38ad7908e61ba2e5caed0ba6fe610e4b79dcc54ba364f9abcf81c9d23da87579

Analysis

max time kernel
28s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
Size

188KB
MD5

c3989522f415b11b95792a22b63e30e1
SHA1

16fa76218a63b3be0ea961c56b0c56b1da6e81c8
SHA256

38ad7908e61ba2e5caed0ba6fe610e4b79dcc54ba364f9abcf81c9d23da87579
SHA512

331d08fcac60b57b4a957739086f249c542f915911c9ecbfa32d7514a19295e3da615c28bf7e3a299ea9ed9607ddc3621854c1ca261283d8652cc23edc920dc2
SSDEEP

3072:4BTYomjtlZwp9Hje8B+3TUReDUiMGBfpClxQ7crjdlv1pFZ:4BcogSp9y8E3TUsNvQdlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1764	Unicorn-13457.exe
1940	Unicorn-54573.exe
2584	Unicorn-34707.exe
2464	Unicorn-56602.exe
2780	Unicorn-52518.exe
2220	Unicorn-63379.exe
1308	Unicorn-29130.exe
1628	Unicorn-9264.exe
2264	Unicorn-27546.exe
3068	Unicorn-47412.exe
1948	Unicorn-12601.exe
2724	Unicorn-39519.exe
644	Unicorn-50188.exe
2076	Unicorn-432.exe
1924	Unicorn-18907.exe
2672	Unicorn-56410.exe
1748	Unicorn-10738.exe
532	Unicorn-37957.exe
1664	Unicorn-48818.exe
1376	Unicorn-2653.exe
980	Unicorn-13514.exe
2196	Unicorn-17620.exe
1836	Unicorn-48346.exe
1288	Unicorn-20312.exe
2176	Unicorn-1283.exe
2984	Unicorn-12144.exe
2412	Unicorn-3784.exe
2160	Unicorn-27926.exe
2312	Unicorn-30426.exe
1620	Unicorn-15481.exe
2368	Unicorn-54376.exe
2536	Unicorn-19566.exe
2760	Unicorn-61174.exe
2588	Unicorn-41308.exe
2452	Unicorn-57666.exe
2472	Unicorn-10603.exe
2528	Unicorn-52191.exe
2900	Unicorn-37246.exe
2640	Unicorn-48107.exe
2920	Unicorn-63888.exe
1304	Unicorn-43276.exe
1596	Unicorn-43276.exe
1656	Unicorn-4381.exe
1648	Unicorn-41884.exe
2420	Unicorn-41138.exe
2604	Unicorn-16442.exe
2268	Unicorn-62113.exe
2352	Unicorn-62113.exe
880	Unicorn-23218.exe
1532	Unicorn-12357.exe
2516	Unicorn-12357.exe
2644	Unicorn-23218.exe
2336	Unicorn-63971.exe
2324	Unicorn-9295.exe
2424	Unicorn-57749.exe
2972	Unicorn-57557.exe
780	Unicorn-37691.exe
1052	Unicorn-11070.exe
380	Unicorn-11070.exe
2864	Unicorn-56742.exe
2956	Unicorn-56742.exe
1616	Unicorn-52259.exe
1732	Unicorn-52259.exe
1720	Unicorn-52259.exe

Loads dropped DLL 64 IoCs

pid	Process
856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
1764	Unicorn-13457.exe
1764	Unicorn-13457.exe
856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
2584	Unicorn-34707.exe
2584	Unicorn-34707.exe
1940	Unicorn-54573.exe
1940	Unicorn-54573.exe
1764	Unicorn-13457.exe
1764	Unicorn-13457.exe
2464	Unicorn-56602.exe
2584	Unicorn-34707.exe
2464	Unicorn-56602.exe
2584	Unicorn-34707.exe
1940	Unicorn-54573.exe
2780	Unicorn-52518.exe
1940	Unicorn-54573.exe
2780	Unicorn-52518.exe
2220	Unicorn-63379.exe
2220	Unicorn-63379.exe
1308	Unicorn-29130.exe
1308	Unicorn-29130.exe
2464	Unicorn-56602.exe
2464	Unicorn-56602.exe
1628	Unicorn-9264.exe
1628	Unicorn-9264.exe
3068	Unicorn-47412.exe
3068	Unicorn-47412.exe
2780	Unicorn-52518.exe
2264	Unicorn-27546.exe
2780	Unicorn-52518.exe
2264	Unicorn-27546.exe
1948	Unicorn-12601.exe
1948	Unicorn-12601.exe
2220	Unicorn-63379.exe
2220	Unicorn-63379.exe
2724	Unicorn-39519.exe
2724	Unicorn-39519.exe
1308	Unicorn-29130.exe
1308	Unicorn-29130.exe
644	Unicorn-50188.exe
644	Unicorn-50188.exe
1924	Unicorn-18907.exe
1924	Unicorn-18907.exe
3068	Unicorn-47412.exe
3068	Unicorn-47412.exe
532	Unicorn-37957.exe
532	Unicorn-37957.exe
1948	Unicorn-12601.exe
1948	Unicorn-12601.exe
2076	Unicorn-432.exe
2076	Unicorn-432.exe
1628	Unicorn-9264.exe
1628	Unicorn-9264.exe
2264	Unicorn-27546.exe
2264	Unicorn-27546.exe
2672	Unicorn-56410.exe
2672	Unicorn-56410.exe
1748	Unicorn-10738.exe
1664	Unicorn-48818.exe
1748	Unicorn-10738.exe
1664	Unicorn-48818.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1740	2920	WerFault.exe	67
1724	2588	WerFault.exe	60

Suspicious use of SetWindowsHookEx 54 IoCs

pid	Process
856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
1764	Unicorn-13457.exe
2584	Unicorn-34707.exe
1940	Unicorn-54573.exe
2464	Unicorn-56602.exe
2780	Unicorn-52518.exe
2220	Unicorn-63379.exe
1308	Unicorn-29130.exe
1628	Unicorn-9264.exe
3068	Unicorn-47412.exe
2264	Unicorn-27546.exe
1948	Unicorn-12601.exe
2724	Unicorn-39519.exe
644	Unicorn-50188.exe
2076	Unicorn-432.exe
1924	Unicorn-18907.exe
532	Unicorn-37957.exe
2672	Unicorn-56410.exe
1748	Unicorn-10738.exe
1664	Unicorn-48818.exe
1376	Unicorn-2653.exe
980	Unicorn-13514.exe
2196	Unicorn-17620.exe
1836	Unicorn-48346.exe
1288	Unicorn-20312.exe
2176	Unicorn-1283.exe
2984	Unicorn-12144.exe
2412	Unicorn-3784.exe
2536	Unicorn-19566.exe
1620	Unicorn-15481.exe
2368	Unicorn-54376.exe
2160	Unicorn-27926.exe
2760	Unicorn-61174.exe
2472	Unicorn-10603.exe
2588	Unicorn-41308.exe
2452	Unicorn-57666.exe
2920	Unicorn-63888.exe
2900	Unicorn-37246.exe
1648	Unicorn-41884.exe
2528	Unicorn-52191.exe
2640	Unicorn-48107.exe
1596	Unicorn-43276.exe
1304	Unicorn-43276.exe
2644	Unicorn-23218.exe
2516	Unicorn-12357.exe
880	Unicorn-23218.exe
2268	Unicorn-62113.exe
2352	Unicorn-62113.exe
2604	Unicorn-16442.exe
1656	Unicorn-4381.exe
2420	Unicorn-41138.exe
1532	Unicorn-12357.exe
2336	Unicorn-63971.exe
2324	Unicorn-9295.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1764	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	28
PID 856 wrote to memory of 1764	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	28
PID 856 wrote to memory of 1764	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	28
PID 856 wrote to memory of 1764	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	28
PID 1764 wrote to memory of 1940	1764	Unicorn-13457.exe	29
PID 1764 wrote to memory of 1940	1764	Unicorn-13457.exe	29
PID 1764 wrote to memory of 1940	1764	Unicorn-13457.exe	29
PID 1764 wrote to memory of 1940	1764	Unicorn-13457.exe	29
PID 856 wrote to memory of 2584	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	30
PID 856 wrote to memory of 2584	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	30
PID 856 wrote to memory of 2584	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	30
PID 856 wrote to memory of 2584	856	c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe	30
PID 2584 wrote to memory of 2464	2584	Unicorn-34707.exe	31
PID 2584 wrote to memory of 2464	2584	Unicorn-34707.exe	31
PID 2584 wrote to memory of 2464	2584	Unicorn-34707.exe	31
PID 2584 wrote to memory of 2464	2584	Unicorn-34707.exe	31
PID 1940 wrote to memory of 2780	1940	Unicorn-54573.exe	32
PID 1940 wrote to memory of 2780	1940	Unicorn-54573.exe	32
PID 1940 wrote to memory of 2780	1940	Unicorn-54573.exe	32
PID 1940 wrote to memory of 2780	1940	Unicorn-54573.exe	32
PID 1764 wrote to memory of 2220	1764	Unicorn-13457.exe	33
PID 1764 wrote to memory of 2220	1764	Unicorn-13457.exe	33
PID 1764 wrote to memory of 2220	1764	Unicorn-13457.exe	33
PID 1764 wrote to memory of 2220	1764	Unicorn-13457.exe	33
PID 2464 wrote to memory of 1308	2464	Unicorn-56602.exe	34
PID 2464 wrote to memory of 1308	2464	Unicorn-56602.exe	34
PID 2464 wrote to memory of 1308	2464	Unicorn-56602.exe	34
PID 2464 wrote to memory of 1308	2464	Unicorn-56602.exe	34
PID 2584 wrote to memory of 1628	2584	Unicorn-34707.exe	35
PID 2584 wrote to memory of 1628	2584	Unicorn-34707.exe	35
PID 2584 wrote to memory of 1628	2584	Unicorn-34707.exe	35
PID 2584 wrote to memory of 1628	2584	Unicorn-34707.exe	35
PID 1940 wrote to memory of 2264	1940	Unicorn-54573.exe	37
PID 1940 wrote to memory of 2264	1940	Unicorn-54573.exe	37
PID 1940 wrote to memory of 2264	1940	Unicorn-54573.exe	37
PID 1940 wrote to memory of 2264	1940	Unicorn-54573.exe	37
PID 2780 wrote to memory of 3068	2780	Unicorn-52518.exe	36
PID 2780 wrote to memory of 3068	2780	Unicorn-52518.exe	36
PID 2780 wrote to memory of 3068	2780	Unicorn-52518.exe	36
PID 2780 wrote to memory of 3068	2780	Unicorn-52518.exe	36
PID 2220 wrote to memory of 1948	2220	Unicorn-63379.exe	38
PID 2220 wrote to memory of 1948	2220	Unicorn-63379.exe	38
PID 2220 wrote to memory of 1948	2220	Unicorn-63379.exe	38
PID 2220 wrote to memory of 1948	2220	Unicorn-63379.exe	38
PID 1308 wrote to memory of 2724	1308	Unicorn-29130.exe	39
PID 1308 wrote to memory of 2724	1308	Unicorn-29130.exe	39
PID 1308 wrote to memory of 2724	1308	Unicorn-29130.exe	39
PID 1308 wrote to memory of 2724	1308	Unicorn-29130.exe	39
PID 2464 wrote to memory of 644	2464	Unicorn-56602.exe	40
PID 2464 wrote to memory of 644	2464	Unicorn-56602.exe	40
PID 2464 wrote to memory of 644	2464	Unicorn-56602.exe	40
PID 2464 wrote to memory of 644	2464	Unicorn-56602.exe	40
PID 1628 wrote to memory of 2076	1628	Unicorn-9264.exe	41
PID 1628 wrote to memory of 2076	1628	Unicorn-9264.exe	41
PID 1628 wrote to memory of 2076	1628	Unicorn-9264.exe	41
PID 1628 wrote to memory of 2076	1628	Unicorn-9264.exe	41
PID 3068 wrote to memory of 1924	3068	Unicorn-47412.exe	42
PID 3068 wrote to memory of 1924	3068	Unicorn-47412.exe	42
PID 3068 wrote to memory of 1924	3068	Unicorn-47412.exe	42
PID 3068 wrote to memory of 1924	3068	Unicorn-47412.exe	42
PID 2780 wrote to memory of 2672	2780	Unicorn-52518.exe	43
PID 2780 wrote to memory of 2672	2780	Unicorn-52518.exe	43
PID 2780 wrote to memory of 2672	2780	Unicorn-52518.exe	43
PID 2780 wrote to memory of 2672	2780	Unicorn-52518.exe	43

C:\Users\Admin\AppData\Local\Temp\c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c3989522f415b11b95792a22b63e30e1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        9⤵
        Executes dropped EXE
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        8⤵
        Executes dropped EXE
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        8⤵
        Executes dropped EXE
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 200
        8⤵
        Program crash
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        7⤵
        
        PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        8⤵
        Executes dropped EXE
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        7⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30426.exe
        5⤵
        Executes dropped EXE
        
        PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        7⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        9⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        7⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
        6⤵
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        7⤵
        
        PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        6⤵
        
        PID:2464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        7⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
        8⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        6⤵
        Executes dropped EXE
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        7⤵
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        7⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        8⤵
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        6⤵
        
        PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-432.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        7⤵
        Executes dropped EXE
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        6⤵
        Executes dropped EXE
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        7⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        6⤵
        
        PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
        6⤵
        Executes dropped EXE
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        7⤵
        
        PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe

Filesize
188KB

MD5
6b1e6743e0cb4e79eec3a3ea6ae13845

SHA1
5d11b18e8607d43babf01eb5c1ffc8ba48e854b5

SHA256
bd2fc91591c545cfdd32e9bf07174d24f0e96fef0a32453807f47a8609c14be5

SHA512
058e1f0729e072abcac67c48a9fba4f5598c645f34aebda157506a1a97d6fa803d5858d1618acde9f672d5bffe2290b1711daa65d946c6813cdc9df1e9e32958

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe

Filesize
188KB

MD5
d2e6948f5900b7d90916b74f8383ca93

SHA1
a793b1496df4ed69710495f037c086951ccca5f4

SHA256
1ddba92842761a9d50908f7d72230ef3c72f76ae5d8451470a8e983d127483d8

SHA512
e66c60318b5b7c9ed50a225b53662fbf78a28609da84b803018d76aef6defe7b29a2965f493a5618252d62cf960d83b64c3bb41c2b4b29682c5b34abe0911eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe

Filesize
188KB

MD5
a9f096e4a2463d0dec085d60ad83cd1b

SHA1
4e9459a8957855d697032d52844fa78d5fd46fda

SHA256
6d5dfa6106f7d0bce90ccd7c6a89e1e05e2d77f9e89a26a994f4678d72c48e78

SHA512
10efe3f08afa7c7d293ae40862298a7e264842b3ba9f96f5084cfbd057a28eabef903d2f750c050ba125b519664fb83ae2ab21253414085293921b847cdacf75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe

Filesize
188KB

MD5
f42f42fac1d2c436e19ffd2ec5f510b8

SHA1
a6842188031690008a93330770e970db1c4c601c

SHA256
d8f7b205a2aee4c67fb16459b43fe43d1a3c32a9611d85f75b4fa409679e8d04

SHA512
3ab3cfa6410e867c341218d80245361b035cdc6c3d3bdc62dd7a0f248197a9c96b65c23ab747175dc5dde271e0c36ba2db7ce1424e093003c77f465a93eac01d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe

Filesize
188KB

MD5
a82875c3569a797ccc4e9f4142625486

SHA1
73358fb943b10b4e4ecef497d543519bb4eb7712

SHA256
d810939de904b3cf369e55764f09bd487a08bc9d2d72bfa7e35daaa66673bc99

SHA512
420b995f1e3b9defb4894e920156dfac144a58a7943751d479beb03982e437de45b5a285bb9904e432ade0d69663fee18adcd67aceabf134b1b3d78ae975b9e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe

Filesize
188KB

MD5
a31da4ef4d043ec2b73de864c9de816f

SHA1
d756e348d808d8fa34710d2deabd22e3f799a153

SHA256
6f04ab682ae9266c7aaadd4e35d1e295a048e2a53cdff0efd48130c9a6b8e725

SHA512
dee16ca2bbaff80310759630982ef4e105d58f44b13c97af4d6b3200a32e31bff0d6e24b606a09bd0a969168966cfd6cd54d2ffada46e994bf2d108daa1582f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe

Filesize
188KB

MD5
70f26ad21878c5c9dc2c549bf9015318

SHA1
66f4c8b76ccf5bedd58f5b042c93d02cefcacbf5

SHA256
d3372c4a17950cf2d966225234bc7912b6f99f4b985773bffe8304aadaa84dc5

SHA512
235567244ccc2e8a4a042a9550c4523343600f93b8e360f9d78dd48e1c0d29b3cfb6dc55ab28fe649ed7598f3a844554530e45c4bd3e5e0ea868237d88933282

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe

Filesize
188KB

MD5
cf127c0ed4a958a7b6ea2bcab60711d7

SHA1
eb6091ef2c2bd6045aa0b16db3428bafb5445e64

SHA256
1f1999262e89391398f2d4a3da788e47cf907688713a72a91b46d16513cd327f

SHA512
f55ff5a0ba63d0f2ec1fc4665b7f0fca27a62a72c41c6afdb2e43f80872cb0245edc089cc9591114763b3b553b720ba2e83405b790ae02b706f583d44a8886b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe

Filesize
188KB

MD5
f7a91a264e573019b3e9d0076a090cbe

SHA1
5e6c4f0ef0321a267ea89ca49bd4b5eb2cb48cfa

SHA256
38d6703e490b608a88fc571bb2275c773a26a7f8317f975e0eb92f07b01b8b73

SHA512
2a2a962dd0c53ac7ced50961fc28a8caecac32bcf1c361cdc9a41637ff04f1a1bfce3e7d8a170752075673e394a4c71fc3326e9315eec6743f670711c20e4dc6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe

Filesize
188KB

MD5
305ee8d6f94c0b5cf85c5a7b7e43be34

SHA1
91c5aeb172a4055beac0007bef240e25a8a17015

SHA256
8f1f3d055e42715e1add5a24651accc8224375d2a9b31e5cbd67c961afb76adf

SHA512
4c868a9a597d8dce366044539cce71cbe71838f98c5c369b09abbc30d5bef79b3da4c261648f368217e00d8a7c3e4d6d2c2b7db65a4002d6e93d632dac2b3edc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe

Filesize
188KB

MD5
b11115a8f228b5caafe2dc0d7739214b

SHA1
dda3040180d383dba98b802451ce8b3b2b0adb97

SHA256
c2dfa94be5b8294e32c4f516ddf77fbeb9408f0241e04b3d65b01dd9c62896e6

SHA512
5e8bb0193c68c3cff9218373668f3c8a779c74f545ab7ee99e75954ad918f5c076cdc1d4252058a5e635dac196ac972253cb3b7c13a9691a89563f4dc0282188

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-432.exe

Filesize
188KB

MD5
1d5a69006a0220291de6e3285615b068

SHA1
64c60961e2d7486713c983619a848c6410e276bf

SHA256
4f25657c6ebb3ed840dc96d3be15fd924803f0a170762c3c7c23569a4f5be0f3

SHA512
d84fe872573584674988ac3b361be84eeefbd98831dbea4975d73b77ed6bd4eb70222d0f03bd85544f56a3a5b7de5c7997eaf0a9f9ac00acdcfe301e73246a41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe

Filesize
188KB

MD5
e8bb102b247467db1d46437316aec778

SHA1
bb86a8c6428d5468f7595a3c5cd9d5b6edbd07ac

SHA256
0d0823cb85aaa21b97aa6810c0fb6f6150250312fa4c2262ee4116c60c5485c4

SHA512
6a6b7f887a6131434905c25129e7448fb6c4cc47a3218df1bc8e8af36d3c9ef46822dc71378bead0e336f1d5f0cdb97fddbfbcb311f4d20d25a8644f2783c9bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe

Filesize
188KB

MD5
c82883ce73004102e0cb9f82227edf5a

SHA1
ac9a414c25c55b869c8ca6543dc3e107e734ca3d

SHA256
ad330d34690c7215cff90066069c52bfb20a0ecbbbd48cd1d5ee9a86c0e4020b

SHA512
021d95f1dae23efbb200160e6691b12a9a4fce7c2ede1364ffc54f1d1f74cd25c4a53b5a1b6cffcd951842de5636775d481b94f734b11e175c1b5d9c8472cbe9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe

Filesize
188KB

MD5
d88082ce5ed66c6fd3b29c736b92db12

SHA1
692696c9a3e599650b3c8696a050dbdfba6d5397

SHA256
7660213fe4a5d0796cbb22310f5403cb52b43cb237595b8ba7f3e9bd6bba7053

SHA512
255d57888abb34502e145d599d8967759cd6eabe47ebca047ce85452a907b7f385d73003115ba88d67b82996084b991b3baabd5fc9cad15463dfd4314f02826c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe

Filesize
188KB

MD5
6b7d8a0e972dbaa278f8ea8d8dcd580b

SHA1
9b1608a5162fb6f4f1f6aa338c5d7531584ace94

SHA256
2d5e2862272ea96268b4b0c14be3b00837a59f13cb285392d6c23aa826d52c71

SHA512
11f91145de1486ea3bd0c5532ec5423ee09d16b7373f78ae4637ee94d6977a69097c2f00bc58f0126ef2e7bdd1e95a8f85c87cab0d8fb6da26c1b84a5f9a4556

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe

Filesize
188KB

MD5
815d688aff9488a5fe3878a1291b4b08

SHA1
79ae04e3e9e5f4ff82b37b4c634b357039ff6139

SHA256
62ba720ce4a6a6b569dc8ce8ca25ec10315ff6715cd5ac73b52befaf959c29ba

SHA512
a2f13ac7f5b2081921713136347a5a8ff1ef2142d296d0e58329606f46749561dd88096a749320dc9d0078980fc84405f796cc2da6778ea2a226a9b5bcdc7d03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe

Filesize
188KB

MD5
70589aecec4bdd40aef8a67e850da3a1

SHA1
6bb5e1a2e7593b9cddb00c2f1693a48b61030298

SHA256
1d3f23f9b645026daad032b69345906520a49c7a022d7ee8addbd4ef069acdf4

SHA512
70dc8a3a4ae841cf5191326bb19a8b76762176491be8ab4ef4909663dba5a2882610736d15818b3d3205579d1a5fd4f9a7dee649cdf3d681f0af5ccb26ee55dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads