debbd12da8b04ae438580c29900813972180339d521458c88b3bac73bd2a7bde

Analysis

max time kernel
38s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
Size

192KB
MD5

c3c67210563a064c5b8bd1f707464377
SHA1

b0fcf3238018a37c99515267f5e3a5e479a14a4b
SHA256

debbd12da8b04ae438580c29900813972180339d521458c88b3bac73bd2a7bde
SHA512

8d03b0c38a272ad3da78680853ff644912020d6858cc25be1730418a1072b9581d86dde64762b6c35203a493c27a6b3fb993ac954bb9e8fcd2d79a6967591aab
SSDEEP

3072:UXEzoWuwxeO0GOfwd3tecJZwh0sMl76Mybx7E8if9lTvpF7:UX0oAh0GnddecJ9Gvu9lTvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1752	Unicorn-58623.exe
3036	Unicorn-16282.exe
2512	Unicorn-1337.exe
2444	Unicorn-13371.exe
2688	Unicorn-52759.exe
2152	Unicorn-19079.exe
748	Unicorn-17695.exe
2800	Unicorn-40807.exe
480	Unicorn-64757.exe
2712	Unicorn-48976.exe
1424	Unicorn-58426.exe
1780	Unicorn-36060.exe
1528	Unicorn-42644.exe
2968	Unicorn-59173.exe
1992	Unicorn-17586.exe
2216	Unicorn-29838.exe
1948	Unicorn-1332.exe
872	Unicorn-28529.exe
836	Unicorn-30497.exe
1488	Unicorn-31051.exe
1612	Unicorn-48971.exe
1832	Unicorn-48971.exe
1812	Unicorn-38473.exe
2608	Unicorn-10439.exe
2884	Unicorn-39219.exe
2120	Unicorn-59085.exe
1908	Unicorn-58291.exe
2696	Unicorn-50678.exe
3060	Unicorn-25619.exe
2664	Unicorn-41955.exe
3052	Unicorn-3423.exe
2592	Unicorn-33595.exe
2468	Unicorn-55146.exe
2540	Unicorn-20850.exe
2400	Unicorn-14990.exe
2184	Unicorn-34856.exe
2816	Unicorn-40755.exe
1196	Unicorn-51384.exe
2388	Unicorn-19096.exe
2324	Unicorn-58737.exe
1176	Unicorn-56044.exe
1484	Unicorn-31732.exe
1576	Unicorn-9920.exe
1748	Unicorn-17342.exe
692	Unicorn-9728.exe
1076	Unicorn-11695.exe
1664	Unicorn-40476.exe
1828	Unicorn-34254.exe
1068	Unicorn-26448.exe
2160	Unicorn-31924.exe
1408	Unicorn-63397.exe
1996	Unicorn-50974.exe
2548	Unicorn-4466.exe
2624	Unicorn-20994.exe
3004	Unicorn-30554.exe
2412	Unicorn-36392.exe
2820	Unicorn-5232.exe
2780	Unicorn-25845.exe
2348	Unicorn-5787.exe
2060	Unicorn-32813.exe
1088	Unicorn-21953.exe
1700	Unicorn-40811.exe
1208	Unicorn-16691.exe
2536	Unicorn-26696.exe

Loads dropped DLL 64 IoCs

pid	Process
2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
1752	Unicorn-58623.exe
2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
1752	Unicorn-58623.exe
3036	Unicorn-16282.exe
2512	Unicorn-1337.exe
2512	Unicorn-1337.exe
3036	Unicorn-16282.exe
1752	Unicorn-58623.exe
1752	Unicorn-58623.exe
2444	Unicorn-13371.exe
2444	Unicorn-13371.exe
2688	Unicorn-52759.exe
2688	Unicorn-52759.exe
2512	Unicorn-1337.exe
2512	Unicorn-1337.exe
3036	Unicorn-16282.exe
3036	Unicorn-16282.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
392	WerFault.exe
392	WerFault.exe
392	WerFault.exe
392	WerFault.exe
392	WerFault.exe
392	WerFault.exe
392	WerFault.exe
748	Unicorn-17695.exe
748	Unicorn-17695.exe
480	Unicorn-64757.exe
480	Unicorn-64757.exe
2444	Unicorn-13371.exe
2444	Unicorn-13371.exe
2688	Unicorn-52759.exe
2688	Unicorn-52759.exe
2800	Unicorn-40807.exe
2800	Unicorn-40807.exe
2712	Unicorn-48976.exe
2712	Unicorn-48976.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
2308	WerFault.exe
1424	Unicorn-58426.exe
1424	Unicorn-58426.exe
748	Unicorn-17695.exe
748	Unicorn-17695.exe

Program crash 54 IoCs

pid	pid_target	Process	procid_target
2852	2332	WerFault.exe	27
2000	3036	WerFault.exe	29
392	2512	WerFault.exe	30
2864	2444	WerFault.exe	33
2308	2688	WerFault.exe	32
332	1752	WerFault.exe	28
1184	748	WerFault.exe	35
2996	480	WerFault.exe	36
2200	2712	WerFault.exe	38
2832	2800	WerFault.exe	37
2720	1424	WerFault.exe	41
1524	1780	WerFault.exe	42
3068	1528	WerFault.exe	43
2868	1992	WerFault.exe	46
2504	2216	WerFault.exe	45
2396	1948	WerFault.exe	49
576	2968	WerFault.exe	44
896	1812	WerFault.exe	55
2168	1908	WerFault.exe	64
1016	3060	WerFault.exe	66
2632	2120	WerFault.exe	57
324	2664	WerFault.exe	67
924	2468	WerFault.exe	70
664	2540	WerFault.exe	71
2972	2592	WerFault.exe	69
2944	1196	WerFault.exe	75
3168	872	WerFault.exe	50
3364	2608	WerFault.exe	56
3356	1612	WerFault.exe	53
3348	836	WerFault.exe	51
3376	3052	WerFault.exe	68
3384	2696	WerFault.exe	65
3392	1832	WerFault.exe	54
3412	2400	WerFault.exe	73
3504	1488	WerFault.exe	52
3564	2816	WerFault.exe	74
3712	2884	WerFault.exe	58
3752	1996	WerFault.exe	93
3744	1748	WerFault.exe	85
3736	1484	WerFault.exe	81
3728	2624	WerFault.exe	95
3840	1576	WerFault.exe	82
3832	2184	WerFault.exe	72
3824	2388	WerFault.exe	76
3812	2412	WerFault.exe	97
3804	2324	WerFault.exe	77
3796	2780	WerFault.exe	101
3788	1088	WerFault.exe	105
4048	1176	WerFault.exe	78
4084	1828	WerFault.exe	89
4076	2160	WerFault.exe	91
3764	1700	WerFault.exe	106
4192	1076	WerFault.exe	87
4248	1208	WerFault.exe	107

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
1752	Unicorn-58623.exe
3036	Unicorn-16282.exe
2512	Unicorn-1337.exe
2444	Unicorn-13371.exe
2688	Unicorn-52759.exe
2152	Unicorn-19079.exe
748	Unicorn-17695.exe
480	Unicorn-64757.exe
2712	Unicorn-48976.exe
2800	Unicorn-40807.exe
1424	Unicorn-58426.exe
1780	Unicorn-36060.exe
2216	Unicorn-29838.exe
1528	Unicorn-42644.exe
1992	Unicorn-17586.exe
2968	Unicorn-59173.exe
1948	Unicorn-1332.exe
872	Unicorn-28529.exe
836	Unicorn-30497.exe
1612	Unicorn-48971.exe
1488	Unicorn-31051.exe
1812	Unicorn-38473.exe
2120	Unicorn-59085.exe
1832	Unicorn-48971.exe
2608	Unicorn-10439.exe
2884	Unicorn-39219.exe
1908	Unicorn-58291.exe
3060	Unicorn-25619.exe
2696	Unicorn-50678.exe
3052	Unicorn-3423.exe
2664	Unicorn-41955.exe
2592	Unicorn-33595.exe
2468	Unicorn-55146.exe
2540	Unicorn-20850.exe
2184	Unicorn-34856.exe
2400	Unicorn-14990.exe
2388	Unicorn-19096.exe
1196	Unicorn-51384.exe
2816	Unicorn-40755.exe
1176	Unicorn-56044.exe
2324	Unicorn-58737.exe
1484	Unicorn-31732.exe
1576	Unicorn-9920.exe
1748	Unicorn-17342.exe
692	Unicorn-9728.exe
1076	Unicorn-11695.exe
1664	Unicorn-40476.exe
1828	Unicorn-34254.exe
2160	Unicorn-31924.exe
1068	Unicorn-26448.exe
1996	Unicorn-50974.exe
1408	Unicorn-63397.exe
2548	Unicorn-4466.exe
2624	Unicorn-20994.exe
3004	Unicorn-30554.exe
2412	Unicorn-36392.exe
2780	Unicorn-25845.exe
2820	Unicorn-5232.exe
2348	Unicorn-5787.exe
2060	Unicorn-32813.exe
1088	Unicorn-21953.exe
1700	Unicorn-40811.exe
1208	Unicorn-16691.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1752	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1752	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1752	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1752	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	28
PID 2332 wrote to memory of 3036	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	29
PID 2332 wrote to memory of 3036	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	29
PID 2332 wrote to memory of 3036	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	29
PID 2332 wrote to memory of 3036	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	29
PID 1752 wrote to memory of 2512	1752	Unicorn-58623.exe	30
PID 1752 wrote to memory of 2512	1752	Unicorn-58623.exe	30
PID 1752 wrote to memory of 2512	1752	Unicorn-58623.exe	30
PID 1752 wrote to memory of 2512	1752	Unicorn-58623.exe	30
PID 2332 wrote to memory of 2852	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	31
PID 2332 wrote to memory of 2852	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	31
PID 2332 wrote to memory of 2852	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	31
PID 2332 wrote to memory of 2852	2332	c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe	31
PID 2512 wrote to memory of 2444	2512	Unicorn-1337.exe	33
PID 2512 wrote to memory of 2444	2512	Unicorn-1337.exe	33
PID 2512 wrote to memory of 2444	2512	Unicorn-1337.exe	33
PID 2512 wrote to memory of 2444	2512	Unicorn-1337.exe	33
PID 3036 wrote to memory of 2688	3036	Unicorn-16282.exe	32
PID 3036 wrote to memory of 2688	3036	Unicorn-16282.exe	32
PID 3036 wrote to memory of 2688	3036	Unicorn-16282.exe	32
PID 3036 wrote to memory of 2688	3036	Unicorn-16282.exe	32
PID 1752 wrote to memory of 2152	1752	Unicorn-58623.exe	34
PID 1752 wrote to memory of 2152	1752	Unicorn-58623.exe	34
PID 1752 wrote to memory of 2152	1752	Unicorn-58623.exe	34
PID 1752 wrote to memory of 2152	1752	Unicorn-58623.exe	34
PID 2444 wrote to memory of 748	2444	Unicorn-13371.exe	35
PID 2444 wrote to memory of 748	2444	Unicorn-13371.exe	35
PID 2444 wrote to memory of 748	2444	Unicorn-13371.exe	35
PID 2444 wrote to memory of 748	2444	Unicorn-13371.exe	35
PID 2688 wrote to memory of 480	2688	Unicorn-52759.exe	36
PID 2688 wrote to memory of 480	2688	Unicorn-52759.exe	36
PID 2688 wrote to memory of 480	2688	Unicorn-52759.exe	36
PID 2688 wrote to memory of 480	2688	Unicorn-52759.exe	36
PID 2512 wrote to memory of 2800	2512	Unicorn-1337.exe	37
PID 2512 wrote to memory of 2800	2512	Unicorn-1337.exe	37
PID 2512 wrote to memory of 2800	2512	Unicorn-1337.exe	37
PID 2512 wrote to memory of 2800	2512	Unicorn-1337.exe	37
PID 3036 wrote to memory of 2712	3036	Unicorn-16282.exe	38
PID 3036 wrote to memory of 2712	3036	Unicorn-16282.exe	38
PID 3036 wrote to memory of 2712	3036	Unicorn-16282.exe	38
PID 3036 wrote to memory of 2712	3036	Unicorn-16282.exe	38
PID 3036 wrote to memory of 2000	3036	Unicorn-16282.exe	39
PID 3036 wrote to memory of 2000	3036	Unicorn-16282.exe	39
PID 3036 wrote to memory of 2000	3036	Unicorn-16282.exe	39
PID 3036 wrote to memory of 2000	3036	Unicorn-16282.exe	39
PID 2512 wrote to memory of 392	2512	Unicorn-1337.exe	40
PID 2512 wrote to memory of 392	2512	Unicorn-1337.exe	40
PID 2512 wrote to memory of 392	2512	Unicorn-1337.exe	40
PID 2512 wrote to memory of 392	2512	Unicorn-1337.exe	40
PID 748 wrote to memory of 1424	748	Unicorn-17695.exe	41
PID 748 wrote to memory of 1424	748	Unicorn-17695.exe	41
PID 748 wrote to memory of 1424	748	Unicorn-17695.exe	41
PID 748 wrote to memory of 1424	748	Unicorn-17695.exe	41
PID 480 wrote to memory of 1780	480	Unicorn-64757.exe	42
PID 480 wrote to memory of 1780	480	Unicorn-64757.exe	42
PID 480 wrote to memory of 1780	480	Unicorn-64757.exe	42
PID 480 wrote to memory of 1780	480	Unicorn-64757.exe	42
PID 2444 wrote to memory of 1528	2444	Unicorn-13371.exe	43
PID 2444 wrote to memory of 1528	2444	Unicorn-13371.exe	43
PID 2444 wrote to memory of 1528	2444	Unicorn-13371.exe	43
PID 2444 wrote to memory of 1528	2444	Unicorn-13371.exe	43

C:\Users\Admin\AppData\Local\Temp\c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c3c67210563a064c5b8bd1f707464377_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        10⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 380
        10⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 368
        9⤵
        Program crash
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        10⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 380
        10⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        9⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 380
        9⤵
        Program crash
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 376
        8⤵
        Program crash
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 380
        8⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 376
        7⤵
        Program crash
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        9⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 380
        9⤵
        Program crash
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 380
        8⤵
        Program crash
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 372
        7⤵
        Program crash
        
        PID:3168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 376
        6⤵
        Program crash
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        9⤵
        Executes dropped EXE
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 380
        9⤵
        Program crash
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 376
        8⤵
        Program crash
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 380
        7⤵
        Program crash
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        8⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 380
        8⤵
        Program crash
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 376
        7⤵
        Program crash
        
        PID:924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 368
        6⤵
        Program crash
        
        PID:3068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 368
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 380
        7⤵
        Program crash
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        8⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 372
        8⤵
        Program crash
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        7⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 380
        7⤵
        Program crash
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 376
        6⤵
        Program crash
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        7⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 372
        7⤵
        Program crash
        
        PID:3824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 380
        6⤵
        Program crash
        
        PID:3364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 376
        5⤵
        Program crash
        
        PID:2832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 376
    3⤵
    - Program crash
    PID:332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        9⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 380
        9⤵
        Program crash
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 376
        8⤵
        Program crash
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 372
        7⤵
        Program crash
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        8⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 380
        8⤵
        Program crash
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 380
        7⤵
        Program crash
        
        PID:3376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 368
        6⤵
        Program crash
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 372
        7⤵
        Program crash
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 372
        6⤵
        Program crash
        
        PID:3504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 376
        5⤵
        Program crash
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        7⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 380
        7⤵
        Program crash
        
        PID:3832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 380
        6⤵
        Program crash
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
        7⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 380
        7⤵
        Program crash
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 372
        6⤵
        Program crash
        
        PID:3564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 368
        5⤵
        Program crash
        
        PID:576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
        8⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 380
        8⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 376
        7⤵
        Program crash
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        7⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 380
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 376
        6⤵
        Program crash
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 372
        6⤵
        Program crash
        
        PID:3412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 368
        5⤵
        Program crash
        
        PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        7⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 380
        7⤵
        Program crash
        
        PID:3796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 380
        6⤵
        Program crash
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 372
        5⤵
        Program crash
        
        PID:3712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 368
      4⤵
      Program crash
      PID:2200
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 372
  2⤵
  - Program crash
  PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe

Filesize
192KB

MD5
e74c37c887b90deedd3c0ce3fa147456

SHA1
942b1d8c6d561794e7840ae3cc20e602bed7baac

SHA256
cc09ec1bd47235fb38fbbf28942a606464873eaf1566e9c6571c123a2baaaac9

SHA512
a259a386b935e6bb87deb021322d8205e1a433be0d00a664a28d135c8c835a81a045614b27cbbcc2ed722d10402a879e604d2d7ef40d9390e9e20a8768866b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe

Filesize
192KB

MD5
54e94b04655fd95da686db03a1562abc

SHA1
3dda73f48cf665b76225970121fcb71a54e856ee

SHA256
1d6191b09204591762dd187936e7ce0cf092dbb885caef1fd25c6025b471f4ce

SHA512
787e53faa4704bacf12123f8a0f0fdb4d276b783a3ed8d32233a8d27146cb0a2d5c05adf1382f52551c10044f84a5f34380c39b395337f9d7a0e45295ef64755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe

Filesize
192KB

MD5
db7d4175b107ab449f62b10ee92630d5

SHA1
9c0cfa1fdd6fcdfbf17cf0eaf0d252d4f26a7bba

SHA256
7a0e16289451df32f65f7c3456cbbfb219192252211e1104adf9aaf5784d9ae7

SHA512
c3ba3224033becb9df116e97af9ef1dc7922064bc00473e9f65bb40d12846100bd9ffc29dc1070b4d6754868fedca98e8c1807d9d42c5a180ab4629ddc88c4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe

Filesize
192KB

MD5
2f343fc27e6988a70bcb131e845a4954

SHA1
d8bb753a972cf5b8defffa798d62fbb187da0a5b

SHA256
457398499137239c33f5c943ea234a4457c16d0b33dc95285741d6639a3fc278

SHA512
3ef7a8eee447c071c9c947210dbf497360b2d8cfae6b603031b804bbb49e83078ecf9aaa5b33163bb321e0cda5fcc2deb817b70db79173a3ae938210612f7ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe

Filesize
192KB

MD5
ae92d1369b274ea7e0167d271d9295f9

SHA1
a9a44d8a3c3e714d2c05def4a5b0b1c71146cf5a

SHA256
cea3225a5b7d74b97c014d4a58dc16d59cbfbd0b45cc209d2179ca8eef0d3ea4

SHA512
3d433ed50f8c83f565d01e80e19ad5eda96cee4e1996fc971c658048df197a4ac8e243a907e4dfc498b455b0fe9ce2b667a3c63728045916bac878b4d066167c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe

Filesize
192KB

MD5
e2223dbddc567ccff92c4ee0efdcc258

SHA1
ebe14df9f74ed926868f914f2b7ef1ed99a1ffe7

SHA256
b5411ebfda95b612c7175625a385dbfd9245d3c23e2b81253ca5d4eaa3a1ae0b

SHA512
f6fcc4bc2903e025ea195583077c94f64b735aaaf9fda36e78040d4bb36d2189666c28cff07d007a57d4f3616a8c48c47a37908f5cd3ca76f72da2a663096dc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe

Filesize
192KB

MD5
689f345749c5130231f6c01f398dfb59

SHA1
225f3e3cbcc414d972cdf522389ee179cda08308

SHA256
d1e748233354288f02253b8135a443d9ae31ae2319cbea866ca248dec96411f0

SHA512
1bf6b707d5be0e0f96bd3100170ae3c7a82eb9ec0513467910b7b633b29865387836e255de9241649aad1ba58fb6690cbc065f02593ce08fd53fb14a588f230e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe

Filesize
192KB

MD5
ab0a7bab5f42e5289ea4f0a4c8d08d64

SHA1
de1f000386f6fb582053ee4158626bc80fa5f71a

SHA256
dae599dca44a54611c3fdc05ea3146ecca6c3d2357369d9ceee82f9f9b4dc479

SHA512
4d4ecbab82c51e436225c44317b6ae939c63a6e0db48cf2b353088b1c2508b678e1a3a0719e96ad6a8dc2da1a9f6b95f435a4f00ed2f57b88594d1d166220ad1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe

Filesize
192KB

MD5
dbb584b310364e8222150ea309d7935b

SHA1
e9206041ca399f717dc2302107e7aa3367e1f1cd

SHA256
8a0e88a7202979fe3d850f69bf1a12cf0704009dbe12cad3a563a06876a354bd

SHA512
c9131e95444eac28838fe535a9c20d4b2bfab9a83a4056493025b90c4c8c27bd500d80863cc21f67d60d19761ab704a9e5616a8dc5229ca65ad509e79a673604

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe

Filesize
192KB

MD5
c5e677ca2d428f29106d8c74c9003b34

SHA1
027dc2e046cede90f6e0a93305a3bfa735e4e84b

SHA256
d6d55a720d5910dd47b2b4cdc8fb16e475fb1ccf72394e00319f9747dfe4faaa

SHA512
dcef4f36cc0cedc5b97d0bc6ef35cd700f95f0a8a5d365fcba5628f935969db3d845cf69b0340d71f830731a41a4c2f1196b2d27f8339f2e11cec6aef9be8e06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe

Filesize
192KB

MD5
144d452baa1191fac72733482c353286

SHA1
b2c30ee163c777fd6af0fa70612edda1050a0fdd

SHA256
8781dd108c92ee4d06e9c50c19b0f791fbed50e6002ae050890f11549e59c1d1

SHA512
f87dceee1298495d305d4a641a308399a16a6e6328693e783ef741a7568986933ec6f43e01527e8104319fa9ff6506c6c09a27a5658359b12863f4393077fc4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe

Filesize
192KB

MD5
2f4c46e04b9b6b293501c6785a5d4c75

SHA1
1f2de5b3ed1955fa6c2086b207dbe53404e3de18

SHA256
1f8dff4b32f12f1d6dcc97196248206ce552e343d990fcd77976d69a902975d4

SHA512
d3f9a9be2f0b072b2cbc610e1bed475ce63e89303739759a42264440619c3ba35eeb389074861df12ae15abe88079f38ac5e0d17d2077c35f80a66932f6ba483

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe

Filesize
192KB

MD5
4bf735ff635230be046318e740e05e77

SHA1
e85003aa8382ba18a8ae917203bad6bc35e20f06

SHA256
3ad315a654e2bb0a72605b3f0de103dd7378cafe27e5106218d1eea5631fc2ed

SHA512
2fece18a9656074fb2e62473c527c9aee9047578187e2de9d39605daec44a9f3fc7f4ecc45625a24f5499d7dc7615de578196fb93fa8ff9906863bf0c0e2fef9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe

Filesize
192KB

MD5
c7b30cf986045deb1e339c2963658cda

SHA1
4649e5ed03eaa2633791106bdb5fea6a7c507955

SHA256
fa028294eec9554361c347c911f485ef6faf48e23b8ad65591cca0053465b8fd

SHA512
88ff7472f6d21504760b0f3a3053fb44dfadf84bd2d1a31d851de119a8cf4c7e67555fc25ce95475b9cd269ed0357dc47761064d26bcb66fde651bf62eaa4765

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads