923229107ea9ca40441d6291babeeda55d762c56d0f4746c3b9bb47b7af85c06

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
Size

188KB
MD5

d4ed6cf5fc00e49b40839883d34d5aa7
SHA1

d81d323afea6b87ded8170265c53b3b547de8041
SHA256

923229107ea9ca40441d6291babeeda55d762c56d0f4746c3b9bb47b7af85c06
SHA512

4dd44485e567a7cff4cc870838b21ad4b10ca4bafbd12a99ee012b02943ce74897951fdd3684a8275d7157dc1d65c4a7fd6e6271e0a6947f2c76ee68943eeaa6
SSDEEP

3072:R5OYxn6LCnFw8tzfGwggBVcYg4xWWKul2W5xyQP25Hl232Ku:R5xx3Fw8RGRgBVyqKnHl232K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2876	Unicorn-28802.exe
2512	Unicorn-33208.exe
2572	Unicorn-9258.exe
2528	Unicorn-50587.exe
2532	Unicorn-22553.exe
2640	Unicorn-42419.exe
2336	Unicorn-10981.exe
2108	Unicorn-52569.exe
2348	Unicorn-2813.exe
2148	Unicorn-60182.exe
2152	Unicorn-35848.exe
2128	Unicorn-19280.exe
480	Unicorn-4095.exe
2688	Unicorn-41598.exe
2912	Unicorn-49212.exe
2700	Unicorn-41044.exe
2012	Unicorn-13010.exe
2064	Unicorn-13690.exe
2732	Unicorn-26305.exe
1160	Unicorn-21667.exe
2620	Unicorn-55086.exe
832	Unicorn-58231.exe
1888	Unicorn-41895.exe
2744	Unicorn-63062.exe
804	Unicorn-5138.exe
1080	Unicorn-25921.exe
2980	Unicorn-26950.exe
884	Unicorn-60369.exe
1864	Unicorn-51646.exe
2984	Unicorn-59622.exe
1984	Unicorn-27504.exe
2872	Unicorn-51262.exe
2556	Unicorn-48008.exe
2564	Unicorn-43369.exe
2648	Unicorn-60068.exe
2724	Unicorn-14396.exe
2096	Unicorn-39647.exe
2540	Unicorn-39093.exe
2356	Unicorn-18289.exe
2428	Unicorn-35371.exe
2364	Unicorn-55237.exe
2876	Unicorn-15055.exe
1512	Unicorn-10587.exe
2424	Unicorn-56259.exe
1484	Unicorn-56664.exe
2668	Unicorn-56664.exe
1492	Unicorn-9170.exe
2116	Unicorn-29036.exe
540	Unicorn-21505.exe
1128	Unicorn-232.exe
1456	Unicorn-6283.exe
1504	Unicorn-47975.exe
2444	Unicorn-46086.exe
320	Unicorn-46984.exe
620	Unicorn-54659.exe
2892	Unicorn-8743.exe
2520	Unicorn-27898.exe
2404	Unicorn-16772.exe
2276	Unicorn-40700.exe
2140	Unicorn-47685.exe
708	Unicorn-64488.exe
2644	Unicorn-9169.exe
1756	Unicorn-1001.exe
616	Unicorn-18986.exe

Loads dropped DLL 64 IoCs

pid	Process
1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
2876	Unicorn-28802.exe
1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
2876	Unicorn-28802.exe
1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
2512	Unicorn-33208.exe
2512	Unicorn-33208.exe
2876	Unicorn-28802.exe
2572	Unicorn-9258.exe
2876	Unicorn-28802.exe
2572	Unicorn-9258.exe
2528	Unicorn-50587.exe
2528	Unicorn-50587.exe
2512	Unicorn-33208.exe
2512	Unicorn-33208.exe
2532	Unicorn-22553.exe
2532	Unicorn-22553.exe
2640	Unicorn-42419.exe
2640	Unicorn-42419.exe
2572	Unicorn-9258.exe
2572	Unicorn-9258.exe
2108	Unicorn-52569.exe
2108	Unicorn-52569.exe
2348	Unicorn-2813.exe
2348	Unicorn-2813.exe
2532	Unicorn-22553.exe
2532	Unicorn-22553.exe
2152	Unicorn-35848.exe
2152	Unicorn-35848.exe
2336	Unicorn-10981.exe
2336	Unicorn-10981.exe
2528	Unicorn-50587.exe
2528	Unicorn-50587.exe
2128	Unicorn-19280.exe
2128	Unicorn-19280.exe
2108	Unicorn-52569.exe
2108	Unicorn-52569.exe
480	Unicorn-4095.exe
480	Unicorn-4095.exe
2348	Unicorn-2813.exe
2348	Unicorn-2813.exe
2012	Unicorn-13010.exe
2012	Unicorn-13010.exe
2700	Unicorn-41044.exe
2700	Unicorn-41044.exe
2336	Unicorn-10981.exe
2336	Unicorn-10981.exe
2912	Unicorn-49212.exe
2912	Unicorn-49212.exe
2152	Unicorn-35848.exe
2152	Unicorn-35848.exe
2064	Unicorn-13690.exe
2064	Unicorn-13690.exe
2128	Unicorn-19280.exe
2128	Unicorn-19280.exe
2732	Unicorn-26305.exe
2732	Unicorn-26305.exe
2620	Unicorn-55086.exe
2620	Unicorn-55086.exe
2688	Unicorn-41598.exe
2688	Unicorn-41598.exe
1888	Unicorn-41895.exe
1888	Unicorn-41895.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2992	708	WerFault.exe	90
2024	1756	WerFault.exe	92
1728	616	WerFault.exe	94
1492	2232	WerFault.exe	97

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
2876	Unicorn-28802.exe
2512	Unicorn-33208.exe
2572	Unicorn-9258.exe
2528	Unicorn-50587.exe
2532	Unicorn-22553.exe
2640	Unicorn-42419.exe
2348	Unicorn-2813.exe
2108	Unicorn-52569.exe
2152	Unicorn-35848.exe
2336	Unicorn-10981.exe
2128	Unicorn-19280.exe
480	Unicorn-4095.exe
2012	Unicorn-13010.exe
2700	Unicorn-41044.exe
2912	Unicorn-49212.exe
2688	Unicorn-41598.exe
2064	Unicorn-13690.exe
2732	Unicorn-26305.exe
2620	Unicorn-55086.exe
1888	Unicorn-41895.exe
832	Unicorn-58231.exe
1160	Unicorn-21667.exe
804	Unicorn-5138.exe
1080	Unicorn-25921.exe
2744	Unicorn-63062.exe
2980	Unicorn-26950.exe
884	Unicorn-60369.exe
1864	Unicorn-51646.exe
2984	Unicorn-59622.exe
2872	Unicorn-51262.exe
1984	Unicorn-27504.exe
2556	Unicorn-48008.exe
2724	Unicorn-14396.exe
2364	Unicorn-55237.exe
2668	Unicorn-56664.exe
2356	Unicorn-18289.exe
2424	Unicorn-56259.exe
2096	Unicorn-39647.exe
1492	Unicorn-9170.exe
540	Unicorn-21505.exe
2648	Unicorn-60068.exe
2540	Unicorn-39093.exe
2564	Unicorn-43369.exe
1504	Unicorn-47975.exe
2892	Unicorn-8743.exe
320	Unicorn-46984.exe
1484	Unicorn-56664.exe
2404	Unicorn-16772.exe
1128	Unicorn-232.exe
2116	Unicorn-29036.exe
2876	Unicorn-15055.exe
708	Unicorn-64488.exe
1456	Unicorn-6283.exe
1756	Unicorn-1001.exe
2520	Unicorn-27898.exe
616	Unicorn-18986.exe
2232	Unicorn-1352.exe
2444	Unicorn-46086.exe
576	Unicorn-64891.exe
2276	Unicorn-40700.exe
1872	Unicorn-40382.exe
1512	Unicorn-10587.exe
2644	Unicorn-9169.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2876	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	28
PID 1848 wrote to memory of 2876	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	28
PID 1848 wrote to memory of 2876	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	28
PID 1848 wrote to memory of 2876	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	28
PID 2876 wrote to memory of 2512	2876	Unicorn-28802.exe	29
PID 2876 wrote to memory of 2512	2876	Unicorn-28802.exe	29
PID 2876 wrote to memory of 2512	2876	Unicorn-28802.exe	29
PID 2876 wrote to memory of 2512	2876	Unicorn-28802.exe	29
PID 1848 wrote to memory of 2572	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	30
PID 1848 wrote to memory of 2572	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	30
PID 1848 wrote to memory of 2572	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	30
PID 1848 wrote to memory of 2572	1848	d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe	30
PID 2512 wrote to memory of 2528	2512	Unicorn-33208.exe	31
PID 2512 wrote to memory of 2528	2512	Unicorn-33208.exe	31
PID 2512 wrote to memory of 2528	2512	Unicorn-33208.exe	31
PID 2512 wrote to memory of 2528	2512	Unicorn-33208.exe	31
PID 2876 wrote to memory of 2532	2876	Unicorn-28802.exe	32
PID 2876 wrote to memory of 2532	2876	Unicorn-28802.exe	32
PID 2876 wrote to memory of 2532	2876	Unicorn-28802.exe	32
PID 2876 wrote to memory of 2532	2876	Unicorn-28802.exe	32
PID 2572 wrote to memory of 2640	2572	Unicorn-9258.exe	33
PID 2572 wrote to memory of 2640	2572	Unicorn-9258.exe	33
PID 2572 wrote to memory of 2640	2572	Unicorn-9258.exe	33
PID 2572 wrote to memory of 2640	2572	Unicorn-9258.exe	33
PID 2528 wrote to memory of 2336	2528	Unicorn-50587.exe	34
PID 2528 wrote to memory of 2336	2528	Unicorn-50587.exe	34
PID 2528 wrote to memory of 2336	2528	Unicorn-50587.exe	34
PID 2528 wrote to memory of 2336	2528	Unicorn-50587.exe	34
PID 2512 wrote to memory of 2108	2512	Unicorn-33208.exe	35
PID 2512 wrote to memory of 2108	2512	Unicorn-33208.exe	35
PID 2512 wrote to memory of 2108	2512	Unicorn-33208.exe	35
PID 2512 wrote to memory of 2108	2512	Unicorn-33208.exe	35
PID 2532 wrote to memory of 2348	2532	Unicorn-22553.exe	36
PID 2532 wrote to memory of 2348	2532	Unicorn-22553.exe	36
PID 2532 wrote to memory of 2348	2532	Unicorn-22553.exe	36
PID 2532 wrote to memory of 2348	2532	Unicorn-22553.exe	36
PID 2640 wrote to memory of 2148	2640	Unicorn-42419.exe	37
PID 2640 wrote to memory of 2148	2640	Unicorn-42419.exe	37
PID 2640 wrote to memory of 2148	2640	Unicorn-42419.exe	37
PID 2640 wrote to memory of 2148	2640	Unicorn-42419.exe	37
PID 2572 wrote to memory of 2152	2572	Unicorn-9258.exe	38
PID 2572 wrote to memory of 2152	2572	Unicorn-9258.exe	38
PID 2572 wrote to memory of 2152	2572	Unicorn-9258.exe	38
PID 2572 wrote to memory of 2152	2572	Unicorn-9258.exe	38
PID 2108 wrote to memory of 2128	2108	Unicorn-52569.exe	39
PID 2108 wrote to memory of 2128	2108	Unicorn-52569.exe	39
PID 2108 wrote to memory of 2128	2108	Unicorn-52569.exe	39
PID 2108 wrote to memory of 2128	2108	Unicorn-52569.exe	39
PID 2348 wrote to memory of 480	2348	Unicorn-2813.exe	40
PID 2348 wrote to memory of 480	2348	Unicorn-2813.exe	40
PID 2348 wrote to memory of 480	2348	Unicorn-2813.exe	40
PID 2348 wrote to memory of 480	2348	Unicorn-2813.exe	40
PID 2532 wrote to memory of 2688	2532	Unicorn-22553.exe	41
PID 2532 wrote to memory of 2688	2532	Unicorn-22553.exe	41
PID 2532 wrote to memory of 2688	2532	Unicorn-22553.exe	41
PID 2532 wrote to memory of 2688	2532	Unicorn-22553.exe	41
PID 2152 wrote to memory of 2912	2152	Unicorn-35848.exe	42
PID 2152 wrote to memory of 2912	2152	Unicorn-35848.exe	42
PID 2152 wrote to memory of 2912	2152	Unicorn-35848.exe	42
PID 2152 wrote to memory of 2912	2152	Unicorn-35848.exe	42
PID 2336 wrote to memory of 2700	2336	Unicorn-10981.exe	43
PID 2336 wrote to memory of 2700	2336	Unicorn-10981.exe	43
PID 2336 wrote to memory of 2700	2336	Unicorn-10981.exe	43
PID 2336 wrote to memory of 2700	2336	Unicorn-10981.exe	43

C:\Users\Admin\AppData\Local\Temp\d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d4ed6cf5fc00e49b40839883d34d5aa7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28802.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        14⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        15⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 204
        15⤵
        Program crash
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
        14⤵
        Program crash
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        13⤵
        Program crash
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 204
        12⤵
        Program crash
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        9⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        8⤵
        Executes dropped EXE
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        6⤵
        Executes dropped EXE
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26950.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55255.exe
        9⤵
        
        PID:2288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
      4⤵
      Executes dropped EXE
      PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        7⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        6⤵
        Executes dropped EXE
        
        PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe

Filesize
188KB

MD5
b2808c5acfeb9576bd9ab067c00c1b4d

SHA1
22fbf52d41fe28040efc4357ecdc914d80bcce6d

SHA256
3fdb62dc17e335837d61fcc00de22454e3290cad95629e60d86a5aaba8ea5407

SHA512
2ba728f1e111b75ae38830e0cd2616cc8ae376a8e92b8f2a561a68fced1388c0bc16a3750926765aadd974a6c441dedd80051a68a79fbea67f5d48e5021ea0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe

Filesize
188KB

MD5
8b3b78778740f60b34420fd556b9cbed

SHA1
7980c178e7540b83cc49deb7e23d0820cfd01300

SHA256
dedde53ad236949261e90843318ba776f419a256e81313009ec1795d59843e1c

SHA512
ea5ecc699945737c6ed9862ee2866e3d831708e6590d2e333d6d9166c58398e5518a7fd70958863e9c37b443c787a9fcbe40d319688d8764f14f38e30f8e7ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe

Filesize
188KB

MD5
3a5004b71f2cc54a4004da0ebaaf0a8b

SHA1
284eda5e1d2577d830bdc0746ed38335b6c04c32

SHA256
bf7236dd59756920541e5e534730c0ea8625105b3fe2957d5a9fb901551f0fb5

SHA512
542266cc544d9631a1ba83bd3e02d0af71326d98fdfc691d10b76dd3b1ddd0f345e77404933fac2550f7d698216591a87fd879dfe6702742448289332dcca60b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe

Filesize
188KB

MD5
e62a373e76dd124993aff5cfab545523

SHA1
e05f9ff2d2f876503941c428bf7d54df4f442d85

SHA256
8ddb7e0f5ebc00c4560a8b4dcdfedf4851a6d05927c97f55e9caacc4ed8d8005

SHA512
9e4f2bf59cc9bfeea34235c28694aa83743cd46f24b17c8e5e6c4e1f74a912f5a9d82a61c8e4a9a7b37179a3e64e1923d45f7c1a7a93dc71c2be76018215be43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe

Filesize
188KB

MD5
dd267ee1af26d845277a91a83291a5c6

SHA1
15922c00d259b9f9df2420264afaf68ec61cc0cb

SHA256
21a557a854d28442af1421128870d45acec8631cc7187227573a2a1e71de80c8

SHA512
386c9eaff71087f61df7e64c46510733b88a60bb9a23b72eea9787a8c6c00f9b260b89df93f84af64c9c7d5feaf71b4f38ec728e48cf4c10e5c6f353652dd5cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe

Filesize
188KB

MD5
da3fcc09dc254d81ff1e61d8e25d019d

SHA1
0a13488af6c2bc9475403d201be7706d47f9de67

SHA256
a8e2787a8fd152a4cb75041cae3fb08dc1455e38a494a4c50e4195cc143b1302

SHA512
af9e81e01401e54c73aa45f6c0f3b6d29459cf5fe219b07e71abda9e969f7947a498ac85673f578e003295573ce926a60a6feec511f993d1a9617af748d64971

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe

Filesize
188KB

MD5
9771ec43b7d4746ec06968d82f69fd6c

SHA1
c8574803a98a8d53c0e9c6e303f9478ce5b2d2fb

SHA256
4e64a5a244becf64009cbdcfe8d49210ae27aec564b78096f2db94022f10379d

SHA512
53f533b70df2c3c6850de2071c9d91437f3f6003723339bff6862cefc10017652c73f5a63791aef72801e99e8efeb632c327db71a46b498b5aa972a55898781a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe

Filesize
188KB

MD5
784ee9016a9a626fe072e23472388044

SHA1
f374ee4f575ce3dc16f2636d3c53bb4461124031

SHA256
6064183edd85d3cf9b031a3fbec01b79190c99a5b683e5f416a7b1187cccda20

SHA512
128e73008f9760dd428be32084db1c46602364e1b092220f1a7b5d2d031da9fb09c5e4b987263e3d17758af3a635c2aa813e1c1b0a2983ab9a5d3e568d96f4e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28802.exe

Filesize
188KB

MD5
3833e623c987a2e6ab4a801fc134993e

SHA1
cc87c2497973d3cf9e80f124e8ff355f14e00253

SHA256
f9cd5e5732eda78b7ced21696224c3c2522e948f9d9cfe4b55cdf19c22b39518

SHA512
98265ad6db77bc12cae19e8470b687a90c259b0ed10dbbfe8b9f9c339399dff601c6eab0303f7d248a08fd5ef8b0fa2002c83b730d17549c2a695958156227b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe

Filesize
188KB

MD5
3a532132a6f074fd4da74bb609a805f8

SHA1
1f3d4ce3bf361fafe43b7a1139e071e6601ecc39

SHA256
1fa3c80a80ea5e29c0eb4000e1d9fc1b7263037827cff5b588e2c3fbb4e779e5

SHA512
9ede407d095bc6cab1f85b11a48ab096565be96cf5a932f8692b85fc938f95bb99240303745a0d7a6ae5d1c82ea62b488195f8ef08dcbc7f4defea3feca39434

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe

Filesize
188KB

MD5
50bf4875ae0f119ac4ef27bd1ff6ecc4

SHA1
c9b3473ab8570974732ad1bee32f6d92d25ccaec

SHA256
ba721b272c175025a8b7eae7bd3a39eb420ecf82f2846ecc17455910a7397db3

SHA512
648b71228a4a18f1c766b929666c57c7ef5f1bec7e847743f1477f9d461aafc6dd67138b9708773c7d0af23ecd42b3738b4a590e0482e1ac7004f8e46556d5cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe

Filesize
188KB

MD5
4e211a19710fc6989e2b642bad32ae89

SHA1
4781696a5b174dc877b3a873714668cf322800bc

SHA256
7d8e803a18de2299c94953b25a9fcbd718d3e64fa26aa10cb8c1bb66f84b5b1c

SHA512
098ce0c28e6ccb348fc0d3d75d5a3d1953dc1eb74efc5a8f2c331c142bfb7546f3d180f25e89344f4ee3d7cdb6b054ed41257d04b8862e4409d9547d07cace89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe

Filesize
188KB

MD5
901a41cdd1467e6717a22f887550bb85

SHA1
9c9c5825445db35bead3e101d09c236f64e8f4e3

SHA256
665ace37f16bd5acb1779e06a273c8f7eff6d2713310149c80f48a340b865808

SHA512
fc854db2cb496c7fdf74fab9ef42185795b7ebc11d37a6f9bc8954c4e57ef90849b54cd72ffd2fe953d3fb5fc4aca0b3b1a2ba09825375c589b7c938c3439e05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe

Filesize
188KB

MD5
3e6fe1180c0594beaa2f07a3ce4561ee

SHA1
69142f2181d3c93b84d9aff03a5411b938d07833

SHA256
366c7004fbcecd5e0a2c59c5a08bc89ca6166c7b55c955d004662f2f8670f071

SHA512
a3c3cd373956367be9e22945ac7322eb1f333fe763e429a479007d6fd6a58566988058fff055400591fe09110a13ac651ced84bde75e17a5f00538b6fe53e0ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe

Filesize
188KB

MD5
f16539cc5142462c5e792f33d8d54237

SHA1
2c63d8d337596903f7172db4aa8c65ae7fd9a871

SHA256
b30a2be0714f83ad678ca5faa8d86d0e5df702c93d40431bcfe6d33425bf3ebf

SHA512
8407a105bebfb5e29e0fb85ca82721ceede7dac8a0842e8e1b44fc72f85147fe3ffbfaf5cbb075dd53f97b4ecb66be7d3358aeb6f3cce8e37112e29786cb4830

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe

Filesize
188KB

MD5
10040381950b2662eead2370653e8c8d

SHA1
6111fd760ca0f34216fe73842c6a86fb9350bc48

SHA256
a8bd26f78c6a73c0ad90579617341125c6e603ff3061cad73d26e8e8c54b1467

SHA512
1fc4818bfb6cad3025faec47459e54eb4ad449515cb7a95d41235e2d6295bd0302f63329de2202cbff8b15b89837b3cf01aa688751f4ac24c2307650756be219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe

Filesize
188KB

MD5
67a4c815dad144fbbddaaef139285bc8

SHA1
6c14eb50478f1b486981f5b5958594c2388cfc39

SHA256
8898977a30978cc55bf0e75fe0b79017f0274b4c17e72767e79eb4b38fa0721a

SHA512
aa4bbd958fa6600e8de231f4cabfa19f5e67fdfbdb2267adad5a869da096765410c015fd229317fa78e23923cfcd26bb49a09121517050950319bab308abc1d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe

Filesize
188KB

MD5
9a57d74188d81cc3e0f1e42d2b1f6a9c

SHA1
959d81e550672125b41fccbb2cfd5baef399961f

SHA256
481587d7ab4431a9332635bdae9813512b8aa7d437814994b44fb548a579e4fe

SHA512
969ff7ff453b9b2ebf13b77960cd3e8f4742e5a1a4d124ccb1617c997130d22aae158a3401e200d32273618c8ded1cfed4e2e30f7bddfab1563502fe74932b2d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads