7529c176a2ad4b9045e8dffe7f6be7fca6fbe1f34a15953fec603a5efcfe371c

Analysis

max time kernel
24s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
Size

192KB
MD5

c1c2db89a73d6197ec158f3d5688555f
SHA1

53d17988efaed488d8eba67041eb494cbd21dd4a
SHA256

7529c176a2ad4b9045e8dffe7f6be7fca6fbe1f34a15953fec603a5efcfe371c
SHA512

23c234712037587fa4432bfd96aef38e464af881b320d0b315c6ba60db53a9cef3144a098e81317bccc582688a61b2245263f6aaa2934761fd29c0bd88716ace
SSDEEP

3072:rZPkoAAXX5AUkbE04d66oQ8K6pSXrQ6vHy2NHx7gWqt2lVvMv:rZsolWjbOdloQ87KSSG2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 38 IoCs

pid	Process
2200	Unicorn-55475.exe
1696	Unicorn-27847.exe
2920	Unicorn-56113.exe
2784	Unicorn-40182.exe
2372	Unicorn-64686.exe
2400	Unicorn-14094.exe
2380	Unicorn-10825.exe
2428	Unicorn-30691.exe
568	Unicorn-24469.exe
572	Unicorn-31245.exe
1164	Unicorn-59279.exe
1104	Unicorn-51194.exe
1936	Unicorn-1993.exe
2592	Unicorn-33274.exe
2036	Unicorn-8023.exe
892	Unicorn-14800.exe
2864	Unicorn-31136.exe
2732	Unicorn-59170.exe
792	Unicorn-57800.exe
1524	Unicorn-42616.exe
1100	Unicorn-30918.exe
1692	Unicorn-46700.exe
112	Unicorn-1583.exe
856	Unicorn-47255.exe
1996	Unicorn-44370.exe
2924	Unicorn-23134.exe
3048	Unicorn-12273.exe
2144	Unicorn-59014.exe
2124	Unicorn-13342.exe
2892	Unicorn-17427.exe
1664	Unicorn-45392.exe
2228	Unicorn-65257.exe
2556	Unicorn-1666.exe
2584	Unicorn-45200.exe
2472	Unicorn-58843.exe
2300	Unicorn-50675.exe
2604	Unicorn-19949.exe
2608	Unicorn-61536.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
2200	Unicorn-55475.exe
2200	Unicorn-55475.exe
1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
1696	Unicorn-27847.exe
1696	Unicorn-27847.exe
2920	Unicorn-56113.exe
2920	Unicorn-56113.exe
2200	Unicorn-55475.exe
2200	Unicorn-55475.exe
1696	Unicorn-27847.exe
2784	Unicorn-40182.exe
1696	Unicorn-27847.exe
2784	Unicorn-40182.exe
2372	Unicorn-64686.exe
2372	Unicorn-64686.exe
2920	Unicorn-56113.exe
2920	Unicorn-56113.exe
2400	Unicorn-14094.exe
2400	Unicorn-14094.exe
2380	Unicorn-10825.exe
2380	Unicorn-10825.exe
2428	Unicorn-30691.exe
2428	Unicorn-30691.exe
2784	Unicorn-40182.exe
2784	Unicorn-40182.exe
568	Unicorn-24469.exe
568	Unicorn-24469.exe
2372	Unicorn-64686.exe
2372	Unicorn-64686.exe
2400	Unicorn-14094.exe
1164	Unicorn-59279.exe
1164	Unicorn-59279.exe
2400	Unicorn-14094.exe
572	Unicorn-31245.exe
572	Unicorn-31245.exe
1936	Unicorn-1993.exe
1936	Unicorn-1993.exe
2428	Unicorn-30691.exe
2428	Unicorn-30691.exe
2592	Unicorn-33274.exe
2592	Unicorn-33274.exe
2380	Unicorn-10825.exe
1104	Unicorn-51194.exe
1104	Unicorn-51194.exe
2380	Unicorn-10825.exe
892	Unicorn-14800.exe
892	Unicorn-14800.exe
1164	Unicorn-59279.exe
1164	Unicorn-59279.exe
2732	Unicorn-59170.exe
2732	Unicorn-59170.exe
792	Unicorn-57800.exe
572	Unicorn-31245.exe
572	Unicorn-31245.exe
2864	Unicorn-31136.exe
2864	Unicorn-31136.exe
792	Unicorn-57800.exe
1936	Unicorn-1993.exe
1524	Unicorn-42616.exe
1936	Unicorn-1993.exe
1524	Unicorn-42616.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
2348	2892	WerFault.exe	55
2344	2144	WerFault.exe	56
1820	792	WerFault.exe	46
896	2228	WerFault.exe	60
1888	1664	WerFault.exe	61
784	1100	WerFault.exe	48
2668	2300	WerFault.exe	66
2948	580	WerFault.exe	71
1500	2072	WerFault.exe	89
1632	2280	WerFault.exe	87
1836	2176	WerFault.exe	78

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
2200	Unicorn-55475.exe
1696	Unicorn-27847.exe
2920	Unicorn-56113.exe
2784	Unicorn-40182.exe
2372	Unicorn-64686.exe
2400	Unicorn-14094.exe
2380	Unicorn-10825.exe
2428	Unicorn-30691.exe
568	Unicorn-24469.exe
572	Unicorn-31245.exe
1164	Unicorn-59279.exe
1104	Unicorn-51194.exe
1936	Unicorn-1993.exe
2592	Unicorn-33274.exe
892	Unicorn-14800.exe
792	Unicorn-57800.exe
2864	Unicorn-31136.exe
2732	Unicorn-59170.exe
1524	Unicorn-42616.exe
1100	Unicorn-30918.exe
1692	Unicorn-46700.exe
112	Unicorn-1583.exe
856	Unicorn-47255.exe
1996	Unicorn-44370.exe
3048	Unicorn-12273.exe
2924	Unicorn-23134.exe
2124	Unicorn-13342.exe
2892	Unicorn-17427.exe
2144	Unicorn-59014.exe
1664	Unicorn-45392.exe
2228	Unicorn-65257.exe
2556	Unicorn-1666.exe
2472	Unicorn-58843.exe
2584	Unicorn-45200.exe
2604	Unicorn-19949.exe
2300	Unicorn-50675.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2200	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	28
PID 1928 wrote to memory of 2200	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	28
PID 1928 wrote to memory of 2200	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	28
PID 1928 wrote to memory of 2200	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	28
PID 2200 wrote to memory of 1696	2200	Unicorn-55475.exe	29
PID 2200 wrote to memory of 1696	2200	Unicorn-55475.exe	29
PID 2200 wrote to memory of 1696	2200	Unicorn-55475.exe	29
PID 2200 wrote to memory of 1696	2200	Unicorn-55475.exe	29
PID 1928 wrote to memory of 2920	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	30
PID 1928 wrote to memory of 2920	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	30
PID 1928 wrote to memory of 2920	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	30
PID 1928 wrote to memory of 2920	1928	c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe	30
PID 1696 wrote to memory of 2784	1696	Unicorn-27847.exe	31
PID 1696 wrote to memory of 2784	1696	Unicorn-27847.exe	31
PID 1696 wrote to memory of 2784	1696	Unicorn-27847.exe	31
PID 1696 wrote to memory of 2784	1696	Unicorn-27847.exe	31
PID 2920 wrote to memory of 2372	2920	Unicorn-56113.exe	32
PID 2920 wrote to memory of 2372	2920	Unicorn-56113.exe	32
PID 2920 wrote to memory of 2372	2920	Unicorn-56113.exe	32
PID 2920 wrote to memory of 2372	2920	Unicorn-56113.exe	32
PID 2200 wrote to memory of 2400	2200	Unicorn-55475.exe	33
PID 2200 wrote to memory of 2400	2200	Unicorn-55475.exe	33
PID 2200 wrote to memory of 2400	2200	Unicorn-55475.exe	33
PID 2200 wrote to memory of 2400	2200	Unicorn-55475.exe	33
PID 1696 wrote to memory of 2380	1696	Unicorn-27847.exe	34
PID 1696 wrote to memory of 2380	1696	Unicorn-27847.exe	34
PID 1696 wrote to memory of 2380	1696	Unicorn-27847.exe	34
PID 1696 wrote to memory of 2380	1696	Unicorn-27847.exe	34
PID 2784 wrote to memory of 2428	2784	Unicorn-40182.exe	35
PID 2784 wrote to memory of 2428	2784	Unicorn-40182.exe	35
PID 2784 wrote to memory of 2428	2784	Unicorn-40182.exe	35
PID 2784 wrote to memory of 2428	2784	Unicorn-40182.exe	35
PID 2372 wrote to memory of 568	2372	Unicorn-64686.exe	36
PID 2372 wrote to memory of 568	2372	Unicorn-64686.exe	36
PID 2372 wrote to memory of 568	2372	Unicorn-64686.exe	36
PID 2372 wrote to memory of 568	2372	Unicorn-64686.exe	36
PID 2920 wrote to memory of 572	2920	Unicorn-56113.exe	37
PID 2920 wrote to memory of 572	2920	Unicorn-56113.exe	37
PID 2920 wrote to memory of 572	2920	Unicorn-56113.exe	37
PID 2920 wrote to memory of 572	2920	Unicorn-56113.exe	37
PID 2400 wrote to memory of 1164	2400	Unicorn-14094.exe	38
PID 2400 wrote to memory of 1164	2400	Unicorn-14094.exe	38
PID 2400 wrote to memory of 1164	2400	Unicorn-14094.exe	38
PID 2400 wrote to memory of 1164	2400	Unicorn-14094.exe	38
PID 2380 wrote to memory of 1104	2380	Unicorn-10825.exe	39
PID 2380 wrote to memory of 1104	2380	Unicorn-10825.exe	39
PID 2380 wrote to memory of 1104	2380	Unicorn-10825.exe	39
PID 2380 wrote to memory of 1104	2380	Unicorn-10825.exe	39
PID 2428 wrote to memory of 1936	2428	Unicorn-30691.exe	40
PID 2428 wrote to memory of 1936	2428	Unicorn-30691.exe	40
PID 2428 wrote to memory of 1936	2428	Unicorn-30691.exe	40
PID 2428 wrote to memory of 1936	2428	Unicorn-30691.exe	40
PID 2784 wrote to memory of 2592	2784	Unicorn-40182.exe	41
PID 2784 wrote to memory of 2592	2784	Unicorn-40182.exe	41
PID 2784 wrote to memory of 2592	2784	Unicorn-40182.exe	41
PID 2784 wrote to memory of 2592	2784	Unicorn-40182.exe	41
PID 568 wrote to memory of 2036	568	Unicorn-24469.exe	42
PID 568 wrote to memory of 2036	568	Unicorn-24469.exe	42
PID 568 wrote to memory of 2036	568	Unicorn-24469.exe	42
PID 568 wrote to memory of 2036	568	Unicorn-24469.exe	42
PID 2372 wrote to memory of 892	2372	Unicorn-64686.exe	43
PID 2372 wrote to memory of 892	2372	Unicorn-64686.exe	43
PID 2372 wrote to memory of 892	2372	Unicorn-64686.exe	43
PID 2372 wrote to memory of 892	2372	Unicorn-64686.exe	43

C:\Users\Admin\AppData\Local\Temp\c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c1c2db89a73d6197ec158f3d5688555f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        9⤵
        Program crash
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        8⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 244
        9⤵
        Program crash
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        8⤵
        Program crash
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        10⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 248
        7⤵
        Program crash
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        8⤵
        Program crash
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        7⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
        6⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        7⤵
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        10⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        11⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        8⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        7⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        9⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        6⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 244
        7⤵
        Program crash
        
        PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        7⤵
        
        PID:580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 244
        8⤵
        Program crash
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        6⤵
        
        PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31136.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        8⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
        5⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        7⤵
        
        PID:1372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        5⤵
        Executes dropped EXE
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        6⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        6⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 244
        7⤵
        Program crash
        
        PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        6⤵
        Program crash
        
        PID:2348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 248
        5⤵
        Program crash
        
        PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        5⤵
        Program crash
        
        PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe

Filesize
192KB

MD5
35d44d3a0156f0ca4a19915b96462eea

SHA1
12cc809a7de49924199f618f7cad2a139eef17fa

SHA256
d0aa9ea7db2cf3de2c61aca10c58792b01f12b4ba62c58a4fd22bbcc06b18ba9

SHA512
e3d53c97ae5152e29f01102773bfdeb62ba35ea79b98b6f4a13b4cdb5cd6a29f6896a93fa0efd2aa62d1895534d21d82a2c0b7741eef4ae7199953af4ca38775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe

Filesize
192KB

MD5
802a41bb4ad1052eca10caee045bcded

SHA1
3a1277ef0f84a34209af78410e2dafc70cb9c8d2

SHA256
6b861d8a354eef6ec817b7663615d3f83268f746e2a127822a35f21507932a09

SHA512
e4cff6b174e1827a1c6c2bd65267ed00493f3719091e275750ad8b0965a7df831ea98fae19d897e1ea8cf1ee26d326767801a1178d363bd788e96703af0b3db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe

Filesize
192KB

MD5
e884fe285853458c05e38fad30db73f2

SHA1
5791c92d1f22d1ae088c537b5c1567a3b16a25c8

SHA256
e156d470070f860909a9ab2f542e6e5312e566b2df42399059a8994de7cbd3a5

SHA512
fb5ff36f97bf1f7bc66195d0d33ce9a540d01861eb2f928b954419d3b3611b8aa0acedced195b30ebd19fdbbd0ebf2222a89408ea41b7aef04fce5e7d1c7bc8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe

Filesize
192KB

MD5
5bb45637bcd3783d1eb8d6d8ddcfdbcc

SHA1
061d1483624fa3c6c24927ff877050a8970c78d4

SHA256
e15115d35cb412ee390137bc187cd2966a877645617a4b58b4421b23e602e83b

SHA512
be66a322afa7eacd1dcffc5cdd74fccc2485c0e02450b997c59383f07a7d585998ce56984d128a26a151af8c67e5ec6c8bbe8af5e7af188dabdf8bc4f65c876c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe

Filesize
192KB

MD5
43c6fc14d29d70627bac15ab63b4d111

SHA1
139b9e7ca9fea5b6bacc69eb6a0da63fc7c6604f

SHA256
2c33a09f4af496e178d451e071aaebc61eab9f10bcd417f82eef08cf85c9bc17

SHA512
916e5bd34128a4319890ff0330e439e3e7e3185121a7e420bdf9cf64c57a35db857b5dba3e92dbbc3b0ea9e5e6a8629b773767583a9bab078817a15081b6dc79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe

Filesize
192KB

MD5
2ac86ce4e4c4fd2340c0181233d36a86

SHA1
3d4fcbedef46c087f2f8b57618755fcc02bb4853

SHA256
947f34f7f65bd2365ded004a27b8129dc9d18493412bef9f3abe22790af65f9d

SHA512
4931b96c65e44915a5be897cb2d22d99cec7d6c0690563438ff7b336d29cb488b129b091fcb0dce150620232ef82856b3426561d1efa2ebea1cb3b282cd4df44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe

Filesize
192KB

MD5
59166eab75a420bea16dd4ea5b35d650

SHA1
1901d851d2c6371edc9b81308d407efee20fd4d1

SHA256
092d56c68922f5cbfbf6c66e910339e176a14c1a3cf6f2fad00d28ec73d39235

SHA512
e581a817e3a2f2872b8e86fdbb4dc5733e479a8ae6ae154e00555695ef765c1e17c5ee67ecfa96191ebd4bd7cea5ab4852ad49f58d6beedaab005ad80caf492e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe

Filesize
192KB

MD5
21912f5ff7731b88729bb4869231783b

SHA1
0f9612554c818efe38e8e39bc86fd53e55ebfaed

SHA256
4e01221b473665110fe3895e75d598b3c15d2948a51407fbc4f73fb8ddb824c1

SHA512
766bbb3b9da040d0303281d517d9943dbcb22bce15b49171260fcf0cd553440333b43f6fb84dd3d5c468d7cb064eed1e9dce5b81b5e86448a97481530915e497

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe

Filesize
192KB

MD5
4db04cc5212fc5b1887b7c7d91c34026

SHA1
b488410c783b7002580a15c85fcbe309a3af78d0

SHA256
4205f41876e8cd01587596e17bdbe1e3beeca77f4c8b8aaaeec3d7b5d063b18b

SHA512
c78ef631d44b13bbeb80f274a6cc6e66f89b6876ccfd6e43c9e0475db5a3cddeea1e7d6a6098b8752ee95f85b251afd8fbd60b810e4ec9b146e43053e7c3f8b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31136.exe

Filesize
192KB

MD5
20dc78d61a732e6a0cb116a9f58728e2

SHA1
e6aa9383ad7794d6d95c4c5636bc670eed494b0c

SHA256
9ea297d396094c5f15c0ca8f0b8dc83ac32e087a8d6bc934caa846c7172efdce

SHA512
5d4f054c39681d84420e9b6c65dc2db55ae091468971346e55f6759434f6ed52d79ff4036034cb556be8ef7fd8e277c0f1e60c5a530464702684abeb351a3aa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe

Filesize
192KB

MD5
20bb7ad79b32f31f78cbd68981f060af

SHA1
3dafee94fb12e00dece43b928723ae5d5efa38e3

SHA256
994446c13aa0f2c0881711e3d684be7143cc14d32aef91644ef8f0d604a8ed51

SHA512
64fe82f4f435e76d789689f38c4842db09b153acd2b31858f04ffc0317861c20fce767cd6d90b5f37b75e4098635821c90ef4dbe1345e2de4dc2e7254991d707

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe

Filesize
192KB

MD5
b107df57fd616e06a4fefca20b8ef5bc

SHA1
f28b3add65c7aaef3b4b7004f0d333ea482dc499

SHA256
245c097eba5d43f3c116c981026894c8a3c4d2796c2b97a1e1d673d6dd6ec0b2

SHA512
d950f2b3e56188401aa4dcaa590fdb686c0fb64df63d3cfa3de4a8163b54a79adf322da7cd561600b0364cba3618d630b6b35108218d1fa74a4d87297ee0ae77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe

Filesize
192KB

MD5
3348380d17159b0e16232e23f822d257

SHA1
0c4ae49bc626d85da47b6e5e3938ff5a3fed6804

SHA256
7fcf4f488af06a0d10bc9340f9fc8a73e6b8a159e46492dc5a8878e6fc493f77

SHA512
bad5ccbe5d0159becde89bc665cd8a0c739502328ef5d8fd5389571aa1e75f0addc1c3e96662fa491cd75afb73f1a59e3b6e18ac9bfb902f10923c413b9e6574

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe

Filesize
192KB

MD5
970a4a3f83d3fbbef6c0222f7227491f

SHA1
a6b32b1862eea8195a326ac2dab28271ce4d2620

SHA256
082cac57e8bff3993aacd03173be6402eaf83868ad2ffa8f51ddccf70b781aca

SHA512
bd408a12f8a8514a31781b4cc8ffd3912796095e18c693c18653c0b579eb883098c44cb103f306e20faf6f6479dcfe15c01b47f08671a1b1bb5e8f04a7f87d80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe

Filesize
192KB

MD5
b6233859a69a27e38fac81a54d77de53

SHA1
510dc36f3ac144e8bd09cd80f3575235a3b96bd8

SHA256
967a49bd84e9cd9eceaa7191152050e9df9f4502f7ff1b749ff165fc9feee292

SHA512
5c41713c0d817fae2ab8374e9a8c8e6eedbea979c2f9a6c7a115caca6c4118dbe47550fbd277fbf8e6595961d3065b2fa8548acdddb0bf3c5d50b311bf89ba97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe

Filesize
192KB

MD5
2369e259626bfffd42dd4a6e3f381e73

SHA1
1ebf0b073eba1596e323ec9fd0d2238238151e9c

SHA256
8a3be21ec349ed39b94491f6f7513270e3cbfdaa4742af859dc3553a2ced5c8a

SHA512
9fdd7db66c0ee4e33f2dd7ead997f6dd0d751f879539bb504bf12c4ca5f4c2c5673c5a2ceb65ff7962ac76bc61c74ed116bed4351bf46886bcda8ab7c7a7ded0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe

Filesize
192KB

MD5
c510e3647c673a0bcbef9ae485b48f15

SHA1
cb2814eb6999fd2e9749fb2d1d267ab644619174

SHA256
b4953eb9bc6759e25502721eaf5bde725aedd88c0b99eb4d59ea71719bc0b745

SHA512
fed0032efdcab80f7d4ab9cce31557e072da8b1a3ef2d4b35d5cb17ebd39f4e0aed33aad9b7934232922b3f5a16ed31f7b99e85376ba1f7d63c68843172252ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe

Filesize
192KB

MD5
940a74b3b11efc6f8f00ccfefadb07d7

SHA1
60b8f76da7bb848c2a1ef919c0c8d0dde1343355

SHA256
dd3156bb701c7d459c569fc35fa65f1285bff50ab99baeb63e80b479a77d744a

SHA512
182524026f81d40df4b3457900002305beeb839d23c7085a47f49dae96a6f908f3e2c86656f712d04d802faa9b26f87673b5ee33462423f6015fddd9944f637a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads