52c60d35a0d2f56e8ae1d4eb49822110514b06498fee021debab08ad79f069bf

Analysis

max time kernel
94s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 11:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
Size

184KB
MD5

20c2c006c50fac489dacb572bebb5ab0
SHA1

a7a37cb260a2cdfccd0200e9f54c0195ed8fce43
SHA256

52c60d35a0d2f56e8ae1d4eb49822110514b06498fee021debab08ad79f069bf
SHA512

9b1785c9e988127867d0e35d0dc552ef2a3f4ff83763add4f85b95011bdfa09dbe0f06a7896d78f7798f1b608df66ae40a60dfc8069c25894f590a7cb206248e
SSDEEP

3072:z7RcokPN4JUBsjyNtb1G+8IllrrblUry27xFizMFNKxvwFU:z7WoIQasMtJG+88urbNKxvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 40 IoCs

pid	Process
760	Unicorn-16604.exe
2920	Unicorn-53682.exe
2980	Unicorn-37900.exe
2532	Unicorn-58809.exe
2612	Unicorn-51196.exe
2560	Unicorn-9608.exe
2508	Unicorn-60044.exe
2024	Unicorn-44263.exe
2444	Unicorn-35540.exe
2708	Unicorn-47600.exe
2648	Unicorn-31818.exe
2308	Unicorn-53267.exe
2340	Unicorn-45654.exe
500	Unicorn-8150.exe
1428	Unicorn-52006.exe
2424	Unicorn-49821.exe
2108	Unicorn-20486.exe
1476	Unicorn-65493.exe
1532	Unicorn-4787.exe
1104	Unicorn-49157.exe
824	Unicorn-38803.exe
2112	Unicorn-17637.exe
868	Unicorn-13360.exe
1544	Unicorn-10023.exe
756	Unicorn-42141.exe
2168	Unicorn-46225.exe
2804	Unicorn-54756.exe
2872	Unicorn-60423.exe
2128	Unicorn-14751.exe
2972	Unicorn-18836.exe
2004	Unicorn-15472.exe
2736	Unicorn-29080.exe
2580	Unicorn-17980.exe
2616	Unicorn-5701.exe
1420	Unicorn-40699.exe
320	Unicorn-32062.exe
2124	Unicorn-7988.exe
1496	Unicorn-17776.exe
2960	Unicorn-65051.exe
1392	Unicorn-45186.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
760	Unicorn-16604.exe
760	Unicorn-16604.exe
2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
2920	Unicorn-53682.exe
2920	Unicorn-53682.exe
760	Unicorn-16604.exe
760	Unicorn-16604.exe
2980	Unicorn-37900.exe
2980	Unicorn-37900.exe
2532	Unicorn-58809.exe
2532	Unicorn-58809.exe
2920	Unicorn-53682.exe
2920	Unicorn-53682.exe
2612	Unicorn-51196.exe
2612	Unicorn-51196.exe
2560	Unicorn-9608.exe
2560	Unicorn-9608.exe
2980	Unicorn-37900.exe
2980	Unicorn-37900.exe
2508	Unicorn-60044.exe
2508	Unicorn-60044.exe
2532	Unicorn-58809.exe
2532	Unicorn-58809.exe
2024	Unicorn-44263.exe
2024	Unicorn-44263.exe
2708	Unicorn-47600.exe
2708	Unicorn-47600.exe
2560	Unicorn-9608.exe
2648	Unicorn-31818.exe
2560	Unicorn-9608.exe
2648	Unicorn-31818.exe
2308	Unicorn-53267.exe
2308	Unicorn-53267.exe
2508	Unicorn-60044.exe
2508	Unicorn-60044.exe
500	Unicorn-8150.exe
500	Unicorn-8150.exe
2024	Unicorn-44263.exe
2024	Unicorn-44263.exe
2340	Unicorn-45654.exe
2340	Unicorn-45654.exe
1428	Unicorn-52006.exe
1428	Unicorn-52006.exe
2708	Unicorn-47600.exe
2424	Unicorn-49821.exe
2708	Unicorn-47600.exe
2424	Unicorn-49821.exe
2108	Unicorn-20486.exe
2108	Unicorn-20486.exe
2648	Unicorn-31818.exe
2648	Unicorn-31818.exe
1104	Unicorn-49157.exe
2308	Unicorn-53267.exe
1104	Unicorn-49157.exe
2308	Unicorn-53267.exe
1532	Unicorn-4787.exe
1532	Unicorn-4787.exe
1476	Unicorn-65493.exe
1476	Unicorn-65493.exe
1544	Unicorn-10023.exe
1544	Unicorn-10023.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2420	2960	WerFault.exe	68

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
760	Unicorn-16604.exe
2920	Unicorn-53682.exe
2980	Unicorn-37900.exe
2532	Unicorn-58809.exe
2612	Unicorn-51196.exe
2560	Unicorn-9608.exe
2508	Unicorn-60044.exe
2024	Unicorn-44263.exe
2444	Unicorn-35540.exe
2708	Unicorn-47600.exe
2648	Unicorn-31818.exe
2308	Unicorn-53267.exe
2340	Unicorn-45654.exe
500	Unicorn-8150.exe
1428	Unicorn-52006.exe
2424	Unicorn-49821.exe
2108	Unicorn-20486.exe
1476	Unicorn-65493.exe
1532	Unicorn-4787.exe
1104	Unicorn-49157.exe
824	Unicorn-38803.exe
2112	Unicorn-17637.exe
868	Unicorn-13360.exe
1544	Unicorn-10023.exe
2128	Unicorn-14751.exe
2168	Unicorn-46225.exe
2972	Unicorn-18836.exe
2804	Unicorn-54756.exe
2872	Unicorn-60423.exe
2736	Unicorn-29080.exe
2004	Unicorn-15472.exe
2616	Unicorn-5701.exe
2580	Unicorn-17980.exe
1420	Unicorn-40699.exe
320	Unicorn-32062.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 760	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	28
PID 2192 wrote to memory of 760	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	28
PID 2192 wrote to memory of 760	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	28
PID 2192 wrote to memory of 760	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	28
PID 760 wrote to memory of 2920	760	Unicorn-16604.exe	29
PID 760 wrote to memory of 2920	760	Unicorn-16604.exe	29
PID 760 wrote to memory of 2920	760	Unicorn-16604.exe	29
PID 760 wrote to memory of 2920	760	Unicorn-16604.exe	29
PID 2192 wrote to memory of 2980	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	30
PID 2192 wrote to memory of 2980	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	30
PID 2192 wrote to memory of 2980	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	30
PID 2192 wrote to memory of 2980	2192	20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe	30
PID 2920 wrote to memory of 2532	2920	Unicorn-53682.exe	31
PID 2920 wrote to memory of 2532	2920	Unicorn-53682.exe	31
PID 2920 wrote to memory of 2532	2920	Unicorn-53682.exe	31
PID 2920 wrote to memory of 2532	2920	Unicorn-53682.exe	31
PID 760 wrote to memory of 2612	760	Unicorn-16604.exe	32
PID 760 wrote to memory of 2612	760	Unicorn-16604.exe	32
PID 760 wrote to memory of 2612	760	Unicorn-16604.exe	32
PID 760 wrote to memory of 2612	760	Unicorn-16604.exe	32
PID 2980 wrote to memory of 2560	2980	Unicorn-37900.exe	33
PID 2980 wrote to memory of 2560	2980	Unicorn-37900.exe	33
PID 2980 wrote to memory of 2560	2980	Unicorn-37900.exe	33
PID 2980 wrote to memory of 2560	2980	Unicorn-37900.exe	33
PID 2532 wrote to memory of 2508	2532	Unicorn-58809.exe	34
PID 2532 wrote to memory of 2508	2532	Unicorn-58809.exe	34
PID 2532 wrote to memory of 2508	2532	Unicorn-58809.exe	34
PID 2532 wrote to memory of 2508	2532	Unicorn-58809.exe	34
PID 2920 wrote to memory of 2024	2920	Unicorn-53682.exe	35
PID 2920 wrote to memory of 2024	2920	Unicorn-53682.exe	35
PID 2920 wrote to memory of 2024	2920	Unicorn-53682.exe	35
PID 2920 wrote to memory of 2024	2920	Unicorn-53682.exe	35
PID 2612 wrote to memory of 2444	2612	Unicorn-51196.exe	36
PID 2612 wrote to memory of 2444	2612	Unicorn-51196.exe	36
PID 2612 wrote to memory of 2444	2612	Unicorn-51196.exe	36
PID 2612 wrote to memory of 2444	2612	Unicorn-51196.exe	36
PID 2560 wrote to memory of 2708	2560	Unicorn-9608.exe	37
PID 2560 wrote to memory of 2708	2560	Unicorn-9608.exe	37
PID 2560 wrote to memory of 2708	2560	Unicorn-9608.exe	37
PID 2560 wrote to memory of 2708	2560	Unicorn-9608.exe	37
PID 2980 wrote to memory of 2648	2980	Unicorn-37900.exe	38
PID 2980 wrote to memory of 2648	2980	Unicorn-37900.exe	38
PID 2980 wrote to memory of 2648	2980	Unicorn-37900.exe	38
PID 2980 wrote to memory of 2648	2980	Unicorn-37900.exe	38
PID 2508 wrote to memory of 2308	2508	Unicorn-60044.exe	39
PID 2508 wrote to memory of 2308	2508	Unicorn-60044.exe	39
PID 2508 wrote to memory of 2308	2508	Unicorn-60044.exe	39
PID 2508 wrote to memory of 2308	2508	Unicorn-60044.exe	39
PID 2532 wrote to memory of 2340	2532	Unicorn-58809.exe	40
PID 2532 wrote to memory of 2340	2532	Unicorn-58809.exe	40
PID 2532 wrote to memory of 2340	2532	Unicorn-58809.exe	40
PID 2532 wrote to memory of 2340	2532	Unicorn-58809.exe	40
PID 2024 wrote to memory of 500	2024	Unicorn-44263.exe	41
PID 2024 wrote to memory of 500	2024	Unicorn-44263.exe	41
PID 2024 wrote to memory of 500	2024	Unicorn-44263.exe	41
PID 2024 wrote to memory of 500	2024	Unicorn-44263.exe	41
PID 2708 wrote to memory of 1428	2708	Unicorn-47600.exe	42
PID 2708 wrote to memory of 1428	2708	Unicorn-47600.exe	42
PID 2708 wrote to memory of 1428	2708	Unicorn-47600.exe	42
PID 2708 wrote to memory of 1428	2708	Unicorn-47600.exe	42
PID 2560 wrote to memory of 2424	2560	Unicorn-9608.exe	43
PID 2560 wrote to memory of 2424	2560	Unicorn-9608.exe	43
PID 2560 wrote to memory of 2424	2560	Unicorn-9608.exe	43
PID 2560 wrote to memory of 2424	2560	Unicorn-9608.exe	43

C:\Users\Admin\AppData\Local\Temp\20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\20c2c006c50fac489dacb572bebb5ab0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61133.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        8⤵
        Executes dropped EXE
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        9⤵
        Program crash
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        8⤵
        Executes dropped EXE
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        9⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
        10⤵
        
        PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        9⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
        10⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
        7⤵
        Executes dropped EXE
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        5⤵
        Executes dropped EXE
        
        PID:756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17776.exe
        6⤵
        Executes dropped EXE
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        8⤵
        
        PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe

Filesize
184KB

MD5
0037da69aae9bcecc2ab084d35549bec

SHA1
862f6fcbad483b01ca2d65bbd7caf59b58b13de9

SHA256
ad0f7ce81909c39a04cb1fc82700de4d5ca92e32fe08b362e2504de3281c045b

SHA512
263b28dec08491d84db6b10ccfca82d79852fbb0c328d5cbc68c34e822537e044e5060735ea2e0b83d9dcd8c7123b6c93bfb2eb0a2fe4c979b21bde42d3d6248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe

Filesize
184KB

MD5
670a039532852cc32fec48b975b67d55

SHA1
06a4db5e1244142843cedd3c8bf633bec84a7dd8

SHA256
aa4d4177f5d78bdb93a972018164eef3edc870141b64ee442383751e091c47d0

SHA512
39403303cc12e4d04d17c4d50f04525d2c0bac93bc8224a89fa3c4db13a2eda50298b7a3984cfa6bcbda11bfe805208f2faa4c96586c4297ad9a77e1f44a8da0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe

Filesize
184KB

MD5
d144996721e056afa2fb6adc6ed64340

SHA1
a06dbd17e22a4491286335dcdd0db5a7724fc773

SHA256
ccd2ca09d1e2811de3a576ac95cc8f018bb2dd43513992f7b65c13909cabcac1

SHA512
a2b78762e00b41cae49148169b7ce3073a112cc1eadec06b4fd071a04440c2a613c9042f2adf631278563b0efb7265a891f59449ac106a0cbb09eda12784076f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe

Filesize
184KB

MD5
671bc42880d2e3fea53d79cfb3facf68

SHA1
b38ace1c63a6e692b5e2c9e890746c5da26f8a38

SHA256
085cb7eb951fd1fec0809cad542f91887420baa9f54b06842d23c2b24a8d2239

SHA512
ae4cd518de48b1c6cc4bc3ab8999c82c9773c19ae172755a7993b7c7bdb66a93587a48acd71a094f76a0b1c5e6fe638502c17c08f3e3e07186a5dcf0b4a60bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe

Filesize
184KB

MD5
27f990c68892ee3a8094701c89c4830f

SHA1
384f3554563617ce10189f40661d0695d8247041

SHA256
e23fd6c86842af61b1c7e4f71a77a6c40b0a34f50262a14918f7532fa8451cff

SHA512
d80beff55cb98abfdafa7ccfc445c211343d2824618e21ad91ae2f9180c4adeed5bb6bdcecf121716c2b8b51dadd78db1d6e128e3085475267815848f49de256

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe

Filesize
184KB

MD5
8694dbd71b2059ead7f449f1901f0b50

SHA1
feab240c42a84fc2519a7d00e197a29472037d9e

SHA256
de114194f9a8d50b1da2dc6e85fa1a1e946ce19c21a8472ed3e8e3e0fef8e278

SHA512
99c3fdbbe899896b1a39aac1ec6f664f0e1b2cc9aa38da4f5a4a7394691b45d2e8ef3601892386de67bbb22d5b59f91c704d3e32a194f4c844bd48117c43c43d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe

Filesize
184KB

MD5
cde23edb05f4366a5316ef1df19d1eb3

SHA1
8b07db7e9b54cd0ebb264284583e75a57ae36d0f

SHA256
2f2dac079874ee249b3abffb6e485003ed04017e3ed724c9a32fd12a5362b0fe

SHA512
f4d46781c07f790af2704c18e3e61ea4ce5b1944b8b560028a54360137ab16b9cf1994caf4d43020145f313dff296f225433abb23de03848ce408e3891beafc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe

Filesize
184KB

MD5
09814f91c7e064cc790dbec16c119881

SHA1
b64e3691587cb0f0189a094b37781659cce21006

SHA256
bca29c97d23b834a1a7881ebfd7940be86428a0214f63a79ae1d453be9b9fe0a

SHA512
5e52b9db9de701f88fb3a4443fa1264a00932bfa41ae34e8cc48e646b1dbd351f673f3e4fe823c343625a91ef86472e07100700058116ef0a9af4182a9db3662

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe

Filesize
184KB

MD5
96d693ed6168cb4944512a1130eb146c

SHA1
a99cefac520e1751a65687f95e54133d4659ccd2

SHA256
a6d9e98e11855bfc4258f764547db5ec4284c1051797e959ef3fcd61863268a0

SHA512
a37a37df8129724ae1f4355294d6dbd2c9e312440c275f8ef2404ecdf8c0b899cb4bd6507680b1100b9d2696d15b0d4d42cc3138f509c24d69c330ac838cbbc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe

Filesize
184KB

MD5
430289b28d2eb57fb9ed3e2d1680f9a6

SHA1
8b0f91c5f6420e6c7bcd68f35e6b80caca1cb2c9

SHA256
b9fca42bb06eae9a31aaceca22bf77609aa4bdbf2640045a0e0ff84ebc7658a3

SHA512
21e782678681ef6be84c231371ea1c366863208a7b91729835597738569c84c524811f2973b15eb96ff0d0792e7d215784edd37dd921d77bf0d125710c0633f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe

Filesize
184KB

MD5
585cb6ab20ffcbc43e062dda9c32f507

SHA1
e8af13e9b24ebca2a092535a18f397ce20f81d7f

SHA256
56c7cac048da2e4b895d00db463a4e72db53e4e94608099a6562976d47fe4ceb

SHA512
cd4e6d50f2b43dcb59bd40862e078bfa9e560f6f634a9edb18514e179d152ff3c3d02be45e52feff28ec35ad4175fee08fcfba57019163a0abb67bc54bea962e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe

Filesize
184KB

MD5
111e4afca088875b1fb8dfebe7dcaa3f

SHA1
58cca378847841c14888afcfbab411229a92761f

SHA256
b78f02558ad81baa70d006354c8e0e077458598696e1382f9a0479ab1225d00c

SHA512
6db29e156f6f307740226be127a61df47fbea2a21ab5dd8d8769d0e0d6b1b59f7328622bd53f6d13e6cd75493d182e5c04903800efd3f51891115acfc30407b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe

Filesize
184KB

MD5
ef6386defe4038b9829e863f967accb6

SHA1
3623ed56c783bf1a4f91f3fe70a222df0033e290

SHA256
6534878639cdd6daec3b53b0e445fbc5fa86e594e780d91fef6b3ebec7c6c962

SHA512
dc465b75076a6fe4c3c7bd756a2f6fbd87d06c54e2adcdf80043f1c420951465d2f7132a7c51f530992cf19301729cd908a4a82a57e97aca4f466d23b0a2c3a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe

Filesize
184KB

MD5
ced99c9a79b1d9c48bc5927e213eafbe

SHA1
d479c7e271cb5e023349ee9c794742a92931bbd0

SHA256
c0b8fce5f21d9f3ce5aefe7fe9a0dd3c9801a8358b895f8e771fd12137dd3746

SHA512
b7a8bb6762b19220147643fe52364c36211b5b3632564b9fd76da58ba7bb1231629d16f2169ca9de7ccabf8529119feaa2463512eceae514015b3d68193be30d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe

Filesize
184KB

MD5
548d36cd3391231d2d325a80e54daeea

SHA1
ee05b1a184296d664974b7a35af595f03f15edf9

SHA256
19335ef7b30680e049f7dbe3b4c702d4cc36253b0d6281d68a986767d752e1c5

SHA512
c8b7d3a3215f643429528334375fc1c8ab83b3cc0071013734d1bfc2e93db9bb0d3f55f911123874ff9adccdbd707ab633ad86bee63fad978d4f612f6ad37fac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe

Filesize
184KB

MD5
ccec2b635070ea51cdeaea5bc902a277

SHA1
02a3087d7f7fac77ef792280f0f153b6c6a5a491

SHA256
3de259711ccc9b572683d0dd5295d7bf300ce62275001b980c212198939d83ce

SHA512
bc310340c88dabf4e2fb09253a9355eff3ed24be50fd0aeea3d2aefce7dbfc3ac124f0a11f6e86082f3b77d048a42901c1e2cb38b173fa98bfa5be512ae3c5a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe

Filesize
184KB

MD5
44ff9abfd719b870a3709f75c4a31ab3

SHA1
92a2521899524f01d81c9ca95e62c2251078212b

SHA256
fbfed940c95aa5d8ca0602f11d01f0eb5dc003a1bceb2801b9f9caa2fdd6f13c

SHA512
909e62314a78aeb8a9cfbbefe1e7ca04c573191879aa6a589270f4317ea1ca6a21cfa394465fbe542b3c9848b11b10e4a9ac9e69d7463dcca58d861542c1b3c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe

Filesize
184KB

MD5
7bfb893f6d4333d9b201746e319a5706

SHA1
7eb3771256f1c4d6fa9f22ceeca792b7138b3c24

SHA256
925ca9c0ad343487771d037b6f6da80a104c8c9269d6d87e9a6f29083ab46938

SHA512
a4aab31a5d179b35ea688229408a3013e4fd2a62bcbf100c5a0583abbabcfd5820a443855a6b70f293e6348a5628d55e0c210f5a77ba9bc3f6bb37ab75474146

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe

Filesize
184KB

MD5
53a4c08e259cd649eb93ed679bca52fd

SHA1
1ca90522069bce4cbc5ab9c3c5a180b655fbbfc4

SHA256
c408389be4968ecf7343812ba4a85d62c2cd883929198ed93d9ddc7029654690

SHA512
c2d8c37e936263032c6fd31ab60015446fc150b3299e6ebb9a7cc931bd4483825fc03d80c6b28e2127aa5ce529c97580a676b56b3b465d4819e9bb15201d6c61

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads