99af40e93f9de036d0922ddfd6d847383ae004ee95155cc211519643ac666816

Analysis

max time kernel
32s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
Size

196KB
MD5

cce327cbbcf8a24f3f302c9693f9cc3a
SHA1

eac3beb463d0c1ca81e14d679367be1cf2d4b8f4
SHA256

99af40e93f9de036d0922ddfd6d847383ae004ee95155cc211519643ac666816
SHA512

a70b6dc0b94dff9ec5ed2737ff42fd043585cebe3d45ee6cc9eed4c6ff4a503b755892b75364c73f5b4e0f996b25bb2bbcc6e1cb48b03b754e6edd548287f738
SSDEEP

3072:creyoqkMaPAUSbn0Mb7iqo8b622GrIKrTfNFx7mGRP2lVvMe:crjo1YxbTb2qo8nn5/2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 27 IoCs

pid	Process
1656	Unicorn-43562.exe
2716	Unicorn-32457.exe
2668	Unicorn-20759.exe
2084	Unicorn-35503.exe
2652	Unicorn-40141.exe
2772	Unicorn-35695.exe
1364	Unicorn-34154.exe
1456	Unicorn-9841.exe
560	Unicorn-55513.exe
2404	Unicorn-58658.exe
524	Unicorn-63681.exe
760	Unicorn-39769.exe
536	Unicorn-28071.exe
2508	Unicorn-31601.exe
1800	Unicorn-36623.exe
1260	Unicorn-7480.exe
2516	Unicorn-39001.exe
2256	Unicorn-47169.exe
2132	Unicorn-27303.exe
3040	Unicorn-13902.exe
2984	Unicorn-13902.exe
824	Unicorn-19610.exe
1560	Unicorn-14011.exe
736	Unicorn-50825.exe
1628	Unicorn-5153.exe
1144	Unicorn-44899.exe
2932	Unicorn-31677.exe

Loads dropped DLL 64 IoCs

pid	Process
300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
1656	Unicorn-43562.exe
1656	Unicorn-43562.exe
300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
2716	Unicorn-32457.exe
1656	Unicorn-43562.exe
2716	Unicorn-32457.exe
1656	Unicorn-43562.exe
2668	Unicorn-20759.exe
2668	Unicorn-20759.exe
2652	Unicorn-40141.exe
2652	Unicorn-40141.exe
2084	Unicorn-35503.exe
2668	Unicorn-20759.exe
2772	Unicorn-35695.exe
2772	Unicorn-35695.exe
2668	Unicorn-20759.exe
2084	Unicorn-35503.exe
2716	Unicorn-32457.exe
2716	Unicorn-32457.exe
1364	Unicorn-34154.exe
1364	Unicorn-34154.exe
2652	Unicorn-40141.exe
2652	Unicorn-40141.exe
1456	Unicorn-9841.exe
1456	Unicorn-9841.exe
2772	Unicorn-35695.exe
2772	Unicorn-35695.exe
560	Unicorn-55513.exe
560	Unicorn-55513.exe
2404	Unicorn-58658.exe
2404	Unicorn-58658.exe
2084	Unicorn-35503.exe
524	Unicorn-63681.exe
2084	Unicorn-35503.exe
524	Unicorn-63681.exe
760	Unicorn-39769.exe
536	Unicorn-28071.exe
760	Unicorn-39769.exe
536	Unicorn-28071.exe
1364	Unicorn-34154.exe
1364	Unicorn-34154.exe
1800	Unicorn-36623.exe
1800	Unicorn-36623.exe
524	Unicorn-63681.exe
2256	Unicorn-47169.exe
524	Unicorn-63681.exe
2256	Unicorn-47169.exe
2132	Unicorn-27303.exe
2132	Unicorn-27303.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
1840	2404	WerFault.exe	35
1696	2516	WerFault.exe	44
2368	1560	WerFault.exe	50
112	1364	WerFault.exe	87
1172	1640	WerFault.exe	84

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
1656	Unicorn-43562.exe
2716	Unicorn-32457.exe
2668	Unicorn-20759.exe
2652	Unicorn-40141.exe
2084	Unicorn-35503.exe
2772	Unicorn-35695.exe
1364	Unicorn-34154.exe
1456	Unicorn-9841.exe
560	Unicorn-55513.exe
2404	Unicorn-58658.exe
524	Unicorn-63681.exe
760	Unicorn-39769.exe
536	Unicorn-28071.exe
1800	Unicorn-36623.exe
1260	Unicorn-7480.exe
2516	Unicorn-39001.exe
2256	Unicorn-47169.exe
2132	Unicorn-27303.exe
2984	Unicorn-13902.exe
824	Unicorn-19610.exe
3040	Unicorn-13902.exe
1560	Unicorn-14011.exe
1144	Unicorn-44899.exe
1628	Unicorn-5153.exe
736	Unicorn-50825.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 300 wrote to memory of 1656	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	28
PID 300 wrote to memory of 1656	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	28
PID 300 wrote to memory of 1656	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	28
PID 300 wrote to memory of 1656	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	28
PID 1656 wrote to memory of 2716	1656	Unicorn-43562.exe	29
PID 1656 wrote to memory of 2716	1656	Unicorn-43562.exe	29
PID 1656 wrote to memory of 2716	1656	Unicorn-43562.exe	29
PID 1656 wrote to memory of 2716	1656	Unicorn-43562.exe	29
PID 300 wrote to memory of 2668	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	30
PID 300 wrote to memory of 2668	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	30
PID 300 wrote to memory of 2668	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	30
PID 300 wrote to memory of 2668	300	cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe	30
PID 2716 wrote to memory of 2084	2716	Unicorn-32457.exe	31
PID 2716 wrote to memory of 2084	2716	Unicorn-32457.exe	31
PID 2716 wrote to memory of 2084	2716	Unicorn-32457.exe	31
PID 2716 wrote to memory of 2084	2716	Unicorn-32457.exe	31
PID 1656 wrote to memory of 2652	1656	Unicorn-43562.exe	32
PID 1656 wrote to memory of 2652	1656	Unicorn-43562.exe	32
PID 1656 wrote to memory of 2652	1656	Unicorn-43562.exe	32
PID 1656 wrote to memory of 2652	1656	Unicorn-43562.exe	32
PID 2668 wrote to memory of 2772	2668	Unicorn-20759.exe	33
PID 2668 wrote to memory of 2772	2668	Unicorn-20759.exe	33
PID 2668 wrote to memory of 2772	2668	Unicorn-20759.exe	33
PID 2668 wrote to memory of 2772	2668	Unicorn-20759.exe	33
PID 2652 wrote to memory of 1364	2652	Unicorn-40141.exe	34
PID 2652 wrote to memory of 1364	2652	Unicorn-40141.exe	34
PID 2652 wrote to memory of 1364	2652	Unicorn-40141.exe	34
PID 2652 wrote to memory of 1364	2652	Unicorn-40141.exe	34
PID 2772 wrote to memory of 1456	2772	Unicorn-35695.exe	37
PID 2772 wrote to memory of 1456	2772	Unicorn-35695.exe	37
PID 2772 wrote to memory of 1456	2772	Unicorn-35695.exe	37
PID 2772 wrote to memory of 1456	2772	Unicorn-35695.exe	37
PID 2668 wrote to memory of 524	2668	Unicorn-20759.exe	36
PID 2668 wrote to memory of 524	2668	Unicorn-20759.exe	36
PID 2668 wrote to memory of 524	2668	Unicorn-20759.exe	36
PID 2668 wrote to memory of 524	2668	Unicorn-20759.exe	36
PID 2084 wrote to memory of 2404	2084	Unicorn-35503.exe	35
PID 2084 wrote to memory of 2404	2084	Unicorn-35503.exe	35
PID 2084 wrote to memory of 2404	2084	Unicorn-35503.exe	35
PID 2084 wrote to memory of 2404	2084	Unicorn-35503.exe	35
PID 2716 wrote to memory of 560	2716	Unicorn-32457.exe	38
PID 2716 wrote to memory of 560	2716	Unicorn-32457.exe	38
PID 2716 wrote to memory of 560	2716	Unicorn-32457.exe	38
PID 2716 wrote to memory of 560	2716	Unicorn-32457.exe	38
PID 1364 wrote to memory of 760	1364	Unicorn-34154.exe	39
PID 1364 wrote to memory of 760	1364	Unicorn-34154.exe	39
PID 1364 wrote to memory of 760	1364	Unicorn-34154.exe	39
PID 1364 wrote to memory of 760	1364	Unicorn-34154.exe	39
PID 2652 wrote to memory of 536	2652	Unicorn-40141.exe	40
PID 2652 wrote to memory of 536	2652	Unicorn-40141.exe	40
PID 2652 wrote to memory of 536	2652	Unicorn-40141.exe	40
PID 2652 wrote to memory of 536	2652	Unicorn-40141.exe	40
PID 1456 wrote to memory of 2508	1456	Unicorn-9841.exe	41
PID 1456 wrote to memory of 2508	1456	Unicorn-9841.exe	41
PID 1456 wrote to memory of 2508	1456	Unicorn-9841.exe	41
PID 1456 wrote to memory of 2508	1456	Unicorn-9841.exe	41
PID 2772 wrote to memory of 1800	2772	Unicorn-35695.exe	42
PID 2772 wrote to memory of 1800	2772	Unicorn-35695.exe	42
PID 2772 wrote to memory of 1800	2772	Unicorn-35695.exe	42
PID 2772 wrote to memory of 1800	2772	Unicorn-35695.exe	42
PID 560 wrote to memory of 1260	560	Unicorn-55513.exe	43
PID 560 wrote to memory of 1260	560	Unicorn-55513.exe	43
PID 560 wrote to memory of 1260	560	Unicorn-55513.exe	43
PID 560 wrote to memory of 1260	560	Unicorn-55513.exe	43

C:\Users\Admin\AppData\Local\Temp\cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cce327cbbcf8a24f3f302c9693f9cc3a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 244
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 228
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        10⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        7⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        11⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
        9⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        10⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 244
        11⤵
        Program crash
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        10⤵
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        6⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        10⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        10⤵
        
        PID:2680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
        5⤵
        Executes dropped EXE
        
        PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        6⤵
        Program crash
        
        PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        6⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        10⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        11⤵
        Program crash
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        9⤵
        
        PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        7⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        7⤵
        
        PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe

Filesize
196KB

MD5
ad6483d0f118f9228a91a0ddb06fe38e

SHA1
d5aa3266b097e74406417653142a52b9e0c6f441

SHA256
267067796b1396825c2111d9041854e8ffaf0b41eb97c1cd6126b770cfa87315

SHA512
f3bb7d122631088addc65c4f2d39d9690d09850a7cf472303817809d663e46c53d67964ee327faff9849f370cb726ed864094edc875b67f581f45721ad5babcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe

Filesize
196KB

MD5
bc56a021cebb9da8038e91ef4c20d250

SHA1
195119561147fa413babbfa667a39abaf2bb699a

SHA256
c1bebb3f1eadc0847d86040b08cc9292cea9a69484874f1b314dd29456006fc8

SHA512
dfb325e81148df093af7d56935dc1cd8d757827c568a1a3b548f76ca1cf5124a29fc25ebf48f17028b7bdef430ea231627bf62ed07db24486c85d0dddf854438

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe

Filesize
196KB

MD5
119c2d34e06b0bd639e431789929329c

SHA1
792862a7450c534660e9a528811543b0f0ecd901

SHA256
df3bcea26b18d89d0313ca66c90d1c2141cf9d9a1b4cb3e3bdaf5e1589b8d627

SHA512
76f5c69aedf54578979c2c8008c11d39e1fde900dd8d16896b1f2536da9cfddd5a700dc328824c102c7b70a25f669857db16df0514436637607cb04220b61229

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe

Filesize
196KB

MD5
62e62d3716076ef8eb5ef304497fc741

SHA1
9751cf1dd622f1e112a6268352b4bcb9f465640a

SHA256
0caf703953feb4c0ffee788e815c9f2222277c895654004970e6d814d2d5b86a

SHA512
42ecadf54dbf4f2653368c1144027047e7ff83c99c0e5d0e6ef3a13e48d3f9d3606f9b26a62711471565cd30a34cd179184b2edad883d9be8023e29f7b6c4cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe

Filesize
196KB

MD5
ecdd1fdc92d0df16f6b5fef11b79ab49

SHA1
c15bb0c5394c763a3000867585c122fb0f43c74c

SHA256
9371b3277627c2fde77c36dca4e360f30243d3ea9544a8d1f6d1859e4ccba51f

SHA512
569444c1b3f8a6d33fb04e157aac287ac8a7eb84e44cc80318674d075975acf26dc61438090303a8af4f9589991488203b571aa7bd5bb05b1b7a2a3c27e22de1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe

Filesize
196KB

MD5
130459ec9048ba762126de1f78490172

SHA1
622e42f7e5bd0479ae5eb16cbf9f906b149da523

SHA256
e41a303e47d9f4c9216edbebb7c9fe874fcf6c8e99550e8b8448ffbb34479025

SHA512
3b13a848c353c24db7f403b7a77ecf00e2a79eaf56ca55cabde71e850f505d1ecc95af60c528c6c9d70461d44e3cb815c0833ed6e62407ab9a706172dbb257e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe

Filesize
196KB

MD5
d661b8c2deea35dfb72f8b139f94845e

SHA1
5d6acd64bfc2bcc3e129a8478dce8afcae0c4611

SHA256
d04fe8ade00b012a7d102d94e50fd8bf550da92610747e031c01e1832ea780e9

SHA512
f9b7f8061bf5f571fca84f5cdc7cf6da1dee7c029085948f32b77789aa9aefe89ce5be17c45f0b3a3623c962e84db24d429540935191df0947237a46768bb6e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe

Filesize
196KB

MD5
8ada10d50d0fee3830d3f178b82939d5

SHA1
70a3da127bffd47dd220459a0044f39381801d07

SHA256
03bf5e6ed87e1d08ab52e6c5e842ff0578c4352330e4fbc4fddeb83e1df8c6c0

SHA512
2399c7d79cbad05b012f49843e8bd03beea88a206722718b662bac97f604bc94f33d6bf4d25ccc53de11e1c78e4f1208fbcd1f9d987cbef74be0b48e2a87f08e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe

Filesize
196KB

MD5
8b70e144d2581752a6a2360997d62141

SHA1
a51820196a26e693fd25bfbfe0dd0ab21bbb6842

SHA256
ea0411988f5eff3566fcba5022fd41f96abd956e5fbac8c0dc26fbc12aba0cdd

SHA512
b2e5f0c178aabedb1953e15e3bd5bfa904abde369d6ebe797302ffabfaafd0b9908a5c435c6b746bd94f0f7d5e7da5f240c4ab68014ddad1ac8aea7bcd6b19c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe

Filesize
196KB

MD5
9217d233b02897cf9f5eb960e522b1fc

SHA1
eda70e5816240d63bd338ff9757484eb0bd8af3c

SHA256
d392f37d5c4394b494595d76ae255d4ed29ccf01fb1bdf4e54c310fff41323cc

SHA512
94018d72d2b3f121fd70fa008e326d7c8ff848b89a85638d0e1533b73254af9fe85f27e9ae468d84d10c0cfa6e69e247064a2a1fe85067a4fbc0879b5dcc8f9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe

Filesize
196KB

MD5
fe9038b9f428323e6c1fa4388d08577d

SHA1
2f575961d65930b3c339820dbbf14cd9bd9255e1

SHA256
20e4993ba4f1adbe1f316549dda770cc0ba728b16c4675644321c9c0c8279104

SHA512
520a9bd64000bd791e3240810757780c32847ebab5079866b37a8cc6b2d6f2c9afda7cf5bdd86a8aa040b1563abd2061e0f113df2df4978e9a1d0a5607e93503

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35503.exe

Filesize
196KB

MD5
fc83fbb7887c3189d7266288dc724d42

SHA1
06ed924f06a2a87db947a3a6f19edb1ead6861b4

SHA256
2cd2cabbc9903aab1ca5d50115f3324d1b414578dc4912999702a17f3439cde4

SHA512
3ae7ff70fd014eb676089796c582eb1b65090cf0fb1c7580ac6d8e814419522baabe9fe308bee92461f527f22e4d0a8194c6dc5f6edc9ed1010a73187a2a1a93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe

Filesize
196KB

MD5
9f566dd08ca4cc4046eec2b8d359ecb0

SHA1
769bdc89a46dde1879446338087c15b661d91fad

SHA256
c7124ac727d7c9ed7e8609c06c274d240203ba9698a0bc91c32d2c7ae1de0b58

SHA512
c802d0f9f44a4f4d57a7dad112c9da982a0fc525460a41713d26e75ada3e5b650f967faca8512f89d813a0fd2b538b5cb68733b9f5dccf72819561d8b8431a53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe

Filesize
196KB

MD5
4aea1cba0aec6a09f6bcb3258ac353c0

SHA1
4cb3c14ab8f40effba8cab6752705c2d69d8b35a

SHA256
d164d010dfed7eb7cc12d103de4efe9905b5699e109050607c9c023f3fd0d3ab

SHA512
90ca947a63937b884edc64ef29729d74e856c43eb979e0231d46f282607510644d93b69c31d9f673b631b835c4fcfa0fed082458c5cb37901eef786b4bcc25ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe

Filesize
196KB

MD5
3606d3d57af1ab3ec24bcddfb403449a

SHA1
40c62d0ee657f2d59dcee07fd9f32ea74345ab12

SHA256
c8e4542b95d1e99aedd69d4f0e3e19fd802c8a522be6468c2daf1221227d19d2

SHA512
871eafc9a5bafc2a471744105fa55873ccde15659e3f52d8f2823a69386f197a36be265099d9d1a4088d1b5e8bace1145a085c958430f3e6a84547942e59c9c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe

Filesize
196KB

MD5
b9cdc6e7edf5ba0e629075e3f3ed358b

SHA1
1e461d2e30caeb37590ce3fb6c79ccf61f7d5358

SHA256
22b6c69486d51c317e1cc1beea1faf1c79d52fc0fbcffc55d311851d45cfc979

SHA512
90f19af4b8ab30e2031c6f27bb688386ea49a6901de3c5bc6657119c3af407b1823a0885982f00b6ee37afee291c846a4c3df369567d906610fffb114593645c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe

Filesize
196KB

MD5
51b0ddc9b3bcd4736dac58275923240f

SHA1
7549566e13080d442fe1635b698c9343eda278ba

SHA256
f3e34369e00c2a6ee45247650e80e64892a506f5f5e2e99f3992b05b3a5a1df2

SHA512
0c1c73913661972a9ed848a1596568984c15b180506a3b2d00cb11c8bfe859ae29ff89dbec4e7cea1c342d9461c7b45d6d43e26793a3545bd2eee74bb917e576

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe

Filesize
196KB

MD5
2bddf9d5319e5d379e30396a4218aed9

SHA1
d3d510c8103de33e718b12bd4907506e7b2f26a9

SHA256
d2e00ef9636760279b7403dcd2977a3c708a9ec1e18bfbff7da48e3b54727a7c

SHA512
8ee318b6ca65ac656e51ada02606a8803d55346ccf790b1e7617bf4fc865bd953eafa9eac810d70a594f8fc5f8dbef66eee5e235f3d5409d322459cf16cb92fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe

Filesize
196KB

MD5
0060abcc1879f2f50a9f8aabba6b2bf3

SHA1
819d93fa25948e97812eaed8a085fb77aaf0ae2e

SHA256
42ac68cf1505d7689f6ee0aae928cf80af1568200000193ac357334f760a55dc

SHA512
e27b1005ef3a44be939d5c78310385e5f205aba2a849f20461121fd3e1f2643371a8baf7dceefaa85c51fed2ed55aaee4a46f0ade3353e2b58f1d8893c55cd89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe

Filesize
196KB

MD5
410e1f610620c6b41c98b88d444f9df7

SHA1
7d62f802f12f3e1f43edad600351fdee5d6026b1

SHA256
48bfdd1b1d5a54ed247712a2a9fdbcd236ecc6736e1771602853788255061a1e

SHA512
5e53f94137260f6831f902b19ad9a4235e2fc43b30ab5c033607ce92054f3e47a6aca5867ebe88a05bdddb0ca3e4bb6cfabc131b0e534196dd4604c3dfcbd7c0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads