Analysis
-
max time kernel
31s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-04-2024 19:55
Static task
static1
Behavioral task
behavioral1
Sample
c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe
-
Size
184KB
-
MD5
c15b798611f56e4d9516ce76368f239b
-
SHA1
fa6f6a7b971fd00667a482c302b83aac5f454e9e
-
SHA256
3b82118495e581b5acb7d7b598f139289126dfa00c3c001e18221cb5b884d546
-
SHA512
ab4ed1bdd6795d17968d6bb43af5bc7bb8badb3cd1518f66e4e8c01d731ba7a37c12ff5788b3cf7294494585e10150d7e8899de6ff2b676f125f161c26cc5c46
-
SSDEEP
3072:SIHroei9jlwQmKjL8UmOrJcwlLLMaPYsKgxlFW5CNlHtpF7:SILoHmQm88XOrJpwYfNlHtpF
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2380 Unicorn-14782.exe 2732 Unicorn-28151.exe 2996 Unicorn-4201.exe 2592 Unicorn-1591.exe 2692 Unicorn-16536.exe 2464 Unicorn-36402.exe 2516 Unicorn-36485.exe 2948 Unicorn-18011.exe 1512 Unicorn-52821.exe 2480 Unicorn-24787.exe 2536 Unicorn-55514.exe 1524 Unicorn-29469.exe 2768 Unicorn-5519.exe 2316 Unicorn-688.exe 1204 Unicorn-32737.exe 2096 Unicorn-21877.exe 1628 Unicorn-44435.exe 2068 Unicorn-3402.exe 580 Unicorn-18347.exe 948 Unicorn-60278.exe 2412 Unicorn-19246.exe 832 Unicorn-21938.exe 1928 Unicorn-11077.exe 1368 Unicorn-43126.exe 2240 Unicorn-52686.exe 912 Unicorn-34212.exe 2908 Unicorn-6178.exe 2916 Unicorn-23906.exe 1656 Unicorn-46464.exe 2960 Unicorn-26598.exe 2280 Unicorn-11653.exe 2044 Unicorn-57325.exe 2120 Unicorn-21431.exe 2576 Unicorn-48073.exe 2640 Unicorn-28207.exe 1444 Unicorn-14585.exe 2560 Unicorn-50787.exe 2496 Unicorn-63039.exe 2608 Unicorn-63039.exe 2288 Unicorn-30175.exe 2656 Unicorn-57372.exe 2512 Unicorn-3.exe 2924 Unicorn-5478.exe 2808 Unicorn-6033.exe 2832 Unicorn-25899.exe 2792 Unicorn-52541.exe 2936 Unicorn-52541.exe 1092 Unicorn-35389.exe 2492 Unicorn-55255.exe 2500 Unicorn-51726.exe 2508 Unicorn-16915.exe 2428 Unicorn-6054.exe 2744 Unicorn-36781.exe 2872 Unicorn-25297.exe 324 Unicorn-21767.exe 1992 Unicorn-27243.exe 1488 Unicorn-9344.exe 2592 Unicorn-23028.exe 2408 Unicorn-59230.exe 1828 Unicorn-50247.exe 2224 Unicorn-59806.exe 904 Unicorn-52193.exe 2900 Unicorn-2437.exe 2968 Unicorn-2437.exe -
Loads dropped DLL 64 IoCs
pid Process 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 2380 Unicorn-14782.exe 2380 Unicorn-14782.exe 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 2732 Unicorn-28151.exe 2732 Unicorn-28151.exe 2380 Unicorn-14782.exe 2380 Unicorn-14782.exe 2996 Unicorn-4201.exe 2996 Unicorn-4201.exe 2692 Unicorn-16536.exe 2692 Unicorn-16536.exe 2464 Unicorn-36402.exe 2464 Unicorn-36402.exe 2592 Unicorn-1591.exe 2592 Unicorn-1591.exe 2732 Unicorn-28151.exe 2732 Unicorn-28151.exe 2996 Unicorn-4201.exe 2996 Unicorn-4201.exe 2516 Unicorn-36485.exe 2516 Unicorn-36485.exe 2692 Unicorn-16536.exe 2692 Unicorn-16536.exe 1512 Unicorn-52821.exe 1512 Unicorn-52821.exe 2592 Unicorn-1591.exe 2592 Unicorn-1591.exe 2480 Unicorn-24787.exe 2480 Unicorn-24787.exe 2536 Unicorn-55514.exe 2536 Unicorn-55514.exe 2948 Unicorn-18011.exe 2948 Unicorn-18011.exe 2464 Unicorn-36402.exe 2464 Unicorn-36402.exe 2768 Unicorn-5519.exe 2768 Unicorn-5519.exe 1524 Unicorn-29469.exe 1524 Unicorn-29469.exe 2516 Unicorn-36485.exe 2516 Unicorn-36485.exe 2316 Unicorn-688.exe 2316 Unicorn-688.exe 1512 Unicorn-52821.exe 1512 Unicorn-52821.exe 1204 Unicorn-32737.exe 1204 Unicorn-32737.exe 1628 Unicorn-44435.exe 1628 Unicorn-44435.exe 2536 Unicorn-55514.exe 2536 Unicorn-55514.exe 2096 Unicorn-21877.exe 2096 Unicorn-21877.exe 2068 Unicorn-3402.exe 2068 Unicorn-3402.exe 2480 Unicorn-24787.exe 2480 Unicorn-24787.exe 580 Unicorn-18347.exe 2948 Unicorn-18011.exe 580 Unicorn-18347.exe 2948 Unicorn-18011.exe -
Suspicious use of SetWindowsHookEx 62 IoCs
pid Process 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 2380 Unicorn-14782.exe 2732 Unicorn-28151.exe 2996 Unicorn-4201.exe 2692 Unicorn-16536.exe 2592 Unicorn-1591.exe 2464 Unicorn-36402.exe 2516 Unicorn-36485.exe 2948 Unicorn-18011.exe 1512 Unicorn-52821.exe 2480 Unicorn-24787.exe 2536 Unicorn-55514.exe 2768 Unicorn-5519.exe 1524 Unicorn-29469.exe 2316 Unicorn-688.exe 1204 Unicorn-32737.exe 1628 Unicorn-44435.exe 2096 Unicorn-21877.exe 2068 Unicorn-3402.exe 580 Unicorn-18347.exe 948 Unicorn-60278.exe 2412 Unicorn-19246.exe 832 Unicorn-21938.exe 1928 Unicorn-11077.exe 1368 Unicorn-43126.exe 2240 Unicorn-52686.exe 912 Unicorn-34212.exe 2960 Unicorn-26598.exe 2908 Unicorn-6178.exe 2280 Unicorn-11653.exe 1656 Unicorn-46464.exe 2916 Unicorn-23906.exe 2044 Unicorn-57325.exe 2120 Unicorn-21431.exe 2576 Unicorn-48073.exe 2640 Unicorn-28207.exe 1444 Unicorn-14585.exe 2560 Unicorn-50787.exe 2608 Unicorn-63039.exe 2496 Unicorn-63039.exe 2656 Unicorn-57372.exe 2288 Unicorn-30175.exe 2512 Unicorn-3.exe 2924 Unicorn-5478.exe 2792 Unicorn-52541.exe 2832 Unicorn-25899.exe 2808 Unicorn-6033.exe 2936 Unicorn-52541.exe 2492 Unicorn-55255.exe 1092 Unicorn-35389.exe 2744 Unicorn-36781.exe 2428 Unicorn-6054.exe 2500 Unicorn-51726.exe 2508 Unicorn-16915.exe 324 Unicorn-21767.exe 2872 Unicorn-25297.exe 1992 Unicorn-27243.exe 1488 Unicorn-9344.exe 2408 Unicorn-59230.exe 2592 Unicorn-23028.exe 2900 Unicorn-2437.exe 2224 Unicorn-59806.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2844 wrote to memory of 2380 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 28 PID 2844 wrote to memory of 2380 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 28 PID 2844 wrote to memory of 2380 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 28 PID 2844 wrote to memory of 2380 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 28 PID 2380 wrote to memory of 2732 2380 Unicorn-14782.exe 29 PID 2380 wrote to memory of 2732 2380 Unicorn-14782.exe 29 PID 2380 wrote to memory of 2732 2380 Unicorn-14782.exe 29 PID 2380 wrote to memory of 2732 2380 Unicorn-14782.exe 29 PID 2844 wrote to memory of 2996 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 30 PID 2844 wrote to memory of 2996 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 30 PID 2844 wrote to memory of 2996 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 30 PID 2844 wrote to memory of 2996 2844 c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe 30 PID 2732 wrote to memory of 2592 2732 Unicorn-28151.exe 31 PID 2732 wrote to memory of 2592 2732 Unicorn-28151.exe 31 PID 2732 wrote to memory of 2592 2732 Unicorn-28151.exe 31 PID 2732 wrote to memory of 2592 2732 Unicorn-28151.exe 31 PID 2380 wrote to memory of 2692 2380 Unicorn-14782.exe 32 PID 2380 wrote to memory of 2692 2380 Unicorn-14782.exe 32 PID 2380 wrote to memory of 2692 2380 Unicorn-14782.exe 32 PID 2380 wrote to memory of 2692 2380 Unicorn-14782.exe 32 PID 2996 wrote to memory of 2464 2996 Unicorn-4201.exe 33 PID 2996 wrote to memory of 2464 2996 Unicorn-4201.exe 33 PID 2996 wrote to memory of 2464 2996 Unicorn-4201.exe 33 PID 2996 wrote to memory of 2464 2996 Unicorn-4201.exe 33 PID 2692 wrote to memory of 2516 2692 Unicorn-16536.exe 34 PID 2692 wrote to memory of 2516 2692 Unicorn-16536.exe 34 PID 2692 wrote to memory of 2516 2692 Unicorn-16536.exe 34 PID 2692 wrote to memory of 2516 2692 Unicorn-16536.exe 34 PID 2464 wrote to memory of 2948 2464 Unicorn-36402.exe 35 PID 2464 wrote to memory of 2948 2464 Unicorn-36402.exe 35 PID 2464 wrote to memory of 2948 2464 Unicorn-36402.exe 35 PID 2464 wrote to memory of 2948 2464 Unicorn-36402.exe 35 PID 2592 wrote to memory of 1512 2592 Unicorn-1591.exe 36 PID 2592 wrote to memory of 1512 2592 Unicorn-1591.exe 36 PID 2592 wrote to memory of 1512 2592 Unicorn-1591.exe 36 PID 2592 wrote to memory of 1512 2592 Unicorn-1591.exe 36 PID 2732 wrote to memory of 2480 2732 Unicorn-28151.exe 37 PID 2732 wrote to memory of 2480 2732 Unicorn-28151.exe 37 PID 2732 wrote to memory of 2480 2732 Unicorn-28151.exe 37 PID 2732 wrote to memory of 2480 2732 Unicorn-28151.exe 37 PID 2996 wrote to memory of 2536 2996 Unicorn-4201.exe 38 PID 2996 wrote to memory of 2536 2996 Unicorn-4201.exe 38 PID 2996 wrote to memory of 2536 2996 Unicorn-4201.exe 38 PID 2996 wrote to memory of 2536 2996 Unicorn-4201.exe 38 PID 2516 wrote to memory of 1524 2516 Unicorn-36485.exe 39 PID 2516 wrote to memory of 1524 2516 Unicorn-36485.exe 39 PID 2516 wrote to memory of 1524 2516 Unicorn-36485.exe 39 PID 2516 wrote to memory of 1524 2516 Unicorn-36485.exe 39 PID 2692 wrote to memory of 2768 2692 Unicorn-16536.exe 40 PID 2692 wrote to memory of 2768 2692 Unicorn-16536.exe 40 PID 2692 wrote to memory of 2768 2692 Unicorn-16536.exe 40 PID 2692 wrote to memory of 2768 2692 Unicorn-16536.exe 40 PID 1512 wrote to memory of 2316 1512 Unicorn-52821.exe 41 PID 1512 wrote to memory of 2316 1512 Unicorn-52821.exe 41 PID 1512 wrote to memory of 2316 1512 Unicorn-52821.exe 41 PID 1512 wrote to memory of 2316 1512 Unicorn-52821.exe 41 PID 2592 wrote to memory of 1204 2592 Unicorn-1591.exe 42 PID 2592 wrote to memory of 1204 2592 Unicorn-1591.exe 42 PID 2592 wrote to memory of 1204 2592 Unicorn-1591.exe 42 PID 2592 wrote to memory of 1204 2592 Unicorn-1591.exe 42 PID 2480 wrote to memory of 2096 2480 Unicorn-24787.exe 43 PID 2480 wrote to memory of 2096 2480 Unicorn-24787.exe 43 PID 2480 wrote to memory of 2096 2480 Unicorn-24787.exe 43 PID 2480 wrote to memory of 2096 2480 Unicorn-24787.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2316 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe10⤵PID:3032
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe8⤵PID:2388
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe9⤵PID:2676
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe8⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe9⤵PID:2888
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1204 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe7⤵PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe7⤵PID:2536
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe8⤵PID:2356
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe7⤵PID:2852
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe7⤵PID:2800
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1524 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe7⤵PID:2148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe8⤵PID:1060
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:832 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe7⤵PID:1912
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2768 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe8⤵PID:2932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe9⤵PID:2940
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe7⤵PID:2460
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe7⤵PID:2728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe8⤵PID:2848
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe7⤵PID:1784
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2948 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe8⤵
- Executes dropped EXE
PID:2968 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe9⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe10⤵PID:2788
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe7⤵PID:836
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe7⤵PID:2684
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe7⤵PID:2740
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe6⤵PID:2136
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:580 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe8⤵PID:2528
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe6⤵
- Executes dropped EXE
PID:904 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe7⤵PID:3048
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe6⤵PID:2108
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe8⤵PID:2064
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe6⤵
- Executes dropped EXE
PID:1828
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe6⤵PID:1080
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe6⤵PID:876
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe5⤵PID:2372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe6⤵PID:2996
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe7⤵PID:588
-
-
-
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5cbba7335cf29159deaa9bd2208901c66
SHA1f53cdf4945d204869e7db466d3c48e2fba922ebc
SHA256c345b7c6241e4fd38527d1d63689d62f47dc29ba33ac526f2d0686738ebfccd6
SHA5129beb823e12cdb900dd68ee5655dfcefc6ecba3aeb9399837349d476898fdd977b09e23e68454c2ab93d3f04aed06e90430f8900067c4d7c850942f7df3ddf773
-
Filesize
184KB
MD5a363979aeffd4c85c91247b97c623d87
SHA17ec57bf3c56f4cfccd18445716d680278c7876b7
SHA2566926fac434c71e022253c7666c35f9196178816f67232bae4d0039b18ba3cd8e
SHA5120f483c2bfb4f9550d69a337fa9b397c1b4e7dc81835df4517fc200370344006684dcd4a1432c6f95b79e6d4c6886b8d8ba5446e8f240b9b417f0dad82bff1919
-
Filesize
184KB
MD5b2ec8e680f4be10c4925b433ce087068
SHA14b7c82f5111bde0f2e93e54d3718905860268df9
SHA256bbc66fe48e0473c73d75769e18f9c7f613388e11544d017adac225cafda0eb12
SHA5123d5a2c82009dede916e17002bb330b19cf066d74e3d4d031ccc4c97520c6d589ac31f6aabaa9a28cd4f3fa834f54634734e46a26d7e42673a0ab6df9b350d924
-
Filesize
184KB
MD5d219019e45e9bc37ca58b7c941e1a18d
SHA1e4519e4eb7d43a04e57f9a19e8061a71a1a74739
SHA25603ada96d1b18238a641f6dfab6ebc1a4584300d3b1085bbdda6ba607ed569d29
SHA512d0936e65af95633b809364979d585c61b66e2573a403bb962f04f1088927a35b163a24ab2e721900daca0536733b62691983bd7b0bdfd11fce05c790846f2220
-
Filesize
184KB
MD53f2ae456863b4b25fe56ed71c993eb71
SHA130a07a7ea0555181e8dd3641d3762f2f287ae202
SHA25640dca4217bd00700761df63f113d46d37e7aa51c2559fa6540d0f8ceb2d5828c
SHA51296b6aa73287aaffb9444aa6ba033483a96a5d96b64b2884dc0305cba84d87e38471417c7ebe3cba5141cd8d574fbd377000840ba5cac55365984f3de9a8f2962
-
Filesize
184KB
MD52d74f1d6229473a350d6a334c4852c4d
SHA13767ced636aba8199595c253fd8e8535802c4f2d
SHA256bd79cc73dfc12865229e6db2c73664b809220d05645a11cc649a8b2ad528221c
SHA512f55e6c4c4437b9ab1c51c186b74a798ec802a49a1f4aa4a49f835316ed8a3aa82fdcc9f7fb85de1669a2a57c8e8d1ed7ad565697de37372613b79cdb5726264b
-
Filesize
184KB
MD53b145221603c92b7b6adac92b1b581fc
SHA12d521998cdf6bcbb82b5b6a251d94b61667624c2
SHA256382069b8c74a73c883cd89ae2745bc485fd37864037daa438439d1a30aa1683a
SHA5126913771351fdc7f7c8acf984f5541d6c3abab5b12f14d13c0c1f96dc6c18b2a83ce706712a4478c01602bace455a41a6a7f75f323f64c6cd12f2e036f0e5a2d9
-
Filesize
184KB
MD55bd1800dca97da8d8d676cda8bf30168
SHA1877de2196f3cc973bec3fe45f5f79ee5a99c1435
SHA256116a0a6ca76b2b0b4f37c985941c739ac2f30d85063f3afe53e53760df486fba
SHA512525f0f1604c1056484a909f22d8376554823722918511cf8032a16a8bf3f4d413f42b9747970493056b1c208c041536a37743e011d45f67f2e4cada166be8982
-
Filesize
184KB
MD5ffc0e97b4ae93bd8c282e38aac5119ed
SHA14ad9312e02ea6cdfafeba068d184d1b04513a830
SHA2561ca0a1211fb1cf967edfb8af9f000d9f0eb5fd3c379999b4297edf81f23342da
SHA512f6bccdc0d02500ac14ebe24513445d0e47ed3f14115873a791828001903a0633624bb53b086eccd0e697f49c345799fc563db79fc7b81eb0d817f92f71125daa
-
Filesize
184KB
MD5801904bddbaa0b8822a7a7109855245b
SHA19be88cd32a39493bed362b4b38f22fdca07e419d
SHA2568bd6fa0f40f31b2fb27d5c7b032a66448fcd5eab760d884d43232a0c47118b19
SHA512d06e9e52a95b056903b906b99ceb4d8a5ed760e03595a863218d0874a60ec7833a998b969ba4be48e5c47688b8aa1e045ea45f128c9e8fc6a650d9bdcae3d333
-
Filesize
184KB
MD5eb252dda980d1e0f2b8261b7442c0b9c
SHA108469b0641ce6530211213ed4438e40a902a9203
SHA2560115941391145579449d531eae986fc2101d3f9b47de932aae3dd4ca3dbbd122
SHA5129a2aa0888eed8c338587fd0f178e6d38f738abb74db9098ddaa7553098c159f1c9d495037ef8e932421be56d79dda739da09a709c0038157122923679cc7cd71
-
Filesize
184KB
MD59fe0d9a6d8ca2e6c2ed04f3f51e25e9c
SHA184b77be7950778fd67b768a84dd0e0dd20d40d2e
SHA256576a4deb3b76d457052263208eafc5314feb53d7510dbf0694358c9161ecb642
SHA512f56b31bfbbafe88e1f245bd9d742569408ab89e147437b9c5e168be19c2b12004cf440b288dae67e951f52130a660c3e753c57ecfe480fe77be0bdfc385ae2c4
-
Filesize
184KB
MD5a78911ae5031240af071d450470634ce
SHA18c3041663b9e9cfa3df26f23d9522950567f3d00
SHA256cff8528fafa9ac00eb30dfe2e238e99e8c95714065c4abd36028c521b0b7d518
SHA512717b260c10cc0dbd568e1f9308a2b8c613bd652b26fe67ff5ee348b2965bab484c0287c4fc75882812b21c70b1e02dd38bc6276fb74b143ce2ff48ddc490156d
-
Filesize
184KB
MD5a4be8fc38510b04d75408ae1ca305fc3
SHA1c9e10a2845c9370c0c946a9a5374bf552e692e56
SHA256293719cfe311900cf8db1e91df47fa03d223c29b3fb64bc9ae88dac80ec1e608
SHA512913e24318732e5f806577d8fdf8208d0be62b522509798323b31182ae1383788cf3cb05ceffe50a05b111269a84396171bb4d9594ab0f3ceb01ff21a1f8dd09f
-
Filesize
184KB
MD5071e094b849768921b17605acff69e4a
SHA1fb7df8e8b3894b61b1e69fad8cfa343897115e00
SHA256d16faafc249551b98ef6569894133973f6fee1083a8ea7b675e0bb798acd81c9
SHA5127fdae5624ef7e08d5f6c7c235885c33d0e7c53b2af4f658b60cc10391e4755f72931b936ae7a1ad82234823de57abde855d46d1f21c575dcd2562ca0847056c2
-
Filesize
184KB
MD5436ff16c20bfb9e782b2d7e6ea2067e4
SHA14738d611f5510000ade4f435b8415750b3145ca0
SHA2560d353a5096001c493b1ed62ca840a9680f0096a93d49f47383c84850a7dc997e
SHA512edda03050bf95c5cd8636c7cd6ee76934bb746d6df453cd698d49b04df3c8a742ab6ca6147120a772ab1ed37a94f947f84e236a4af08f8338bc6e43119920729
-
Filesize
184KB
MD56bf04cc3382520afa7fd98f2d985a6eb
SHA139d9c03b01d65d1a1dbf00133bb2507b064e8614
SHA25658ab866ca9951a6042242236da18875256a94fad8d6925758aed80d9c7876160
SHA5127adcd28e2a96d0b4ab5af49301680ff66a285e71e0a1771beaaf6fcbcf4190ac1820e5cbc2e121755df6bd9f543f8ba2e59c146679ab6d46b9132fa8df29f137
-
Filesize
184KB
MD5d47d3d55333182b453497326972a6439
SHA13f6b0dbd1d1994132065925003456e54e42d3ff2
SHA256baeb25ac2137eafc147928fd9c7d717812c56241ff10623387a75e5ccd0dc7c4
SHA512302618d708f3f2d83b9b63ce25f428a8a0a42689c808cff025be2f0d301580073c37b11a37af16802dca80b76be4e221d8dd9e4c70d7928beea0dd7384cce9cd