12c2597489a92dc7593f35c0b05d65d912a97c0017f6bfc17735881198f0d995

Analysis

max time kernel
29s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 00:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
Size

192KB
MD5

135d494f74479ba2d56ec180dabba6c0
SHA1

969a442137bf0c6664438f4be6fd3af4863e5ca7
SHA256

12c2597489a92dc7593f35c0b05d65d912a97c0017f6bfc17735881198f0d995
SHA512

0bbece4373d6c98809cc9d312e36c1de0ee34e496e232c41cec3c505c1604943cc255b39187ec128f346ce80b05a6ec05d17243430798c9a5aab7415ab447be3
SSDEEP

3072:QNUIoPhykKwQnOjK8d7FsJOLf+9NMX4f2itytxETL5lHtpFh:QN7ojvQnF8NFsJ1+WM+5lHtpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2888	Unicorn-33081.exe
3064	Unicorn-49508.exe
2652	Unicorn-18926.exe
2896	Unicorn-13226.exe
3036	Unicorn-31845.exe
2464	Unicorn-40375.exe
2068	Unicorn-44908.exe
1944	Unicorn-8182.exe
2008	Unicorn-32620.exe
2336	Unicorn-34186.exe
2776	Unicorn-22986.exe
1664	Unicorn-8216.exe
2120	Unicorn-9581.exe
2444	Unicorn-7101.exe
2096	Unicorn-55254.exe
488	Unicorn-64561.exe
1820	Unicorn-39387.exe
1712	Unicorn-9350.exe
2124	Unicorn-24551.exe
2432	Unicorn-62511.exe
1556	Unicorn-12329.exe
1608	Unicorn-9714.exe
824	Unicorn-60482.exe
1268	Unicorn-50148.exe
960	Unicorn-35378.exe
1328	Unicorn-60340.exe
888	Unicorn-48777.exe
2016	Unicorn-2944.exe
1620	Unicorn-51258.exe
2744	Unicorn-16233.exe
2220	Unicorn-50140.exe
3044	Unicorn-59289.exe
2648	Unicorn-49616.exe
2692	Unicorn-9040.exe
2736	Unicorn-7468.exe
2716	Unicorn-48408.exe
2460	Unicorn-15115.exe
2536	Unicorn-54119.exe
2732	Unicorn-8447.exe
1544	Unicorn-3372.exe
2796	Unicorn-48520.exe
2832	Unicorn-36755.exe
1448	Unicorn-4997.exe
2636	Unicorn-33179.exe
2100	Unicorn-18954.exe
1672	Unicorn-38275.exe
2044	Unicorn-6666.exe
772	Unicorn-8602.exe
2928	Unicorn-3641.exe
2064	Unicorn-44511.exe
1164	Unicorn-14313.exe
880	Unicorn-26987.exe
2956	Unicorn-20073.exe
708	Unicorn-27376.exe
2304	Unicorn-27376.exe
2456	Unicorn-27376.exe
816	Unicorn-27376.exe
452	Unicorn-63054.exe
552	Unicorn-25280.exe
688	Unicorn-47242.exe
1380	Unicorn-47242.exe
1684	Unicorn-47242.exe
964	Unicorn-47242.exe
2156	Unicorn-23174.exe

Loads dropped DLL 64 IoCs

pid	Process
1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
2888	Unicorn-33081.exe
2888	Unicorn-33081.exe
1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
3064	Unicorn-49508.exe
3064	Unicorn-49508.exe
2888	Unicorn-33081.exe
2888	Unicorn-33081.exe
2652	Unicorn-18926.exe
2652	Unicorn-18926.exe
2896	Unicorn-13226.exe
2896	Unicorn-13226.exe
3064	Unicorn-49508.exe
3064	Unicorn-49508.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2828	WerFault.exe
2464	Unicorn-40375.exe
2464	Unicorn-40375.exe
2652	Unicorn-18926.exe
2652	Unicorn-18926.exe
2828	WerFault.exe
2068	Unicorn-44908.exe
2068	Unicorn-44908.exe
2896	Unicorn-13226.exe
2896	Unicorn-13226.exe
1944	Unicorn-8182.exe
1944	Unicorn-8182.exe
2336	Unicorn-34186.exe
2336	Unicorn-34186.exe
2008	Unicorn-32620.exe
2008	Unicorn-32620.exe
2464	Unicorn-40375.exe
2464	Unicorn-40375.exe
2776	Unicorn-22986.exe
2776	Unicorn-22986.exe
2068	Unicorn-44908.exe
2068	Unicorn-44908.exe
2120	Unicorn-9581.exe
1664	Unicorn-8216.exe
2120	Unicorn-9581.exe
1664	Unicorn-8216.exe
1944	Unicorn-8182.exe
1944	Unicorn-8182.exe
2444	Unicorn-7101.exe
2444	Unicorn-7101.exe
2336	Unicorn-34186.exe
2336	Unicorn-34186.exe
2096	Unicorn-55254.exe
2096	Unicorn-55254.exe
2008	Unicorn-32620.exe
2008	Unicorn-32620.exe
488	Unicorn-64561.exe
488	Unicorn-64561.exe
1820	Unicorn-39387.exe
2776	Unicorn-22986.exe
2776	Unicorn-22986.exe
1820	Unicorn-39387.exe
1712	Unicorn-9350.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2828	3036	WerFault.exe	32

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
2888	Unicorn-33081.exe
3064	Unicorn-49508.exe
2652	Unicorn-18926.exe
2896	Unicorn-13226.exe
3036	Unicorn-31845.exe
2464	Unicorn-40375.exe
2068	Unicorn-44908.exe
1944	Unicorn-8182.exe
2336	Unicorn-34186.exe
2008	Unicorn-32620.exe
2776	Unicorn-22986.exe
1664	Unicorn-8216.exe
2120	Unicorn-9581.exe
2444	Unicorn-7101.exe
2096	Unicorn-55254.exe
488	Unicorn-64561.exe
1820	Unicorn-39387.exe
1712	Unicorn-9350.exe
2432	Unicorn-62511.exe
2124	Unicorn-24551.exe
1556	Unicorn-12329.exe
1608	Unicorn-9714.exe
824	Unicorn-60482.exe
960	Unicorn-35378.exe
1268	Unicorn-50148.exe
1328	Unicorn-60340.exe
888	Unicorn-48777.exe
2016	Unicorn-2944.exe
1620	Unicorn-51258.exe
2744	Unicorn-16233.exe
2220	Unicorn-50140.exe
3044	Unicorn-59289.exe
2648	Unicorn-49616.exe
2692	Unicorn-9040.exe
2736	Unicorn-7468.exe
2716	Unicorn-48408.exe
2460	Unicorn-15115.exe
2732	Unicorn-8447.exe
2796	Unicorn-48520.exe
2536	Unicorn-54119.exe
2832	Unicorn-36755.exe
1448	Unicorn-4997.exe
2044	Unicorn-6666.exe
2636	Unicorn-33179.exe
2928	Unicorn-3641.exe
1672	Unicorn-38275.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2888	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	28
PID 1796 wrote to memory of 2888	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	28
PID 1796 wrote to memory of 2888	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	28
PID 1796 wrote to memory of 2888	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	28
PID 2888 wrote to memory of 3064	2888	Unicorn-33081.exe	29
PID 2888 wrote to memory of 3064	2888	Unicorn-33081.exe	29
PID 2888 wrote to memory of 3064	2888	Unicorn-33081.exe	29
PID 2888 wrote to memory of 3064	2888	Unicorn-33081.exe	29
PID 1796 wrote to memory of 2652	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	30
PID 1796 wrote to memory of 2652	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	30
PID 1796 wrote to memory of 2652	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	30
PID 1796 wrote to memory of 2652	1796	135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2896	3064	Unicorn-49508.exe	31
PID 3064 wrote to memory of 2896	3064	Unicorn-49508.exe	31
PID 3064 wrote to memory of 2896	3064	Unicorn-49508.exe	31
PID 3064 wrote to memory of 2896	3064	Unicorn-49508.exe	31
PID 2888 wrote to memory of 3036	2888	Unicorn-33081.exe	32
PID 2888 wrote to memory of 3036	2888	Unicorn-33081.exe	32
PID 2888 wrote to memory of 3036	2888	Unicorn-33081.exe	32
PID 2888 wrote to memory of 3036	2888	Unicorn-33081.exe	32
PID 2652 wrote to memory of 2464	2652	Unicorn-18926.exe	33
PID 2652 wrote to memory of 2464	2652	Unicorn-18926.exe	33
PID 2652 wrote to memory of 2464	2652	Unicorn-18926.exe	33
PID 2652 wrote to memory of 2464	2652	Unicorn-18926.exe	33
PID 2896 wrote to memory of 2068	2896	Unicorn-13226.exe	34
PID 2896 wrote to memory of 2068	2896	Unicorn-13226.exe	34
PID 2896 wrote to memory of 2068	2896	Unicorn-13226.exe	34
PID 2896 wrote to memory of 2068	2896	Unicorn-13226.exe	34
PID 3064 wrote to memory of 1944	3064	Unicorn-49508.exe	35
PID 3064 wrote to memory of 1944	3064	Unicorn-49508.exe	35
PID 3064 wrote to memory of 1944	3064	Unicorn-49508.exe	35
PID 3064 wrote to memory of 1944	3064	Unicorn-49508.exe	35
PID 3036 wrote to memory of 2828	3036	Unicorn-31845.exe	36
PID 3036 wrote to memory of 2828	3036	Unicorn-31845.exe	36
PID 3036 wrote to memory of 2828	3036	Unicorn-31845.exe	36
PID 3036 wrote to memory of 2828	3036	Unicorn-31845.exe	36
PID 2464 wrote to memory of 2008	2464	Unicorn-40375.exe	37
PID 2464 wrote to memory of 2008	2464	Unicorn-40375.exe	37
PID 2464 wrote to memory of 2008	2464	Unicorn-40375.exe	37
PID 2464 wrote to memory of 2008	2464	Unicorn-40375.exe	37
PID 2652 wrote to memory of 2336	2652	Unicorn-18926.exe	38
PID 2652 wrote to memory of 2336	2652	Unicorn-18926.exe	38
PID 2652 wrote to memory of 2336	2652	Unicorn-18926.exe	38
PID 2652 wrote to memory of 2336	2652	Unicorn-18926.exe	38
PID 2068 wrote to memory of 2776	2068	Unicorn-44908.exe	39
PID 2068 wrote to memory of 2776	2068	Unicorn-44908.exe	39
PID 2068 wrote to memory of 2776	2068	Unicorn-44908.exe	39
PID 2068 wrote to memory of 2776	2068	Unicorn-44908.exe	39
PID 2896 wrote to memory of 1664	2896	Unicorn-13226.exe	40
PID 2896 wrote to memory of 1664	2896	Unicorn-13226.exe	40
PID 2896 wrote to memory of 1664	2896	Unicorn-13226.exe	40
PID 2896 wrote to memory of 1664	2896	Unicorn-13226.exe	40
PID 1944 wrote to memory of 2120	1944	Unicorn-8182.exe	41
PID 1944 wrote to memory of 2120	1944	Unicorn-8182.exe	41
PID 1944 wrote to memory of 2120	1944	Unicorn-8182.exe	41
PID 1944 wrote to memory of 2120	1944	Unicorn-8182.exe	41
PID 2336 wrote to memory of 2444	2336	Unicorn-34186.exe	42
PID 2336 wrote to memory of 2444	2336	Unicorn-34186.exe	42
PID 2336 wrote to memory of 2444	2336	Unicorn-34186.exe	42
PID 2336 wrote to memory of 2444	2336	Unicorn-34186.exe	42
PID 2008 wrote to memory of 2096	2008	Unicorn-32620.exe	43
PID 2008 wrote to memory of 2096	2008	Unicorn-32620.exe	43
PID 2008 wrote to memory of 2096	2008	Unicorn-32620.exe	43
PID 2008 wrote to memory of 2096	2008	Unicorn-32620.exe	43

C:\Users\Admin\AppData\Local\Temp\135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\135d494f74479ba2d56ec180dabba6c0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48777.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        9⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        8⤵
        Executes dropped EXE
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        7⤵
        Executes dropped EXE
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
        8⤵
        Executes dropped EXE
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        7⤵
        Executes dropped EXE
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        7⤵
        
        PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        8⤵
        Executes dropped EXE
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        7⤵
        Executes dropped EXE
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        7⤵
        Executes dropped EXE
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        7⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        7⤵
        Executes dropped EXE
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        8⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        6⤵
        Executes dropped EXE
        
        PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        8⤵
        Executes dropped EXE
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        7⤵
        Executes dropped EXE
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        7⤵
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        8⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27376.exe
        6⤵
        Executes dropped EXE
        
        PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
        6⤵
        Executes dropped EXE
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        6⤵
        Executes dropped EXE
        
        PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        7⤵
        Executes dropped EXE
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        7⤵
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        6⤵
        Executes dropped EXE
        
        PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        6⤵
        Executes dropped EXE
        
        PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        5⤵
        Executes dropped EXE
        
        PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe

Filesize
192KB

MD5
9c2ab5770a5e784355865870d9e912cf

SHA1
a1367a613af2c3ff2ac044948dd5f9b0c452cabd

SHA256
3fd63839ccfc2ece47547023a1c81c06ce5206fd927fb5e79039a258d9e8bf8e

SHA512
5b05a0042fc3401a401471cce032dcdcb680efe3e9614b10916bed4dcf7a0cc45f6e5597c9b8907ce2007ebeb661d0c7f9ad79f4637374dd03551bd20772ed7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe

Filesize
192KB

MD5
47a0db6593d6ec2bf14275563147bc4c

SHA1
61fbb966ee4ab54e60f568d1175f0dae2b5f125a

SHA256
56dbd3bf7fa4082df3d6dde93a4932c2ddc7ed96ab3b0628dafae079a187bedb

SHA512
d3f11c4ffeabe7a6fdc8b3f346a9445107151d58379d476a2c7252e4517281c28b7eac6ae601583b4287fe967c31807f137ebe382824ae22f0ba063f53d86035

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe

Filesize
192KB

MD5
def80b41ac75edffcc4524514af30e38

SHA1
7355f443cfd9459efc40df705e5951fdb6dc88fb

SHA256
01f418e3aad1ed79cdf7b4e1955315452701df1b28b757c886ff730d64498ea0

SHA512
a6c3346033ce6038aaf76db9e9c4dafb9f1aa4a7625d8c09a3998d3a4cbe834cf26d6dbdbe058dadb9a16a82e942a320fa4cf40c68e440d8eec2487ebc7eb9a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe

Filesize
192KB

MD5
863ff7de1f60bef33f323f4628035b1a

SHA1
7bc0d4b4757d275b5bd437f3c000348d1eaed090

SHA256
e72ef560de1140091eaa11194639997a1d4852fd301109096427ba82e2c300fb

SHA512
267108fe0bd818d81e0d5307c274acdac012aa8d5ee29d125096738ddf5e25e11d6650c752906caa8134e46ff6c934d3ac54a59f2a4e7207b00ebb184670d0db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe

Filesize
192KB

MD5
27ac09a533666fdf64360f4244f78ede

SHA1
a590d2eacbed457f84a3dcacb94390eb430074b1

SHA256
52caed0c391e88ad07381463be94525486582180be1c9f9eb4a0af111c2f7ef8

SHA512
0544043b9b7d93d3f92a01e6f3cd5b58308394dcfb3bcf3cac68343e5cd584464fe26df6f6a28077cbb15eafae8200d5e6d8890a6873bcd4ac141586d8cadaf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe

Filesize
192KB

MD5
f134d315793963a5688bfc19340ee502

SHA1
64c697f97c28cfbc4e30a8a37aec1b203d7b8278

SHA256
cd63e6a6ab42bea545191a1d8677ced2d837082317dde7d0d67750ece8f1d455

SHA512
3badb5fcc921714f39962f8bd3f57561acc3559cbc9b0bbceb587c7a2d4b39fe2ce3d736511e995123d7d2e1feb65ce82d0ff465124b0741860c10ca44a40c6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe

Filesize
192KB

MD5
9798da0d6071dbe37b6a2d952b843754

SHA1
82716a934cdb8429d64580bdda2645d4950e35d1

SHA256
fad3a6bb7c5710e04cc08358bf1e09bfe841af90e8b19e5caf6a25ddd1058619

SHA512
e090014001857e0e658dc7b8792392d5b0d1a0a07e1a77fd4d965d6fa0362158432c533ddc9084eb55d5785c9c3bfa87b29b736da082ef7d1fc4f83ff63d68f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe

Filesize
192KB

MD5
e3bdc032741c6083ab53b893a1fe6b3d

SHA1
e7417c5145bd4fc287f8ad8ffe23240fcef442e6

SHA256
76b23621005567d4e1d1af6f6afa8898e7a22ecc353cdcc625b5dfd29f1c8848

SHA512
0cc642e45a4b83716128e0a84f6e20a46ed1dd86043fcaa2714ed74db46337723ed7db7efde99a8767a0ec95c59eb4925f7b72d32b3d0fb0a42fff1da2bfad3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe

Filesize
192KB

MD5
565d990f505f5c439b88c6c9598e59f3

SHA1
1366e5f4b2fea3b6917a69f10548938642f69196

SHA256
3951c35fc4a5e410d0d16fd1e4728bf4c64ada4ffff2322443e32130afe744a2

SHA512
6010cc50f74727e9fb994ec84507d4eb7ff42e505c751615b0aedbcbe3bc1b6f2c2e967d6f4af34d6382773121ea5e04eac1b44a7638f423bf0f3e89d5ea7aa8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe

Filesize
192KB

MD5
088fe93c442353805e64c8028c10719f

SHA1
d7d96bbf304e5d8c54ac3ca313f6bc720f836912

SHA256
99c46d82a4aaf430364166a43a41c0bb04c329b9b95b488672ec2703ca0e9a88

SHA512
84a2a9713a02f1280017798f43ef91f647a703e5e3ff236e1cc31228be07001de4057f0e2c9d977206ecd211009eb1349ae5443401e0bcb17296a95c1c9cfc93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe

Filesize
192KB

MD5
b95556b46987cd607e37ec6d4527ef6c

SHA1
1b7d1224ca66b631cbd8e9f90ba0b94c639d5c7d

SHA256
ccc1f2f6f40b53a9ed4351bed03b712c7da3fe481627057a8d64381bffe654b0

SHA512
f428e50cb518d9b2437fe447dfb56ac64b4317bc6cdafdb2c2360e84db7b17dfe3ff0bc54baea612083e428d910a83e25958ad4fa2bedc88e769c73525f14508

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe

Filesize
192KB

MD5
c80e89241b128154614ab4bc0695e3ac

SHA1
7b5cb072b4012b9507423f636fb205582396c397

SHA256
babe270a43278642ffdb864ea0c71040c2a3b8c040d7409d22c81afabed20431

SHA512
9ec0e00c62e9a6954c0a4a06a489b626184e66068079612f79eb4bfd9087649c9c460abfd83584aa31bfc621a7954c8c14f91ee668b412d274a9edd07e0a8df7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7101.exe

Filesize
192KB

MD5
9dd1089a9f0a9dea2d9a9b1dc36d3d35

SHA1
fb161ba8634a7793723ea5d0df83612c51ce1ba3

SHA256
ba3677fbe2cc506b1578ffd9c79669e6e9e3303a5d8e12552df4003ce210a3a4

SHA512
85845f6df6d13446d116de0e5ceacaf7cbb21565a24fbc3b1bdd66f9db3055828a0237da0f1f7ceca91e6d0dc0cfd1b25415c14fbca575ef99d16a2f5b44056f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe

Filesize
192KB

MD5
1a43ef941d77f857b58c2a438dd417cc

SHA1
12c39614390654b62487da1db1c37dcb120e3ac8

SHA256
57db9ab82083baba3412977a48e5dd986506af3f70ecce53222268986d2b307d

SHA512
7fb46fbc1d95b4243defc4d124cdf77fca46118f75d12810d47accb71da151a7bd11052ed3cde5882ec0d3e0153a6344573ce7b82466116ebd095000088e4aca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe

Filesize
192KB

MD5
a994362b3ad1f4c65d29f722ad63bafe

SHA1
fbd64fd8b9545e2ec23459c9ff27ad2e627e2e57

SHA256
1cec81aac21fceea1ff03680bde53d256f34898e3ff2a328821f9d8f4abbb5ea

SHA512
a123eb27aa5bb357a8e28d80a3f89d26abfe8a26c7864d226860741fc4ba91666995672086a78c6ffe64058b899decd88cf231e8c3be3fd7dd1cc505c6a9fbb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe

Filesize
192KB

MD5
7e733e3ec82fe7d30b2c429f76071f93

SHA1
35d0adca23cb9790ef4fa28cc89097996bcd9765

SHA256
b898e0ebb6566519b09a16e90c1c39e80a041a09d489c541e01075ed54e5ef7e

SHA512
d5fb547c1d35b77ee401b810cfde4cd42f626be2eb577aee25be0f4121c003e5b6951bb66d843b82e533094d8bd23dde07ea1fcb1f4163b81bdf755c015f936c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads