bd83133546f26c31276690a3b16e42db573dd5b57ab4a1c0867b91f3914a938f

Analysis

max time kernel
47s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
Size

184KB
MD5

cc9c0fb7ca519821c4c4dca620ea5745
SHA1

66de4411392b047dc73c67e0bd959ae78736add6
SHA256

bd83133546f26c31276690a3b16e42db573dd5b57ab4a1c0867b91f3914a938f
SHA512

16f40087bac1dc8996583535eea8b8b89992551b18d40f45667f118bae22ac73f5bf6927ee767a0cb0603898cf47163aeefa71b88d30abfc4cc7d75e572833c5
SSDEEP

3072:KABiok0ynsaUDrjr1d4DRp8NlvarbV3rg2uxp+qxfNKxvwF7:KA8oEnbsrVdqRp8ib+jNKxvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 57 IoCs

pid	Process
2632	Unicorn-7737.exe
2608	Unicorn-6279.exe
2612	Unicorn-65272.exe
2696	Unicorn-8822.exe
2584	Unicorn-62854.exe
2452	Unicorn-33519.exe
352	Unicorn-49082.exe
2720	Unicorn-19979.exe
2752	Unicorn-24578.exe
2904	Unicorn-40421.exe
2300	Unicorn-5288.exe
2460	Unicorn-27624.exe
1612	Unicorn-24286.exe
2224	Unicorn-9087.exe
2248	Unicorn-5750.exe
2244	Unicorn-50120.exe
2400	Unicorn-33784.exe
796	Unicorn-8895.exe
1428	Unicorn-5558.exe
792	Unicorn-25974.exe
1136	Unicorn-27597.exe
3020	Unicorn-6622.exe
1556	Unicorn-33239.exe
1368	Unicorn-24364.exe
816	Unicorn-758.exe
652	Unicorn-56975.exe
716	Unicorn-16135.exe
2944	Unicorn-36917.exe
2008	Unicorn-56783.exe
2984	Unicorn-32279.exe
2352	Unicorn-12413.exe
1796	Unicorn-45662.exe
2564	Unicorn-31589.exe
2568	Unicorn-64453.exe
2576	Unicorn-19891.exe
2676	Unicorn-15637.exe
2920	Unicorn-12107.exe
2436	Unicorn-64837.exe
2880	Unicorn-15444.exe
2968	Unicorn-51988.exe
2964	Unicorn-14484.exe
2716	Unicorn-35651.exe
2724	Unicorn-64562.exe
1260	Unicorn-52372.exe
1576	Unicorn-56970.exe
1760	Unicorn-54401.exe
1564	Unicorn-54401.exe
1752	Unicorn-54401.exe
1584	Unicorn-8729.exe
1252	Unicorn-46576.exe
1380	Unicorn-46576.exe
2572	Unicorn-26710.exe
2180	Unicorn-10047.exe
1736	Unicorn-28412.exe
2068	Unicorn-36388.exe
2020	Unicorn-52917.exe
580	Unicorn-9684.exe

Loads dropped DLL 64 IoCs

pid	Process
2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
2632	Unicorn-7737.exe
2632	Unicorn-7737.exe
2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
2608	Unicorn-6279.exe
2608	Unicorn-6279.exe
2632	Unicorn-7737.exe
2632	Unicorn-7737.exe
2612	Unicorn-65272.exe
2612	Unicorn-65272.exe
2696	Unicorn-8822.exe
2696	Unicorn-8822.exe
2608	Unicorn-6279.exe
2608	Unicorn-6279.exe
2584	Unicorn-62854.exe
2584	Unicorn-62854.exe
2452	Unicorn-33519.exe
2452	Unicorn-33519.exe
2612	Unicorn-65272.exe
2612	Unicorn-65272.exe
352	Unicorn-49082.exe
352	Unicorn-49082.exe
2696	Unicorn-8822.exe
2696	Unicorn-8822.exe
2752	Unicorn-24578.exe
2752	Unicorn-24578.exe
2584	Unicorn-62854.exe
2584	Unicorn-62854.exe
2720	Unicorn-19979.exe
2720	Unicorn-19979.exe
2300	Unicorn-5288.exe
2300	Unicorn-5288.exe
2904	Unicorn-40421.exe
2904	Unicorn-40421.exe
2452	Unicorn-33519.exe
2452	Unicorn-33519.exe
2460	Unicorn-27624.exe
2460	Unicorn-27624.exe
352	Unicorn-49082.exe
352	Unicorn-49082.exe
1612	Unicorn-24286.exe
1612	Unicorn-24286.exe
2224	Unicorn-9087.exe
2224	Unicorn-9087.exe
2752	Unicorn-24578.exe
2752	Unicorn-24578.exe
2248	Unicorn-5750.exe
2248	Unicorn-5750.exe
1428	Unicorn-5558.exe
1428	Unicorn-5558.exe
2244	Unicorn-50120.exe
2244	Unicorn-50120.exe
796	Unicorn-8895.exe
796	Unicorn-8895.exe
2300	Unicorn-5288.exe
2300	Unicorn-5288.exe
2400	Unicorn-33784.exe
2400	Unicorn-33784.exe
2904	Unicorn-40421.exe
2904	Unicorn-40421.exe
2720	Unicorn-19979.exe
2720	Unicorn-19979.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1012	1736	WerFault.exe	81

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
2632	Unicorn-7737.exe
2608	Unicorn-6279.exe
2612	Unicorn-65272.exe
2696	Unicorn-8822.exe
2584	Unicorn-62854.exe
2452	Unicorn-33519.exe
352	Unicorn-49082.exe
2720	Unicorn-19979.exe
2752	Unicorn-24578.exe
2904	Unicorn-40421.exe
2300	Unicorn-5288.exe
2460	Unicorn-27624.exe
1612	Unicorn-24286.exe
2224	Unicorn-9087.exe
2248	Unicorn-5750.exe
2244	Unicorn-50120.exe
1428	Unicorn-5558.exe
796	Unicorn-8895.exe
2400	Unicorn-33784.exe
792	Unicorn-25974.exe
1136	Unicorn-27597.exe
3020	Unicorn-6622.exe
1556	Unicorn-33239.exe
1368	Unicorn-24364.exe
816	Unicorn-758.exe
716	Unicorn-16135.exe
652	Unicorn-56975.exe
2008	Unicorn-56783.exe
2944	Unicorn-36917.exe
2352	Unicorn-12413.exe
2984	Unicorn-32279.exe
1796	Unicorn-45662.exe
2564	Unicorn-31589.exe
2576	Unicorn-19891.exe
2920	Unicorn-12107.exe
2568	Unicorn-64453.exe
2676	Unicorn-15637.exe
2436	Unicorn-64837.exe
2964	Unicorn-14484.exe
2968	Unicorn-51988.exe
2724	Unicorn-64562.exe
2880	Unicorn-15444.exe
2716	Unicorn-35651.exe
1736	Unicorn-28412.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2632	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	28
PID 2924 wrote to memory of 2632	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	28
PID 2924 wrote to memory of 2632	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	28
PID 2924 wrote to memory of 2632	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	28
PID 2632 wrote to memory of 2608	2632	Unicorn-7737.exe	29
PID 2632 wrote to memory of 2608	2632	Unicorn-7737.exe	29
PID 2632 wrote to memory of 2608	2632	Unicorn-7737.exe	29
PID 2632 wrote to memory of 2608	2632	Unicorn-7737.exe	29
PID 2924 wrote to memory of 2612	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	30
PID 2924 wrote to memory of 2612	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	30
PID 2924 wrote to memory of 2612	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	30
PID 2924 wrote to memory of 2612	2924	cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe	30
PID 2608 wrote to memory of 2696	2608	Unicorn-6279.exe	31
PID 2608 wrote to memory of 2696	2608	Unicorn-6279.exe	31
PID 2608 wrote to memory of 2696	2608	Unicorn-6279.exe	31
PID 2608 wrote to memory of 2696	2608	Unicorn-6279.exe	31
PID 2632 wrote to memory of 2584	2632	Unicorn-7737.exe	32
PID 2632 wrote to memory of 2584	2632	Unicorn-7737.exe	32
PID 2632 wrote to memory of 2584	2632	Unicorn-7737.exe	32
PID 2632 wrote to memory of 2584	2632	Unicorn-7737.exe	32
PID 2612 wrote to memory of 2452	2612	Unicorn-65272.exe	33
PID 2612 wrote to memory of 2452	2612	Unicorn-65272.exe	33
PID 2612 wrote to memory of 2452	2612	Unicorn-65272.exe	33
PID 2612 wrote to memory of 2452	2612	Unicorn-65272.exe	33
PID 2696 wrote to memory of 352	2696	Unicorn-8822.exe	34
PID 2696 wrote to memory of 352	2696	Unicorn-8822.exe	34
PID 2696 wrote to memory of 352	2696	Unicorn-8822.exe	34
PID 2696 wrote to memory of 352	2696	Unicorn-8822.exe	34
PID 2608 wrote to memory of 2720	2608	Unicorn-6279.exe	35
PID 2608 wrote to memory of 2720	2608	Unicorn-6279.exe	35
PID 2608 wrote to memory of 2720	2608	Unicorn-6279.exe	35
PID 2608 wrote to memory of 2720	2608	Unicorn-6279.exe	35
PID 2584 wrote to memory of 2752	2584	Unicorn-62854.exe	36
PID 2584 wrote to memory of 2752	2584	Unicorn-62854.exe	36
PID 2584 wrote to memory of 2752	2584	Unicorn-62854.exe	36
PID 2584 wrote to memory of 2752	2584	Unicorn-62854.exe	36
PID 2452 wrote to memory of 2904	2452	Unicorn-33519.exe	37
PID 2452 wrote to memory of 2904	2452	Unicorn-33519.exe	37
PID 2452 wrote to memory of 2904	2452	Unicorn-33519.exe	37
PID 2452 wrote to memory of 2904	2452	Unicorn-33519.exe	37
PID 2612 wrote to memory of 2300	2612	Unicorn-65272.exe	38
PID 2612 wrote to memory of 2300	2612	Unicorn-65272.exe	38
PID 2612 wrote to memory of 2300	2612	Unicorn-65272.exe	38
PID 2612 wrote to memory of 2300	2612	Unicorn-65272.exe	38
PID 352 wrote to memory of 2460	352	Unicorn-49082.exe	39
PID 352 wrote to memory of 2460	352	Unicorn-49082.exe	39
PID 352 wrote to memory of 2460	352	Unicorn-49082.exe	39
PID 352 wrote to memory of 2460	352	Unicorn-49082.exe	39
PID 2696 wrote to memory of 1612	2696	Unicorn-8822.exe	40
PID 2696 wrote to memory of 1612	2696	Unicorn-8822.exe	40
PID 2696 wrote to memory of 1612	2696	Unicorn-8822.exe	40
PID 2696 wrote to memory of 1612	2696	Unicorn-8822.exe	40
PID 2752 wrote to memory of 2224	2752	Unicorn-24578.exe	41
PID 2752 wrote to memory of 2224	2752	Unicorn-24578.exe	41
PID 2752 wrote to memory of 2224	2752	Unicorn-24578.exe	41
PID 2752 wrote to memory of 2224	2752	Unicorn-24578.exe	41
PID 2584 wrote to memory of 2248	2584	Unicorn-62854.exe	42
PID 2584 wrote to memory of 2248	2584	Unicorn-62854.exe	42
PID 2584 wrote to memory of 2248	2584	Unicorn-62854.exe	42
PID 2584 wrote to memory of 2248	2584	Unicorn-62854.exe	42
PID 2720 wrote to memory of 2400	2720	Unicorn-19979.exe	43
PID 2720 wrote to memory of 2400	2720	Unicorn-19979.exe	43
PID 2720 wrote to memory of 2400	2720	Unicorn-19979.exe	43
PID 2720 wrote to memory of 2400	2720	Unicorn-19979.exe	43

C:\Users\Admin\AppData\Local\Temp\cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cc9c0fb7ca519821c4c4dca620ea5745_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        9⤵
        Executes dropped EXE
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        10⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        8⤵
        Executes dropped EXE
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        8⤵
        Executes dropped EXE
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        7⤵
        Executes dropped EXE
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        7⤵
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36388.exe
        7⤵
        Executes dropped EXE
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        6⤵
        Executes dropped EXE
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        6⤵
        Executes dropped EXE
        
        PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        7⤵
        
        PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        7⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        7⤵
        Executes dropped EXE
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        8⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        6⤵
        Executes dropped EXE
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        7⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
        7⤵
        Program crash
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        5⤵
        Executes dropped EXE
        
        PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        6⤵
        Executes dropped EXE
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        5⤵
        Executes dropped EXE
        
        PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        5⤵
        Executes dropped EXE
        
        PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe

Filesize
184KB

MD5
c6b712d513715bfe5c9f36887db4f26c

SHA1
98bcee9a61d53f3d6b6737d2d162ab962f0b8a10

SHA256
32acf13e46aa2d998c3ce1dd95fda77e0551a0647af0e5e5f55efa02815d2792

SHA512
a239c7ff07289a5efd1c07c26523770f38656cad77671c5e1fcc312b56f98eca322a07f8d4aad80e55f1f4796f6b67d80514a6964e640763b4ecdd067488f473

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe

Filesize
184KB

MD5
b4c7cd7676a971f53e224fb8fb996418

SHA1
ce019be291c65c353354657f01b95b7a041a04af

SHA256
b40096911b2eb49f84a450001d749ce21085227f3d69573c5e2b65a876e7d7b4

SHA512
310246d7aad0c176b0013407b83a775eb62f9014504a2a5d4914770ea7ae66670165c819bf8a8cb4dbc13c280166447793ddac450794d7bf527a069c2a2471b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe

Filesize
184KB

MD5
9805684a2dd4991d607151db486105ec

SHA1
fde658b37790cb93a0b64e229b1eac2af64bcc8b

SHA256
bf87ca321392d02462d7bbee1ee6d96c129621a8e559e4f41f2e51e4b4b83015

SHA512
be98e89d6955afbd01fe5f0cb57ca0aaf916098f54f90ab8bc773328187d0ca95032ab61df73c761c21c06188162733734834879f753eb7e9b1e51b70bdbe9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe

Filesize
184KB

MD5
96c61eb8f103b9a63c3d7c86ad026164

SHA1
8f5ddcb5ed167c78a66d5e6c6633bb7f2de6840d

SHA256
7e202b411301756d9020f656c02d77a917c3298d4514d1b42e9eb46af284cbb3

SHA512
baf108c0cf81b3a423a43104c0cd676c9e14078cee1ab88bbdbf683a02f9a19787c69beb77404bd28ee305d21488826ee59398e382501396f95fd24bae51db88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe

Filesize
184KB

MD5
085bf70e1cb1d50c391ab4e595af1df7

SHA1
127979e27296e347c933fa4f0f6b9757e1c049e8

SHA256
3bbd3e5c2a9a68d9cba040365cca3739080da97be5a2e5273ed451e14389a3fe

SHA512
353e811114daf2ee58cf995b2d125684ded7b4cab368bfad72683154f70f5d23adacee5c4855b1deee433e6b2a6bf236c43a014eabccc9abe17e05e0ac888e8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe

Filesize
184KB

MD5
95c82ebac2f3eb2d6464caf28016f0e6

SHA1
08b913d9786f88dbf4c98860264928317532fd6d

SHA256
05e77c5e8d097fb3f615b3c7ff41f449136432d634881d638682a2a52f7f2d82

SHA512
5cead1ff725233482f280b4c285df1174ae3e0b5b410f2adbcd2508376cdfdd76268de6e49becc96517a3093bb49222928255d586aee43bffa0e39a7d0f732c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe

Filesize
184KB

MD5
de44cd57662c78174c0d3756c3263903

SHA1
99ac9e997b22719465866ea493484724b45dbfa4

SHA256
791828dc997a1b8a38311e4765f587b12c4ad830e9c6b6f87627a20011705be0

SHA512
48ce8ea0bc963997f5029e4fcda4ebae28527f9e6f6c335c11dc183f896665ea823e22484df0d538dff8afbcfc066c66768e921f07cf861cfaea544874f5ed6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe

Filesize
184KB

MD5
f79e7f952b9a244a71fbf4b411286096

SHA1
a9f0844a40cacda0871cf1eb28c0fafacd7fb69e

SHA256
7d5139379fb7bfccdcd0d5b30ed40c5aa750d16e781350f2706b40bf3582f161

SHA512
ae4ab5074949490620b919ec7eda5137efb56d4474d1ae316a869ce6cb961ccc91d2b73dd1c4a25d791998da1fffa10281bd1ac2bff6744fab55c6eeb03a1138

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe

Filesize
184KB

MD5
0aa3c478604fce0efa8f7d5a8dc8f7c4

SHA1
1cea78907576aa40237e4eeb0eafa03e1f6d72b0

SHA256
41e08ed77d904d287eafe57a558850c184c2f529130fb5be5f4611f50a40f32b

SHA512
6b3155471712d9ff40b79699dc6a67698da27c77b753a7b56192bc324992bef9f9c3628b028fe8a3557f22d0f9f77bd2ee23cd58bb28f2454bdd3edd6fe880eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe

Filesize
184KB

MD5
0f541568636231f2274fc6319d0ef670

SHA1
88be90bf462a68621ecbc6255bd327bb9d7fc9bb

SHA256
e9744e9b65d614acb4b9bcbca5f953a98de023e4152f25bdc6ddb6c18100a836

SHA512
4a87eed9087d6219f124f3612e4d02aa6a81b802d7f59751ab3baaef3ab87d0cee1181addfb8d51bcec8d5f2a8b9666edfaa1aca2a07bbb28aed37ba30e4f447

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe

Filesize
184KB

MD5
a44132f717d7c98bc322d9225aacabc1

SHA1
980d2ab7a9e9a7802b0eec6faa4b95436c801e4b

SHA256
a281dc8926dcafb77779c0df483b92134a26bdac52830a8dbf0d4f9fa22e46cc

SHA512
79a0f7a7a6e275fa0081d6d0eb43d82631790de8a8c74daea0ebc0083f47f776d5c81139d07c67e163a0153099c9f0b65a72624d22d34f28374891c1101bf6ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe

Filesize
184KB

MD5
d927bedda8304f1c90c79f678ea0b57f

SHA1
24fc995f05f9cfcf1433802261c4bd84a3887f73

SHA256
78c0feb8cc15f3b86ee98d89fce8fcfcfb2f2d9e1b7e8f422baa671cb5e1abf8

SHA512
00517adb0127d9eb4bd100a1809bc6ac8af7826c071ebdb8df1123b4a86aec3dc5bb22b296beb75b3fada6abdc2ef03d611641adee60b00eb342a201762726b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe

Filesize
184KB

MD5
80c1382246c968fb9b536a6b7756d6c1

SHA1
1bc53606240157b6bca80e88f1fea48df07c46e1

SHA256
e8a098d8a9fe94b68e2459559f02fd06c8de1c1a4dd059ba2a489feb30ec15de

SHA512
ce6d3607871f1467bc1bd283c96953032c1e294c93dfa50a1b07cff70a4d71a04764059cfff0b7209ecfc4836340e519a63428e7f0f48961eaafeac43c0c808d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe

Filesize
184KB

MD5
10620e2e6d9ea73e5bb17d6970f2b9de

SHA1
4e9703ed8fa5c603048fb2050c6ad66c12aa7f2b

SHA256
578900d64b9bce2f49b3ea523700ba671b670c32ac5c4d055d2c4a74731c6efc

SHA512
03c1d9308dacbf4e64a74955f23c3f6eefb447bbdc345f49f14013c76652a91786d50191c66d58c90cdbcefaaa5204bafd7bb72ed7eb9e153b531748b8e9e083

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe

Filesize
184KB

MD5
9f680f19e8f113435bdddff19fe712aa

SHA1
461080243cd963610e579677103aa6b3533b3172

SHA256
77b6ab1d40b8e805b830648feeaae83619a13474cdee6c3af10da423fba75952

SHA512
c155a17d809e58b3673115dcfb2e9348f7badb81a690184c262cc2d52826bd71136ef7af125dd1512c08ff1f4df7867bb0b30472e05a6d60e22fa35acf317e93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe

Filesize
184KB

MD5
f4f9a22edda8847ba1839075d06a3d4c

SHA1
60810569ff2abf1df6675b50637ffce856b0fafa

SHA256
f6a43dddde011326c84ada406565e34c96c223ca024347f648d7446ecd3abf9c

SHA512
7371e8687763f3d2af8e804a82bf57dbe4a8bf517b89c71b3a7eca5180d3f5a807dc97ebd089e96f3615376b14b88d91a3e053ff6cb0605b5b208d8b419e5dd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe

Filesize
184KB

MD5
821013d9588ce79da287ca4102b487cc

SHA1
73b1c70765ad7051cd3492cf06017083af21bafc

SHA256
41d88825d902126c38488b996d7974ae60c006b2006b7eac1957e8bd19b097dc

SHA512
1bbb65d30039600a5cd942c1aa6861fac604484e6801c51ff521b7c25422191c260a7563c2c38a7e824beb4d212017a1849db26c82a37ba407163265075999b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe

Filesize
184KB

MD5
b85a8159c1e3865357877c84bfebfd76

SHA1
674383a402f82a375991ba0f6ea4212438f4cf56

SHA256
4c989c294b714cd9dca851b1d95e581850c4a5905768af2db2edba9fc9d8a344

SHA512
39502efb502de7491432ac8a4cbcbaaeb3633a5815130dbfeb316c45746f3bc679da21bedcb235e8ce1811bb602b885ccd0fdf0ffec4ce177d9f76af9aba58e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe

Filesize
184KB

MD5
75975b3560ca4e44803cd6e13a628efc

SHA1
86cba3d219a91a19c9f5723e1bebac832b944c22

SHA256
2d1efe5af8dd7de07b9d052503bbd44d3461df9f9d87d630389288384f29afaf

SHA512
fcb8476c14b3fbb2b0df138c4da0f36d9a595d4c029e5a83ed9e21f7225af35e3d81c8657ce0edf8e6472dec4d37f834816320cc3a1015c9c3388c9092b69b8b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads