Analysis

  • max time kernel
    31s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-04-2024 19:55

General

  • Target

    c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe

  • Size

    184KB

  • MD5

    c15b798611f56e4d9516ce76368f239b

  • SHA1

    fa6f6a7b971fd00667a482c302b83aac5f454e9e

  • SHA256

    3b82118495e581b5acb7d7b598f139289126dfa00c3c001e18221cb5b884d546

  • SHA512

    ab4ed1bdd6795d17968d6bb43af5bc7bb8badb3cd1518f66e4e8c01d731ba7a37c12ff5788b3cf7294494585e10150d7e8899de6ff2b676f125f161c26cc5c46

  • SSDEEP

    3072:SIHroei9jlwQmKjL8UmOrJcwlLLMaPYsKgxlFW5CNlHtpF7:SILoHmQm88XOrJpwYfNlHtpF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Suspicious use of SetWindowsHookEx 62 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c15b798611f56e4d9516ce76368f239b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe
          C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2592
          • C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
            C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1512
            • C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
              C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:2316
              • C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
                C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:1928
                • C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
                  C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:2496
                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
                    C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
                    9⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1488
                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
                      C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
                      10⤵
                        PID:3032
                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
                    C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
                    8⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:2592
                • C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
                  C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
                  7⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:2656
                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
                    C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
                    8⤵
                      PID:2388
                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
                        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
                        9⤵
                          PID:2676
                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
                    C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1368
                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
                      C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
                      7⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:2608
                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
                        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
                        8⤵
                          PID:2812
                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
                            C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
                            9⤵
                              PID:2888
                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
                      C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
                      5⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:1204
                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
                        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
                        6⤵
                        • Executes dropped EXE
                        • Suspicious use of SetWindowsHookEx
                        PID:2240
                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
                          C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
                          7⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:2924
                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
                            C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
                            8⤵
                            • Executes dropped EXE
                            • Suspicious use of SetWindowsHookEx
                            PID:2900
                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
                          C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
                          7⤵
                            PID:1768
                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
                          C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
                          6⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:2808
                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
                            C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
                            7⤵
                              PID:2536
                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
                        C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
                        4⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:2480
                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
                          C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
                          5⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          PID:2096
                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
                            C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
                            6⤵
                            • Executes dropped EXE
                            • Suspicious use of SetWindowsHookEx
                            PID:2916
                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
                              C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
                              7⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:2936
                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
                                C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
                                8⤵
                                  PID:2356
                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
                              C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
                              6⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:1092
                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
                                C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
                                7⤵
                                  PID:2852
                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
                              C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
                              5⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:2960
                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
                                C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
                                6⤵
                                • Executes dropped EXE
                                • Suspicious use of SetWindowsHookEx
                                PID:2832
                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
                                  7⤵
                                    PID:2800
                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
                            C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
                            3⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of SetWindowsHookEx
                            • Suspicious use of WriteProcessMemory
                            PID:2692
                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
                              C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
                              4⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious use of SetWindowsHookEx
                              • Suspicious use of WriteProcessMemory
                              PID:2516
                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
                                C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
                                5⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Suspicious use of SetWindowsHookEx
                                PID:1524
                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
                                  6⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2412
                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
                                    7⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetWindowsHookEx
                                    PID:2576
                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
                                  6⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:1444
                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
                                    7⤵
                                      PID:2148
                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
                                        8⤵
                                          PID:1060
                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
                                    5⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetWindowsHookEx
                                    PID:832
                                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
                                      C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
                                      6⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2560
                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
                                        7⤵
                                          PID:1912
                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Suspicious use of SetWindowsHookEx
                                    PID:2768
                                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
                                      C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
                                      5⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetWindowsHookEx
                                      PID:948
                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
                                        6⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2120
                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
                                          7⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2872
                                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
                                            C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
                                            8⤵
                                              PID:2932
                                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
                                                C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
                                                9⤵
                                                  PID:2940
                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
                                              7⤵
                                                PID:2460
                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
                                              6⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetWindowsHookEx
                                              PID:324
                                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
                                                C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
                                                7⤵
                                                  PID:2728
                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
                                                    8⤵
                                                      PID:2848
                                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
                                                C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
                                                5⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2640
                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
                                                  6⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:1992
                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
                                                    7⤵
                                                      PID:1784
                                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
                                            C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
                                            2⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Suspicious use of SetWindowsHookEx
                                            • Suspicious use of WriteProcessMemory
                                            PID:2996
                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
                                              3⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Suspicious use of SetWindowsHookEx
                                              • Suspicious use of WriteProcessMemory
                                              PID:2464
                                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
                                                C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
                                                4⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2948
                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
                                                  5⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2068
                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
                                                    6⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:1656
                                                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
                                                      C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
                                                      7⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2428
                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
                                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
                                                        8⤵
                                                        • Executes dropped EXE
                                                        PID:2968
                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
                                                          9⤵
                                                            PID:2664
                                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
                                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
                                                              10⤵
                                                                PID:2788
                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
                                                          7⤵
                                                            PID:836
                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
                                                          6⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:2508
                                                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
                                                            C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
                                                            7⤵
                                                              PID:2684
                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:2044
                                                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
                                                            C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
                                                            6⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2792
                                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
                                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
                                                              7⤵
                                                                PID:2740
                                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
                                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
                                                              6⤵
                                                                PID:2136
                                                          • C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
                                                            C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:580
                                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
                                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:2280
                                                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
                                                                C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
                                                                6⤵
                                                                • Executes dropped EXE
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2492
                                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
                                                                  7⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:2224
                                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
                                                                    8⤵
                                                                      PID:2528
                                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
                                                                  6⤵
                                                                  • Executes dropped EXE
                                                                  PID:904
                                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
                                                                    7⤵
                                                                      PID:3048
                                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:2500
                                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
                                                                    6⤵
                                                                      PID:2108
                                                              • C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
                                                                C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2536
                                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:1628
                                                                  • C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:912
                                                                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
                                                                      6⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2288
                                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
                                                                        7⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2408
                                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
                                                                          8⤵
                                                                            PID:2064
                                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
                                                                        6⤵
                                                                        • Executes dropped EXE
                                                                        PID:1828
                                                                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
                                                                      5⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2512
                                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
                                                                        6⤵
                                                                          PID:1080
                                                                    • C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2908
                                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2744
                                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
                                                                          6⤵
                                                                            PID:876
                                                                        • C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\Unicorn-58799.exe
                                                                          5⤵
                                                                            PID:2372
                                                                            • C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
                                                                              C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
                                                                              6⤵
                                                                                PID:2996
                                                                                • C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
                                                                                  C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
                                                                                  7⤵
                                                                                    PID:588

                                                                      Network

                                                                      MITRE ATT&CK Matrix

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        cbba7335cf29159deaa9bd2208901c66

                                                                        SHA1

                                                                        f53cdf4945d204869e7db466d3c48e2fba922ebc

                                                                        SHA256

                                                                        c345b7c6241e4fd38527d1d63689d62f47dc29ba33ac526f2d0686738ebfccd6

                                                                        SHA512

                                                                        9beb823e12cdb900dd68ee5655dfcefc6ecba3aeb9399837349d476898fdd977b09e23e68454c2ab93d3f04aed06e90430f8900067c4d7c850942f7df3ddf773

                                                                      • C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        a363979aeffd4c85c91247b97c623d87

                                                                        SHA1

                                                                        7ec57bf3c56f4cfccd18445716d680278c7876b7

                                                                        SHA256

                                                                        6926fac434c71e022253c7666c35f9196178816f67232bae4d0039b18ba3cd8e

                                                                        SHA512

                                                                        0f483c2bfb4f9550d69a337fa9b397c1b4e7dc81835df4517fc200370344006684dcd4a1432c6f95b79e6d4c6886b8d8ba5446e8f240b9b417f0dad82bff1919

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-14782.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        b2ec8e680f4be10c4925b433ce087068

                                                                        SHA1

                                                                        4b7c82f5111bde0f2e93e54d3718905860268df9

                                                                        SHA256

                                                                        bbc66fe48e0473c73d75769e18f9c7f613388e11544d017adac225cafda0eb12

                                                                        SHA512

                                                                        3d5a2c82009dede916e17002bb330b19cf066d74e3d4d031ccc4c97520c6d589ac31f6aabaa9a28cd4f3fa834f54634734e46a26d7e42673a0ab6df9b350d924

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-1591.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        d219019e45e9bc37ca58b7c941e1a18d

                                                                        SHA1

                                                                        e4519e4eb7d43a04e57f9a19e8061a71a1a74739

                                                                        SHA256

                                                                        03ada96d1b18238a641f6dfab6ebc1a4584300d3b1085bbdda6ba607ed569d29

                                                                        SHA512

                                                                        d0936e65af95633b809364979d585c61b66e2573a403bb962f04f1088927a35b163a24ab2e721900daca0536733b62691983bd7b0bdfd11fce05c790846f2220

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-16536.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        3f2ae456863b4b25fe56ed71c993eb71

                                                                        SHA1

                                                                        30a07a7ea0555181e8dd3641d3762f2f287ae202

                                                                        SHA256

                                                                        40dca4217bd00700761df63f113d46d37e7aa51c2559fa6540d0f8ceb2d5828c

                                                                        SHA512

                                                                        96b6aa73287aaffb9444aa6ba033483a96a5d96b64b2884dc0305cba84d87e38471417c7ebe3cba5141cd8d574fbd377000840ba5cac55365984f3de9a8f2962

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-18011.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        2d74f1d6229473a350d6a334c4852c4d

                                                                        SHA1

                                                                        3767ced636aba8199595c253fd8e8535802c4f2d

                                                                        SHA256

                                                                        bd79cc73dfc12865229e6db2c73664b809220d05645a11cc649a8b2ad528221c

                                                                        SHA512

                                                                        f55e6c4c4437b9ab1c51c186b74a798ec802a49a1f4aa4a49f835316ed8a3aa82fdcc9f7fb85de1669a2a57c8e8d1ed7ad565697de37372613b79cdb5726264b

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-21877.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        3b145221603c92b7b6adac92b1b581fc

                                                                        SHA1

                                                                        2d521998cdf6bcbb82b5b6a251d94b61667624c2

                                                                        SHA256

                                                                        382069b8c74a73c883cd89ae2745bc485fd37864037daa438439d1a30aa1683a

                                                                        SHA512

                                                                        6913771351fdc7f7c8acf984f5541d6c3abab5b12f14d13c0c1f96dc6c18b2a83ce706712a4478c01602bace455a41a6a7f75f323f64c6cd12f2e036f0e5a2d9

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-28151.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        5bd1800dca97da8d8d676cda8bf30168

                                                                        SHA1

                                                                        877de2196f3cc973bec3fe45f5f79ee5a99c1435

                                                                        SHA256

                                                                        116a0a6ca76b2b0b4f37c985941c739ac2f30d85063f3afe53e53760df486fba

                                                                        SHA512

                                                                        525f0f1604c1056484a909f22d8376554823722918511cf8032a16a8bf3f4d413f42b9747970493056b1c208c041536a37743e011d45f67f2e4cada166be8982

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-29469.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        ffc0e97b4ae93bd8c282e38aac5119ed

                                                                        SHA1

                                                                        4ad9312e02ea6cdfafeba068d184d1b04513a830

                                                                        SHA256

                                                                        1ca0a1211fb1cf967edfb8af9f000d9f0eb5fd3c379999b4297edf81f23342da

                                                                        SHA512

                                                                        f6bccdc0d02500ac14ebe24513445d0e47ed3f14115873a791828001903a0633624bb53b086eccd0e697f49c345799fc563db79fc7b81eb0d817f92f71125daa

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-32737.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        801904bddbaa0b8822a7a7109855245b

                                                                        SHA1

                                                                        9be88cd32a39493bed362b4b38f22fdca07e419d

                                                                        SHA256

                                                                        8bd6fa0f40f31b2fb27d5c7b032a66448fcd5eab760d884d43232a0c47118b19

                                                                        SHA512

                                                                        d06e9e52a95b056903b906b99ceb4d8a5ed760e03595a863218d0874a60ec7833a998b969ba4be48e5c47688b8aa1e045ea45f128c9e8fc6a650d9bdcae3d333

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-3402.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        eb252dda980d1e0f2b8261b7442c0b9c

                                                                        SHA1

                                                                        08469b0641ce6530211213ed4438e40a902a9203

                                                                        SHA256

                                                                        0115941391145579449d531eae986fc2101d3f9b47de932aae3dd4ca3dbbd122

                                                                        SHA512

                                                                        9a2aa0888eed8c338587fd0f178e6d38f738abb74db9098ddaa7553098c159f1c9d495037ef8e932421be56d79dda739da09a709c0038157122923679cc7cd71

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-36402.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        9fe0d9a6d8ca2e6c2ed04f3f51e25e9c

                                                                        SHA1

                                                                        84b77be7950778fd67b768a84dd0e0dd20d40d2e

                                                                        SHA256

                                                                        576a4deb3b76d457052263208eafc5314feb53d7510dbf0694358c9161ecb642

                                                                        SHA512

                                                                        f56b31bfbbafe88e1f245bd9d742569408ab89e147437b9c5e168be19c2b12004cf440b288dae67e951f52130a660c3e753c57ecfe480fe77be0bdfc385ae2c4

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-36485.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        a78911ae5031240af071d450470634ce

                                                                        SHA1

                                                                        8c3041663b9e9cfa3df26f23d9522950567f3d00

                                                                        SHA256

                                                                        cff8528fafa9ac00eb30dfe2e238e99e8c95714065c4abd36028c521b0b7d518

                                                                        SHA512

                                                                        717b260c10cc0dbd568e1f9308a2b8c613bd652b26fe67ff5ee348b2965bab484c0287c4fc75882812b21c70b1e02dd38bc6276fb74b143ce2ff48ddc490156d

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-4201.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        a4be8fc38510b04d75408ae1ca305fc3

                                                                        SHA1

                                                                        c9e10a2845c9370c0c946a9a5374bf552e692e56

                                                                        SHA256

                                                                        293719cfe311900cf8db1e91df47fa03d223c29b3fb64bc9ae88dac80ec1e608

                                                                        SHA512

                                                                        913e24318732e5f806577d8fdf8208d0be62b522509798323b31182ae1383788cf3cb05ceffe50a05b111269a84396171bb4d9594ab0f3ceb01ff21a1f8dd09f

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-52821.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        071e094b849768921b17605acff69e4a

                                                                        SHA1

                                                                        fb7df8e8b3894b61b1e69fad8cfa343897115e00

                                                                        SHA256

                                                                        d16faafc249551b98ef6569894133973f6fee1083a8ea7b675e0bb798acd81c9

                                                                        SHA512

                                                                        7fdae5624ef7e08d5f6c7c235885c33d0e7c53b2af4f658b60cc10391e4755f72931b936ae7a1ad82234823de57abde855d46d1f21c575dcd2562ca0847056c2

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-5519.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        436ff16c20bfb9e782b2d7e6ea2067e4

                                                                        SHA1

                                                                        4738d611f5510000ade4f435b8415750b3145ca0

                                                                        SHA256

                                                                        0d353a5096001c493b1ed62ca840a9680f0096a93d49f47383c84850a7dc997e

                                                                        SHA512

                                                                        edda03050bf95c5cd8636c7cd6ee76934bb746d6df453cd698d49b04df3c8a742ab6ca6147120a772ab1ed37a94f947f84e236a4af08f8338bc6e43119920729

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-55514.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        6bf04cc3382520afa7fd98f2d985a6eb

                                                                        SHA1

                                                                        39d9c03b01d65d1a1dbf00133bb2507b064e8614

                                                                        SHA256

                                                                        58ab866ca9951a6042242236da18875256a94fad8d6925758aed80d9c7876160

                                                                        SHA512

                                                                        7adcd28e2a96d0b4ab5af49301680ff66a285e71e0a1771beaaf6fcbcf4190ac1820e5cbc2e121755df6bd9f543f8ba2e59c146679ab6d46b9132fa8df29f137

                                                                      • \Users\Admin\AppData\Local\Temp\Unicorn-688.exe

                                                                        Filesize

                                                                        184KB

                                                                        MD5

                                                                        d47d3d55333182b453497326972a6439

                                                                        SHA1

                                                                        3f6b0dbd1d1994132065925003456e54e42d3ff2

                                                                        SHA256

                                                                        baeb25ac2137eafc147928fd9c7d717812c56241ff10623387a75e5ccd0dc7c4

                                                                        SHA512

                                                                        302618d708f3f2d83b9b63ce25f428a8a0a42689c808cff025be2f0d301580073c37b11a37af16802dca80b76be4e221d8dd9e4c70d7928beea0dd7384cce9cd