
2996	Unicorn-46196.exe
2992	Unicorn-19471.exe
2992	Unicorn-19471.exe
2648	Unicorn-65225.exe
2648	Unicorn-65225.exe
2616	Unicorn-11468.exe
2996	Unicorn-46196.exe
2616	Unicorn-11468.exe
2996	Unicorn-46196.exe
2440	Unicorn-22329.exe
2440	Unicorn-22329.exe
2584	Unicorn-15552.exe
2584	Unicorn-15552.exe
2648	Unicorn-65225.exe
2648	Unicorn-65225.exe
1656	Unicorn-24873.exe
1656	Unicorn-24873.exe
2616	Unicorn-11468.exe
2616	Unicorn-11468.exe
2924	Unicorn-35733.exe
2924	Unicorn-35733.exe
804	Unicorn-56154.exe
804	Unicorn-56154.exe
2472	Unicorn-33041.exe
2472	Unicorn-33041.exe
2584	Unicorn-15552.exe
2440	Unicorn-22329.exe
2584	Unicorn-15552.exe
2440	Unicorn-22329.exe
1776	Unicorn-55228.exe
1648	Unicorn-32115.exe
1512	Unicorn-13640.exe
1776	Unicorn-55228.exe
1512	Unicorn-13640.exe
1648	Unicorn-32115.exe
1656	Unicorn-24873.exe
2924	Unicorn-35733.exe
2736	Unicorn-41209.exe
1656	Unicorn-24873.exe
2736	Unicorn-41209.exe
2924	Unicorn-35733.exe
2252	Unicorn-62026.exe
2232	Unicorn-19047.exe
2232	Unicorn-19047.exe
2252	Unicorn-62026.exe
1400	Unicorn-37604.exe
1400	Unicorn-37604.exe
468	Unicorn-37604.exe
468	Unicorn-37604.exe
580	Unicorn-37604.exe
580	Unicorn-37604.exe
840	Unicorn-24414.exe
840	Unicorn-24414.exe
268	Unicorn-57470.exe
268	Unicorn-57470.exe
1540	Unicorn-33013.exe
1540	Unicorn-33013.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
2992	Unicorn-19471.exe
2996	Unicorn-46196.exe
2648	Unicorn-65225.exe
2616	Unicorn-11468.exe
2440	Unicorn-22329.exe
2584	Unicorn-15552.exe
1656	Unicorn-24873.exe
2924	Unicorn-35733.exe
2472	Unicorn-33041.exe
2736	Unicorn-41209.exe
804	Unicorn-56154.exe
1648	Unicorn-32115.exe
1776	Unicorn-55228.exe
1512	Unicorn-13640.exe
1412	Unicorn-18.exe
2252	Unicorn-62026.exe
2232	Unicorn-19047.exe
580	Unicorn-37604.exe
2384	Unicorn-57470.exe
1400	Unicorn-37604.exe
468	Unicorn-37604.exe
552	Unicorn-24414.exe
764	Unicorn-57470.exe
268	Unicorn-57470.exe
840	Unicorn-24414.exe
1592	Unicorn-40719.exe
1540	Unicorn-33013.exe
240	Unicorn-61129.exe
696	Unicorn-50688.exe
1536	Unicorn-31825.exe
2928	Unicorn-61471.exe
2276	Unicorn-9510.exe
1424	Unicorn-16117.exe
2324	Unicorn-12032.exe
1528	Unicorn-20201.exe
2804	Unicorn-40621.exe
2596	Unicorn-58026.exe
2152	Unicorn-28369.exe
2636	Unicorn-31384.exe
2824	Unicorn-17762.exe
2432	Unicorn-59349.exe
2400	Unicorn-59178.exe
2424	Unicorn-9977.exe
2160	Unicorn-12670.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2992	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2992	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2992	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2992	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	28
PID 2992 wrote to memory of 2996	2992	Unicorn-19471.exe	29
PID 2992 wrote to memory of 2996	2992	Unicorn-19471.exe	29
PID 2992 wrote to memory of 2996	2992	Unicorn-19471.exe	29
PID 2992 wrote to memory of 2996	2992	Unicorn-19471.exe	29
PID 2280 wrote to memory of 2648	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	30
PID 2280 wrote to memory of 2648	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	30
PID 2280 wrote to memory of 2648	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	30
PID 2280 wrote to memory of 2648	2280	0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe	30
PID 2996 wrote to memory of 2616	2996	Unicorn-46196.exe	31
PID 2996 wrote to memory of 2616	2996	Unicorn-46196.exe	31
PID 2996 wrote to memory of 2616	2996	Unicorn-46196.exe	31
PID 2996 wrote to memory of 2616	2996	Unicorn-46196.exe	31
PID 2992 wrote to memory of 2440	2992	Unicorn-19471.exe	32
PID 2992 wrote to memory of 2440	2992	Unicorn-19471.exe	32
PID 2992 wrote to memory of 2440	2992	Unicorn-19471.exe	32
PID 2992 wrote to memory of 2440	2992	Unicorn-19471.exe	32
PID 2648 wrote to memory of 2584	2648	Unicorn-65225.exe	33
PID 2648 wrote to memory of 2584	2648	Unicorn-65225.exe	33
PID 2648 wrote to memory of 2584	2648	Unicorn-65225.exe	33
PID 2648 wrote to memory of 2584	2648	Unicorn-65225.exe	33
PID 2616 wrote to memory of 1656	2616	Unicorn-11468.exe	34
PID 2616 wrote to memory of 1656	2616	Unicorn-11468.exe	34
PID 2616 wrote to memory of 1656	2616	Unicorn-11468.exe	34
PID 2616 wrote to memory of 1656	2616	Unicorn-11468.exe	34
PID 2996 wrote to memory of 2924	2996	Unicorn-46196.exe	35
PID 2996 wrote to memory of 2924	2996	Unicorn-46196.exe	35
PID 2996 wrote to memory of 2924	2996	Unicorn-46196.exe	35
PID 2996 wrote to memory of 2924	2996	Unicorn-46196.exe	35
PID 2440 wrote to memory of 2472	2440	Unicorn-22329.exe	36
PID 2440 wrote to memory of 2472	2440	Unicorn-22329.exe	36
PID 2440 wrote to memory of 2472	2440	Unicorn-22329.exe	36
PID 2440 wrote to memory of 2472	2440	Unicorn-22329.exe	36
PID 2584 wrote to memory of 2736	2584	Unicorn-15552.exe	37
PID 2584 wrote to memory of 2736	2584	Unicorn-15552.exe	37
PID 2584 wrote to memory of 2736	2584	Unicorn-15552.exe	37
PID 2584 wrote to memory of 2736	2584	Unicorn-15552.exe	37
PID 2648 wrote to memory of 804	2648	Unicorn-65225.exe	38
PID 2648 wrote to memory of 804	2648	Unicorn-65225.exe	38
PID 2648 wrote to memory of 804	2648	Unicorn-65225.exe	38
PID 2648 wrote to memory of 804	2648	Unicorn-65225.exe	38
PID 1656 wrote to memory of 1648	1656	Unicorn-24873.exe	39
PID 1656 wrote to memory of 1648	1656	Unicorn-24873.exe	39
PID 1656 wrote to memory of 1648	1656	Unicorn-24873.exe	39
PID 1656 wrote to memory of 1648	1656	Unicorn-24873.exe	39
PID 2616 wrote to memory of 1776	2616	Unicorn-11468.exe	40
PID 2616 wrote to memory of 1776	2616	Unicorn-11468.exe	40
PID 2616 wrote to memory of 1776	2616	Unicorn-11468.exe	40
PID 2616 wrote to memory of 1776	2616	Unicorn-11468.exe	40
PID 2924 wrote to memory of 1512	2924	Unicorn-35733.exe	41
PID 2924 wrote to memory of 1512	2924	Unicorn-35733.exe	41
PID 2924 wrote to memory of 1512	2924	Unicorn-35733.exe	41
PID 2924 wrote to memory of 1512	2924	Unicorn-35733.exe	41
PID 804 wrote to memory of 1412	804	Unicorn-56154.exe	42
PID 804 wrote to memory of 1412	804	Unicorn-56154.exe	42
PID 804 wrote to memory of 1412	804	Unicorn-56154.exe	42
PID 804 wrote to memory of 1412	804	Unicorn-56154.exe	42
PID 2472 wrote to memory of 2928	2472	Unicorn-33041.exe	43
PID 2472 wrote to memory of 2928	2472	Unicorn-33041.exe	43
PID 2472 wrote to memory of 2928	2472	Unicorn-33041.exe	43
PID 2472 wrote to memory of 2928	2472	Unicorn-33041.exe	43

C:\Users\Admin\AppData\Local\Temp\0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0d381fd85c5ad9ad9c089b13ff3f2619_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53195.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        10⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        8⤵
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        8⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        7⤵
        Executes dropped EXE
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        7⤵
        
        PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        7⤵
        Executes dropped EXE
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        6⤵
        Executes dropped EXE
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
        8⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        7⤵
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        6⤵
        Executes dropped EXE
        
        PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe

Filesize
184KB

MD5
4ff9c5538bdcdfc1c315ff6fdf96083f

SHA1
56f41ff9522a2c90297ecf708ef4917f60a1e6e3

SHA256
7dfd4e259de79987963f491347c35a03ba0686bff4c2e87291b773b3633a5c60

SHA512
e96df385d7db772f2aabffcaa81ab553a1b2e63428e972c13b7228a5d296e521587c17628a2f799ac600f5a26c81d7eb8a1564140ce17695c8756114c91fe578

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe

Filesize
184KB

MD5
9606f58190d45f59318ab79bf807c28d

SHA1
9c463c7dd8b451c26575c05ec3868cfb3e82ac1c

SHA256
b517313cb7dfa04933bb58b2aa6b9d8a2b1073f69a7c7fd66149d30e4bd9d36d

SHA512
83f67fae1542eb5313e363c8482759a4283f52eedff16f8f154a4d999d60cad08cee5a046148cebc590824d6ab2bdf201c5a5c40d28d0721fd4aeae09f950fd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe

Filesize
184KB

MD5
a55057312177f8829a44ca5d777318f5

SHA1
8a7da83d2db9fdf4c9913a147db839350e2cb8ef

SHA256
3b1b13ea05f5c5dcc1de13fec81c62aa088689125038019f90dd8177eac02a85

SHA512
881c735eb9d3eea137d95c74191f750e82f66f46260c75e2db21889afe4b07516a5fbdf06e59b899f7ed8c13d5ac55bb9929ad4040ebcdcaa622caec5cc09a42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe

Filesize
184KB

MD5
55adc89cd0322bd4ac40a8d437e9c6f5

SHA1
dad3b53d6fcfa7acb7b48651b0ec377147ab8570

SHA256
76c9e104c68fac3e51b572d1ab699435edb54fe507c365b4e9d2ce5fe76040e1

SHA512
e9012be40388615a0eb551ead30de4b3131f33da0995cc717d4c80338acb327c61b57d78557b3650a03edad5e51ff39d1e635c969cb2acaed22c4fd4226c2fec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18.exe

Filesize
184KB

MD5
c07faacb80a17116398dac149bd44d6c

SHA1
17d15043219ff90d04efad83c7785e957f66e69c

SHA256
d24eaa41026766a40a7d7f03ae5ca9b519a96da3571973a5d25491cfa9aa02f4

SHA512
e49eef4f80f0580d743d06fe2dbc502b2b1a52e504ec7bdf1af4492d8329edd6c5f92982c9835080cffc26cb91994e47328b0e9dadf6761921d2eb82ec7bacf7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe

Filesize
184KB

MD5
ab4eee95ea4666f206f93c3e299b1dd3

SHA1
b6746b82c426ecb462846b8ab4056b127687b9af

SHA256
ba916de36a01c13555c8b216c53afd898256cb399d0558eacbd83751e31ce4e4

SHA512
390962c6e1c6d0c9dcbf456cddc1e2b7ca437df442626fa194fca85cd8c6e5082061bbf427ca518f74574656a4c3882403676d5090880891282e41d85fb471c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe

Filesize
184KB

MD5
3b30874d75201e0d6eb6962981c07d10

SHA1
86b9c7cdd4da210d811dfa33ffece66892878364

SHA256
12146ba74fbf9391268dd1dc2320ae771ec8f91e48fabd4f7a88dd6cae467a93

SHA512
5885d6767ae2737711629e5670bf12f666162cf90f98910935633cbfc914a3c06d6f11624f796e6024bfb3014e5e0a24cb09182ee7e617d0aa6ba580b2d9b409

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe

Filesize
184KB

MD5
c4134a388a3c001fb77204ec8a6b7019

SHA1
2e07a81da8b874bd6728ad9547cb14bba1097333

SHA256
515345a03431344faa5dfaa8ead10b69163cd4e03e95b937e4f772981d7d9455

SHA512
151d01f8edf197183bc5c345da68a6ed51c8ebd527a4180de47821175d3c43223be946d69104cc22a0e1ab1dedd0ef6e94ed642e82d100f6bf5f52cfef95e0e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe

Filesize
184KB

MD5
9bfe74953d93763fb1e9e5698f6ef5da

SHA1
f81d5e0fb07a74077ca1e7f4bc7c2806ceec953b

SHA256
1f0ee28032062a81736385830e51cfa2ccc4b9d6f0bb4848d257dcda2194dd03

SHA512
ce8af837da1d3b8198b5adba309fc80b59bb73a620ccef7673897dadab7060f6db451ef345f9f656c9612c9c1246f3002cdcbf347ac5eeb63529e971151b4303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe

Filesize
184KB

MD5
60964cfc65e8408e85d39479e897c03b

SHA1
0268d0fa2f635340634df75f8b3d1453828a00ce

SHA256
398262eb9b3622f29cb535c8dcb0025199dc172b359beb47a72cdf762082c70d

SHA512
c269e9997574c1bf39b397cdd687da3f3e7b269f71f1ddffed9aff9e803af42da424a9c6cbe12f262249f7a1fa309d9b427e598e0c1b13cf14aa8c62769956d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe

Filesize
184KB

MD5
2dea70aad83ddd51b543607ffa1614b5

SHA1
fe5c50008d1a333f25dc36862bc8c0880804ed8b

SHA256
5340db9cb340ce72d02ac91e0a4b64eb94d35a4d46dfeb28cd2eba1b7862d0e8

SHA512
633ab92c798a2d87436eba338707e32f577f3de1d19749c5825db0651fe750c036a47bfd028894505ad1aab8e55b81b3f4657fa8ff8c342b6fe04f1109c540dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe

Filesize
184KB

MD5
8f27fd5effd21582e86e05a1acd62d54

SHA1
1feffa8dead87dfb560c2ccc9b7b67a4221cd282

SHA256
2048e85a08c5cd9ab5e66b90584bdddaa1cce62dc76e2415c915ca57d962f3bb

SHA512
56903429a54ef473a40a20e2988ab8e8b5bb88896288576e7d1f05184e39ebf733c6d730f126172c615284ec1b1dc25c2e637ea2f32e5120166c30a7ea4ef867

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe

Filesize
184KB

MD5
a4a009793b6517efd98330952619b287

SHA1
d8297b41fb80af87a238df400711945390f03dbe

SHA256
2efef7956801d6dc958868f78c7dc7e613790af778a4f39d7969025639fd65f8

SHA512
03ff0365d19dda563a8e53ef76e654ec14c8013cfcb6f1a88988437994931d4bbafa463da0d07b206d43641a1e4bd6e5b731fc0859d5a2e87fe36520a5bbfd64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe

Filesize
184KB

MD5
7d0bb9c768ed371882f2cc51af4461b0

SHA1
987c927b7a12e7f6649f66e739b047b273fbcad4

SHA256
9ff6691b856a8d24cb04b037f586ba47a865912159d75dfb02370c15082872d4

SHA512
c9bfb36939ccb978e1123fc322140e6222e62f77eb2c27e6d3cfbd5a54cdc124486fb115c6224969e7092b64bce659a88dd1af1796c157f40396a9bdc355f440

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe

Filesize
184KB

MD5
0d47169956e079dbf0c15a25e21723bd

SHA1
e80c34d5a6ab5331180c5742ec6691cd8fea32df

SHA256
8699db7130a5a09007178520a5c4aecf20b529a892f0120119d75ba26236e4a7

SHA512
3fa37bce5eb1f8b35093fded27dbba26b7e5ad4ff4f21c1501278ad80ec3d094251729065a95078cc351ab8261b2e8bb4c8bbdad1823578ab38f8a04de72d90f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe

Filesize
184KB

MD5
d056f79ea704da19e9ebd507abdb7d0e

SHA1
555afea93ff18cb1f830932f6cf333664c10a4ca

SHA256
5e6f7ac1a72b7933e279faf7025800b1a77581b2d5cfb8cc5bed78efa4fabb2d

SHA512
cae8a745c53fade167d51e2256aa4ffafe3203cead0fbe1e9f4b6396d91c37a9b7050cec405c740cdba6299dc9c8aaf418adad02db3cccbc8b94280c1b7a8330

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe

Filesize
184KB

MD5
286dff8fb86edeabdbd7cb7720156866

SHA1
51778a7a7380869b6c11fbfe4a124337b5331c55

SHA256
832c2109983bf72412338f0331a5066e0de0c0b63aed550215090e81e5891bfe

SHA512
e36fb7e00d62e1918ff118658b120bc213f3909d46cd11da42ecff2a3b395fb484d82d51847afb086ca967973a62cdee83d77f203266710279879ddb2c58c04b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe

Filesize
184KB

MD5
e078d632fa7eb620e04a104abbfc3f67

SHA1
2615db5bedbdb9fdeeb91e97764490fda18c260d

SHA256
aad88027af57ed33f79c30706435eea259c25bcfa903fbe678a524a5941c0802

SHA512
79d7b7d9fdcb5454f027d7eac06c6eaa591a1677446f98f9880825cfc2dc52eef84d514de11da51e88c76eeaaf5eaf90a49fa7ff2a22e111350788c49920a7db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads