3e448db73e40f7d0616fe3c14edc27a6d2e4ca8e12d8f7d135d80fe07af610da

Analysis

max time kernel
135s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
Size

188KB
MD5

25f7fdb036a0b51648424ca87e6695be
SHA1

52a513cd9415c7a63ee944c587891e1f6a22b42c
SHA256

3e448db73e40f7d0616fe3c14edc27a6d2e4ca8e12d8f7d135d80fe07af610da
SHA512

d977f445dca4e3c251ac1dbed3b0ea4ec91e3287d9609d6c4c92bbc78417e3850d14c29cb5d1ee7ee9a72354186db234699fcfe16a907e5f47e8ba3cbc5b7502
SSDEEP

3072:7ltqxnUOCvP6fLzXMwxuU8iYpgjW5jVGVJIxyxxCDKlY32F+:7lwxYX6fXMAuU8rAdAKlY32F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 35 IoCs

pid	Process
2852	Unicorn-20784.exe
2504	Unicorn-64577.exe
2556	Unicorn-44712.exe
2572	Unicorn-16372.exe
3052	Unicorn-40322.exe
2524	Unicorn-19902.exe
2904	Unicorn-3539.exe
1188	Unicorn-48656.exe
2744	Unicorn-24706.exe
1028	Unicorn-36212.exe
2776	Unicorn-16346.exe
876	Unicorn-35465.exe
668	Unicorn-15599.exe
2884	Unicorn-38454.exe
2204	Unicorn-21542.exe
2344	Unicorn-1676.exe
1760	Unicorn-13373.exe
2824	Unicorn-12086.exe
2808	Unicorn-57758.exe
452	Unicorn-40675.exe
2132	Unicorn-43606.exe
1740	Unicorn-63472.exe
2588	Unicorn-28060.exe
2804	Unicorn-29190.exe
1920	Unicorn-49056.exe
916	Unicorn-41080.exe
2112	Unicorn-51661.exe
3068	Unicorn-51661.exe
2188	Unicorn-31795.exe
852	Unicorn-31795.exe
2324	Unicorn-51661.exe
2780	Unicorn-54853.exe
2604	Unicorn-26234.exe
2724	Unicorn-8437.exe
1884	Unicorn-3500.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
2852	Unicorn-20784.exe
2852	Unicorn-20784.exe
2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
2504	Unicorn-64577.exe
2852	Unicorn-20784.exe
2852	Unicorn-20784.exe
2504	Unicorn-64577.exe
2556	Unicorn-44712.exe
2556	Unicorn-44712.exe
2572	Unicorn-16372.exe
2572	Unicorn-16372.exe
2524	Unicorn-19902.exe
2524	Unicorn-19902.exe
2556	Unicorn-44712.exe
2556	Unicorn-44712.exe
2504	Unicorn-64577.exe
2504	Unicorn-64577.exe
3052	Unicorn-40322.exe
3052	Unicorn-40322.exe
2904	Unicorn-3539.exe
2904	Unicorn-3539.exe
2572	Unicorn-16372.exe
2572	Unicorn-16372.exe
2744	Unicorn-24706.exe
2744	Unicorn-24706.exe
3052	Unicorn-40322.exe
1028	Unicorn-36212.exe
3052	Unicorn-40322.exe
1028	Unicorn-36212.exe
2776	Unicorn-16346.exe
2776	Unicorn-16346.exe
2904	Unicorn-3539.exe
876	Unicorn-35465.exe
2904	Unicorn-3539.exe
876	Unicorn-35465.exe
668	Unicorn-15599.exe
668	Unicorn-15599.exe
2744	Unicorn-24706.exe
2744	Unicorn-24706.exe
2884	Unicorn-38454.exe
2884	Unicorn-38454.exe
2344	Unicorn-1676.exe
2344	Unicorn-1676.exe
1028	Unicorn-36212.exe
2204	Unicorn-21542.exe
1028	Unicorn-36212.exe
2204	Unicorn-21542.exe
1760	Unicorn-13373.exe
1760	Unicorn-13373.exe
668	Unicorn-15599.exe
668	Unicorn-15599.exe
2808	Unicorn-57758.exe
876	Unicorn-35465.exe
2808	Unicorn-57758.exe
876	Unicorn-35465.exe
2824	Unicorn-12086.exe
2824	Unicorn-12086.exe
452	Unicorn-40675.exe
452	Unicorn-40675.exe
2804	Unicorn-29190.exe
2804	Unicorn-29190.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	1740	WerFault.exe	49

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
2852	Unicorn-20784.exe
2504	Unicorn-64577.exe
2556	Unicorn-44712.exe
2572	Unicorn-16372.exe
3052	Unicorn-40322.exe
2524	Unicorn-19902.exe
2904	Unicorn-3539.exe
2744	Unicorn-24706.exe
1028	Unicorn-36212.exe
2776	Unicorn-16346.exe
876	Unicorn-35465.exe
668	Unicorn-15599.exe
2884	Unicorn-38454.exe
2344	Unicorn-1676.exe
2204	Unicorn-21542.exe
1760	Unicorn-13373.exe
2808	Unicorn-57758.exe
452	Unicorn-40675.exe
2824	Unicorn-12086.exe
1740	Unicorn-63472.exe
2804	Unicorn-29190.exe
2588	Unicorn-28060.exe
1920	Unicorn-49056.exe
852	Unicorn-31795.exe
2324	Unicorn-51661.exe
2112	Unicorn-51661.exe
2188	Unicorn-31795.exe
916	Unicorn-41080.exe
3068	Unicorn-51661.exe
2780	Unicorn-54853.exe
1188	Unicorn-48656.exe
1884	Unicorn-3500.exe
2724	Unicorn-8437.exe
2604	Unicorn-26234.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2852	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	28
PID 2684 wrote to memory of 2852	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	28
PID 2684 wrote to memory of 2852	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	28
PID 2684 wrote to memory of 2852	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	28
PID 2852 wrote to memory of 2504	2852	Unicorn-20784.exe	29
PID 2852 wrote to memory of 2504	2852	Unicorn-20784.exe	29
PID 2852 wrote to memory of 2504	2852	Unicorn-20784.exe	29
PID 2852 wrote to memory of 2504	2852	Unicorn-20784.exe	29
PID 2684 wrote to memory of 2556	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	30
PID 2684 wrote to memory of 2556	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	30
PID 2684 wrote to memory of 2556	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	30
PID 2684 wrote to memory of 2556	2684	25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe	30
PID 2852 wrote to memory of 2572	2852	Unicorn-20784.exe	32
PID 2852 wrote to memory of 2572	2852	Unicorn-20784.exe	32
PID 2852 wrote to memory of 2572	2852	Unicorn-20784.exe	32
PID 2852 wrote to memory of 2572	2852	Unicorn-20784.exe	32
PID 2504 wrote to memory of 3052	2504	Unicorn-64577.exe	31
PID 2504 wrote to memory of 3052	2504	Unicorn-64577.exe	31
PID 2504 wrote to memory of 3052	2504	Unicorn-64577.exe	31
PID 2504 wrote to memory of 3052	2504	Unicorn-64577.exe	31
PID 2556 wrote to memory of 2524	2556	Unicorn-44712.exe	33
PID 2556 wrote to memory of 2524	2556	Unicorn-44712.exe	33
PID 2556 wrote to memory of 2524	2556	Unicorn-44712.exe	33
PID 2556 wrote to memory of 2524	2556	Unicorn-44712.exe	33
PID 2572 wrote to memory of 2904	2572	Unicorn-16372.exe	34
PID 2572 wrote to memory of 2904	2572	Unicorn-16372.exe	34
PID 2572 wrote to memory of 2904	2572	Unicorn-16372.exe	34
PID 2572 wrote to memory of 2904	2572	Unicorn-16372.exe	34
PID 2524 wrote to memory of 1188	2524	Unicorn-19902.exe	35
PID 2524 wrote to memory of 1188	2524	Unicorn-19902.exe	35
PID 2524 wrote to memory of 1188	2524	Unicorn-19902.exe	35
PID 2524 wrote to memory of 1188	2524	Unicorn-19902.exe	35
PID 2556 wrote to memory of 2744	2556	Unicorn-44712.exe	36
PID 2556 wrote to memory of 2744	2556	Unicorn-44712.exe	36
PID 2556 wrote to memory of 2744	2556	Unicorn-44712.exe	36
PID 2556 wrote to memory of 2744	2556	Unicorn-44712.exe	36
PID 2504 wrote to memory of 2776	2504	Unicorn-64577.exe	37
PID 2504 wrote to memory of 2776	2504	Unicorn-64577.exe	37
PID 2504 wrote to memory of 2776	2504	Unicorn-64577.exe	37
PID 2504 wrote to memory of 2776	2504	Unicorn-64577.exe	37
PID 3052 wrote to memory of 1028	3052	Unicorn-40322.exe	38
PID 3052 wrote to memory of 1028	3052	Unicorn-40322.exe	38
PID 3052 wrote to memory of 1028	3052	Unicorn-40322.exe	38
PID 3052 wrote to memory of 1028	3052	Unicorn-40322.exe	38
PID 2904 wrote to memory of 876	2904	Unicorn-3539.exe	39
PID 2904 wrote to memory of 876	2904	Unicorn-3539.exe	39
PID 2904 wrote to memory of 876	2904	Unicorn-3539.exe	39
PID 2904 wrote to memory of 876	2904	Unicorn-3539.exe	39
PID 2572 wrote to memory of 668	2572	Unicorn-16372.exe	40
PID 2572 wrote to memory of 668	2572	Unicorn-16372.exe	40
PID 2572 wrote to memory of 668	2572	Unicorn-16372.exe	40
PID 2572 wrote to memory of 668	2572	Unicorn-16372.exe	40
PID 2744 wrote to memory of 2884	2744	Unicorn-24706.exe	41
PID 2744 wrote to memory of 2884	2744	Unicorn-24706.exe	41
PID 2744 wrote to memory of 2884	2744	Unicorn-24706.exe	41
PID 2744 wrote to memory of 2884	2744	Unicorn-24706.exe	41
PID 3052 wrote to memory of 2344	3052	Unicorn-40322.exe	42
PID 3052 wrote to memory of 2344	3052	Unicorn-40322.exe	42
PID 3052 wrote to memory of 2344	3052	Unicorn-40322.exe	42
PID 3052 wrote to memory of 2344	3052	Unicorn-40322.exe	42
PID 1028 wrote to memory of 2204	1028	Unicorn-36212.exe	43
PID 1028 wrote to memory of 2204	1028	Unicorn-36212.exe	43
PID 1028 wrote to memory of 2204	1028	Unicorn-36212.exe	43
PID 1028 wrote to memory of 2204	1028	Unicorn-36212.exe	43

C:\Users\Admin\AppData\Local\Temp\25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25f7fdb036a0b51648424ca87e6695be_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        8⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        9⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        8⤵
        
        PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        7⤵
        
        PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
        8⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        7⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64263.exe
        7⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        8⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
        7⤵
        
        PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        6⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        5⤵
        
        PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 200
        6⤵
        Program crash
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
      4⤵
      Executes dropped EXE
      PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16346.exe

Filesize
188KB

MD5
63261240600bdb5e773ce9ba906be5f7

SHA1
3dbe85992a029757f1133ff1ac02f171063fd679

SHA256
841f04cabe8424813f2b7c0e5bd9ebb726cf0963d3379e8fef37e0fddb64e597

SHA512
0825a4b6dc0bdd548fcfcd3c6bfa3d8f6787d0722b9fb6d7d4709ae047a144cf0ee912347428bcf19f7dca04b44dc0a6121daa161a3f577281077b5fc8640418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe

Filesize
188KB

MD5
e5fb1ac4ad57f3d2a43a921509508dfc

SHA1
fe60c02961a530d9d5c57060af3596d58e1d360e

SHA256
f11a383a74655da946a47dec45a5ccb629944c858fcdf673b21ed1b562b7197a

SHA512
44da65c61f17f85f4a4082d1fa6fda69915e1872d87e0cc2be302959ce0beab0cd9509b6bd24025a299728ef4cbbc6ee04ce071d47659d77700aeed3c4a63b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe

Filesize
188KB

MD5
d80828dbea061384e48a423a04b96b23

SHA1
b83e3e1e8ae4864ea3242699a1d8145714d54a3f

SHA256
8a357159e226853ff1d8e7f3030adceca363c05f68442ff0be8361b62c7997f6

SHA512
50d24cc46b62e1372ba186541d383f2de0c889df1c2b6086fdd092437215ba87dcbcb1a8cdb95b31c3e7c3eb023e26c8ede214b67b3e8a3d2ea02eb5543b3a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe

Filesize
188KB

MD5
a1788a278a6742b0a3e01958cf1f6033

SHA1
f5c70c9056b5a1268f8aa2f9720fa2c106b8383f

SHA256
5c07827a0b8d6a26bdc0eb6496c19d773d54fd65092df722f83ea4d92630c0db

SHA512
1164d02d0e5177338a4da6bf0a3fcaa1f8ea67de3fc3f287bdeb2b955cfe60bbc6f07ff2978205bcdcd012ed6f4a92ed13e0885f91f1630772a599a98b58804b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe

Filesize
188KB

MD5
fcd7194de3df80901ea4b2e1fcee6684

SHA1
7e5dd3db5c05fd1edc6433d25aeadc2be1226d56

SHA256
b1c0b4913b48e9b09fa4c066e2efb11204992f31b7fbd25355caa7930cf05cef

SHA512
0dc19687cbe0ac3981915f243af2e7cee47f2279a3e06e93df23835d4e249e9e2bdca5f645da4c81f2cdc7d0323813da5294f409c415806d5b2d8f9b4375b630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe

Filesize
188KB

MD5
ec9e61d2063dfa660f991e53c6ab2ac1

SHA1
4a5b2fb9da6dea2e98e02d40b3bf5fbc6095c597

SHA256
564bdb9507a094d016a92fd5f2c5bf0d24237a7c8a07c37146acdb90fbc95d83

SHA512
ff5b37f9757773b752f58f41c984bbdef9b7b97070cb5839ad3d0ed44d330b35df9bd00075c710b48dc7108ed5127636d763204ba6ceed8c35c0cba2d89354ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe

Filesize
188KB

MD5
62128801a7e4e680c8ae28974fd64483

SHA1
d1f0564f27d8af92546f447d34f9482e7110a5b2

SHA256
588f29d2521e5f62ddf34c55b318e4d8a274af00fbb38982c644d6de18d6c552

SHA512
b3be3bf61be22391a9eee2a701105c8b7ded4b07f4690702fb3de5e122c21877850c559c7d5ca5b3195014dd856ea8d5d678c084c5437dfe3d582b3870b84cfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe

Filesize
188KB

MD5
7c47e2c98882fdb2004ca161d20330a9

SHA1
a0e741c6d7025d7cde289bb38ae231aa6cd2fa42

SHA256
d5a790c3b5977b764474079284a919be0bc68ea8a6e537810ad82f438f133bbe

SHA512
99ceb5120725c3d6c4076e02dc7a1b9e61be84c723839bbadf731126809ff72218d87956c5844bb7d9850cd737b7c8f17d38769ef902dc068184a9dbb174d3e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe

Filesize
188KB

MD5
096852c039a007985ac15e1befeb6dbd

SHA1
bd1c21ab5cff8abe2f758f88d17a799e29674e83

SHA256
20716757aa0beddf0fbb15884a3715d5ac5b1ec804a9add7f150e07916e994cc

SHA512
8276f22df1a174fac070f76b5813f2ed6f07729d3f7db30f8e056701579494e1f353663d6d7ca4c1c39d9c337e8492b2797b18638537a8879f3604e3a5528060

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe

Filesize
188KB

MD5
33e836486a70557c64bec45971bf8a6f

SHA1
86dc3cccbacb230666011ff9f8489dfe29ac1de3

SHA256
1584bf7817d290d5450c7c7b2c94d2bad6ba04a88b3a08161395dec84d0a56bf

SHA512
c78f90b878b2eb9c59951fac8769e9851efd775aa7de727bdcc256b8cad1abcd5c0829887614ae2f756bdd88d3490b125a67a511d96feb107ff2b94a28a8f289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe

Filesize
188KB

MD5
4bdb662a7d9b62e9f855d266c1a5b9fb

SHA1
9277920134b318875bba32404e8c4108775195dc

SHA256
93f130849e1e9d5eefd5df0046d222509daf7aa0b2ba7af16dce3f9d77aa916a

SHA512
313716326056b8d96fe356f5e2e0349b844bdc67e2454df5c20384f3b63b746908ea4e7d984e98fa7342a3210bec5613e61d6e487d95b350f4a30b542d2edf58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe

Filesize
188KB

MD5
05dba34bc1e9a7a75b7f1e3f50760451

SHA1
e713052613471772c4053cd35d661d9ee6c10d34

SHA256
ed0e4bd984938d4471ce87c0114212b78334f9af176130108874d191bac871c9

SHA512
42f045b15248615d695bd0842590dcdc6a6b1c5c82734e0de3ded7fd0ec5a72be313cbb7057cf4283ee09fc6154ad49eba3a0aaed9357e3231930afe644db9ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe

Filesize
188KB

MD5
7d69d17daf40a856ab1267eee19dc4a5

SHA1
7d807cd13baaf2da31f7749df6f8ae46de6b78d7

SHA256
8ec25bcb2864f6f7db6d0a3cdba9078fc8f52ee2c7c5b2423ed7076b29ea2073

SHA512
d51607b961b1f671228fea880e393db16cc31ab233d3c862033ae07151e04f86a83ceb887659d3e17360afe99a3581e7c073234cf0e2868ab363d644d8e6455b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe

Filesize
188KB

MD5
f92b2b3ad65203ccb49a6c80d9b60ad1

SHA1
c3713932f8d26548b23d3c0f5cbff11993a5dc6a

SHA256
819935f8c1c80e483e18d9a6f6e1f20ea0ab2f4b8c5c95f7915da66977ff4d72

SHA512
e2b52a312634c2b79415a54d343031ae8dc959f8b68c9e452650531d4d3c2c493037bf5796fe23d46672091a5187d23e679ec6cff08543f822f6efcff246d6cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe

Filesize
188KB

MD5
bcfb6082abaf785f227d718b87be7a98

SHA1
bef208e83b6b3b1f05f2b3d655acea4fe17a8947

SHA256
9c2833a42dabdbfca6898bfbe22fce67643cc49c1167319a8bfd485f4f57a863

SHA512
022d6cfab361ceafacbc2e17273c2f4454489e8d6ddc3a8bdb7c70915ca79f1c9c554aeb7b1e3b09f5016c3e922347ed8f31db203f81521ef91c2a7446cb93c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe

Filesize
188KB

MD5
8783f6bde1948e74717b2ebadcda02d0

SHA1
b5637e0848b1155728452e10c74ddf48723af0be

SHA256
4ea365ce9ee850ebd2b717e8ccc7264d2257b5e23d7334325f8e37b0dcf29408

SHA512
bef57fea5e729a561948aacddf96ce09eb58bdc124298c91181e45b3454b8c761840f4fb102ba83ed796ed21e87131a8efcdb79bcbb9129ab6a190ababda7f72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe

Filesize
188KB

MD5
c0e755340eedebffc9a3172dbb8e3c53

SHA1
f8271c12ced6f7932a72418cedc389a9d5a8cc3f

SHA256
674a0887c45d967f62f4711da289303abccfbaf75cf2b92a5c14a7ee2e8f5cb2

SHA512
2c69e2dbb1ca5ceee9799f0c672efeb7d18f4fb11c6f057d80918cb4f073fb7313320bfbd9cc10f5d31eab7daf0274195f46092f750f51bd8d4a201d04c71b19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe

Filesize
188KB

MD5
c428d5446029353b368adf463b0eb8f4

SHA1
bc5c2efbc21a94d527f399c499f0b619977c5636

SHA256
45bdf13e7c339ff27e797d1eda8d91f4f1a3f9a2c11ca37a3bba0edd0c3da538

SHA512
2a273099f74b3b43f4fd95994dbfe3ae278565b46f72b1d56dcd11fba4a3c3cdd28f8f53de21cb3fecea9c04881b67e11cdb3b414bc45cbf2adb018913f68729

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe

Filesize
188KB

MD5
da51905020673361ad92b3e260bc9c22

SHA1
6383130d85226bb69516704cab3f3fb8fce5b132

SHA256
dee3a8ba19d731d1c39f48976097c76f3707df09e489f0bcd28fde10ee066b12

SHA512
2ca4a73d852eca3ba6d1c935d108bdcf34e21d37738e10ad47d4e6157d802dffb17c8bc633b381db320070a140bd01f1b6f1d9371ff5357db998aac4cef78e8b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads