bb61513118275448fa708a67f2b22eed652f3885e075a3b0b023ab2e0ce02833

Analysis

max time kernel
148s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 05:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
Size

192KB
MD5

dc0075a33e27f6fd1e6ff87012717e1b
SHA1

feae18e6592efce5aed132cc2ff941212c088592
SHA256

bb61513118275448fa708a67f2b22eed652f3885e075a3b0b023ab2e0ce02833
SHA512

efb1e22e783ae851572cee0892525abd55817bf5f358ce4b0d4f1f27e72efd3e65933f4d70bbe67670c92bbbbe7a4bf4c449b793e5edd6350af4d9116efbbd79
SSDEEP

3072:EM8koACwBPAUkbT0sd7hW88b62SVrDvrT2NFx7gWxP2lVvM+:EMPoOYjbbd1W88AnIV2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2972	Unicorn-4732.exe
2676	Unicorn-12874.exe
2668	Unicorn-56367.exe
2460	Unicorn-39870.exe
2428	Unicorn-31702.exe
2588	Unicorn-20004.exe
1916	Unicorn-11743.exe
2380	Unicorn-25619.exe
1620	Unicorn-4452.exe
1652	Unicorn-49055.exe
2308	Unicorn-28957.exe
604	Unicorn-59753.exe
788	Unicorn-14081.exe
844	Unicorn-14657.exe
2720	Unicorn-43993.exe
272	Unicorn-21565.exe
2772	Unicorn-22634.exe
2508	Unicorn-13396.exe
1416	Unicorn-59068.exe
2132	Unicorn-52971.exe
1872	Unicorn-11938.exe
1484	Unicorn-241.exe
1040	Unicorn-28275.exe
704	Unicorn-16577.exe
932	Unicorn-2810.exe
696	Unicorn-19531.exe
2068	Unicorn-24169.exe
828	Unicorn-44035.exe
2220	Unicorn-11170.exe
596	Unicorn-56842.exe
2028	Unicorn-40505.exe
2948	Unicorn-35867.exe
2976	Unicorn-23287.exe
2644	Unicorn-43153.exe
2684	Unicorn-59489.exe
2412	Unicorn-25857.exe
2532	Unicorn-37594.exe
2056	Unicorn-13967.exe
2444	Unicorn-41124.exe
1888	Unicorn-91.exe
772	Unicorn-57268.exe
1476	Unicorn-30303.exe
320	Unicorn-33340.exe
1616	Unicorn-13474.exe
1520	Unicorn-2587.exe
468	Unicorn-39898.exe
2668	Unicorn-18732.exe
580	Unicorn-2971.exe
2344	Unicorn-32114.exe
1608	Unicorn-11139.exe
1280	Unicorn-60148.exe
2716	Unicorn-7418.exe
3052	Unicorn-35644.exe
2396	Unicorn-2753.exe
2392	Unicorn-2753.exe
2776	Unicorn-56593.exe
2460	Unicorn-43594.exe
1928	Unicorn-41285.exe
968	Unicorn-22488.exe
2360	Unicorn-23728.exe
928	Unicorn-42354.exe
2248	Unicorn-50522.exe
1720	Unicorn-30656.exe
3016	Unicorn-61492.exe

Loads dropped DLL 64 IoCs

pid	Process
2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
2972	Unicorn-4732.exe
2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
2972	Unicorn-4732.exe
2972	Unicorn-4732.exe
2668	Unicorn-56367.exe
2668	Unicorn-56367.exe
2676	Unicorn-12874.exe
2676	Unicorn-12874.exe
2972	Unicorn-4732.exe
2460	Unicorn-39870.exe
2460	Unicorn-39870.exe
2668	Unicorn-56367.exe
2668	Unicorn-56367.exe
2428	Unicorn-31702.exe
2428	Unicorn-31702.exe
2676	Unicorn-12874.exe
2676	Unicorn-12874.exe
2588	Unicorn-20004.exe
2588	Unicorn-20004.exe
2460	Unicorn-39870.exe
2460	Unicorn-39870.exe
1916	Unicorn-11743.exe
1916	Unicorn-11743.exe
1620	Unicorn-4452.exe
1620	Unicorn-4452.exe
2428	Unicorn-31702.exe
2428	Unicorn-31702.exe
2380	Unicorn-25619.exe
2380	Unicorn-25619.exe
2308	Unicorn-28957.exe
1652	Unicorn-49055.exe
2588	Unicorn-20004.exe
1652	Unicorn-49055.exe
2588	Unicorn-20004.exe
2308	Unicorn-28957.exe
604	Unicorn-59753.exe
604	Unicorn-59753.exe
788	Unicorn-14081.exe
788	Unicorn-14081.exe
1916	Unicorn-11743.exe
1916	Unicorn-11743.exe
844	Unicorn-14657.exe
844	Unicorn-14657.exe
1620	Unicorn-4452.exe
1620	Unicorn-4452.exe
2720	Unicorn-43993.exe
2720	Unicorn-43993.exe
272	Unicorn-21565.exe
272	Unicorn-21565.exe
2380	Unicorn-25619.exe
2380	Unicorn-25619.exe
1416	Unicorn-59068.exe
1416	Unicorn-59068.exe
1652	Unicorn-49055.exe
2772	Unicorn-22634.exe
1652	Unicorn-49055.exe
2772	Unicorn-22634.exe
2508	Unicorn-13396.exe
2308	Unicorn-28957.exe
2508	Unicorn-13396.exe
2308	Unicorn-28957.exe

Program crash 16 IoCs

pid	pid_target	Process	procid_target
1756	932	WerFault.exe	52
1256	704	WerFault.exe	51
2236	320	WerFault.exe	70
2020	1476	WerFault.exe	68
1380	828	WerFault.exe	55
1424	1888	WerFault.exe	66
2288	772	WerFault.exe	69
916	2056	WerFault.exe	67
2784	2684	WerFault.exe	62
2436	2220	WerFault.exe	57
2596	2344	WerFault.exe	77
2476	468	WerFault.exe	73
1280	2568	WerFault.exe	112
1596	2204	WerFault.exe	122
1324	2068	WerFault.exe	117
2328	2144	WerFault.exe	144

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
2972	Unicorn-4732.exe
2668	Unicorn-56367.exe
2676	Unicorn-12874.exe
2428	Unicorn-31702.exe
2460	Unicorn-39870.exe
2588	Unicorn-20004.exe
1916	Unicorn-11743.exe
1620	Unicorn-4452.exe
2380	Unicorn-25619.exe
2308	Unicorn-28957.exe
1652	Unicorn-49055.exe
604	Unicorn-59753.exe
788	Unicorn-14081.exe
844	Unicorn-14657.exe
2720	Unicorn-43993.exe
272	Unicorn-21565.exe
2508	Unicorn-13396.exe
1416	Unicorn-59068.exe
2772	Unicorn-22634.exe
2132	Unicorn-52971.exe
1484	Unicorn-241.exe
1872	Unicorn-11938.exe
1040	Unicorn-28275.exe
704	Unicorn-16577.exe
932	Unicorn-2810.exe
696	Unicorn-19531.exe
2068	Unicorn-24169.exe
828	Unicorn-44035.exe
596	Unicorn-56842.exe
2220	Unicorn-11170.exe
2028	Unicorn-40505.exe
2948	Unicorn-35867.exe
2976	Unicorn-23287.exe
2644	Unicorn-43153.exe
2684	Unicorn-59489.exe
2412	Unicorn-25857.exe
2532	Unicorn-37594.exe
2056	Unicorn-13967.exe
2444	Unicorn-41124.exe
1888	Unicorn-91.exe
772	Unicorn-57268.exe
1476	Unicorn-30303.exe
1616	Unicorn-13474.exe
320	Unicorn-33340.exe
468	Unicorn-39898.exe
1520	Unicorn-2587.exe
2668	Unicorn-18732.exe
580	Unicorn-2971.exe
2344	Unicorn-32114.exe
1608	Unicorn-11139.exe
1280	Unicorn-60148.exe
2716	Unicorn-7418.exe
2396	Unicorn-2753.exe
2776	Unicorn-56593.exe
1928	Unicorn-41285.exe
968	Unicorn-22488.exe
2460	Unicorn-43594.exe
2248	Unicorn-50522.exe
2560	Unicorn-12374.exe
1960	Unicorn-48493.exe
2392	Unicorn-2753.exe
2568	Unicorn-8735.exe
1148	Unicorn-3406.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2972	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	28
PID 2836 wrote to memory of 2972	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	28
PID 2836 wrote to memory of 2972	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	28
PID 2836 wrote to memory of 2972	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	28
PID 2836 wrote to memory of 2676	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	30
PID 2836 wrote to memory of 2676	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	30
PID 2836 wrote to memory of 2676	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	30
PID 2836 wrote to memory of 2676	2836	dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2668	2972	Unicorn-4732.exe	29
PID 2972 wrote to memory of 2668	2972	Unicorn-4732.exe	29
PID 2972 wrote to memory of 2668	2972	Unicorn-4732.exe	29
PID 2972 wrote to memory of 2668	2972	Unicorn-4732.exe	29
PID 2668 wrote to memory of 2460	2668	Unicorn-56367.exe	32
PID 2668 wrote to memory of 2460	2668	Unicorn-56367.exe	32
PID 2668 wrote to memory of 2460	2668	Unicorn-56367.exe	32
PID 2668 wrote to memory of 2460	2668	Unicorn-56367.exe	32
PID 2676 wrote to memory of 2428	2676	Unicorn-12874.exe	33
PID 2676 wrote to memory of 2428	2676	Unicorn-12874.exe	33
PID 2676 wrote to memory of 2428	2676	Unicorn-12874.exe	33
PID 2676 wrote to memory of 2428	2676	Unicorn-12874.exe	33
PID 2972 wrote to memory of 2588	2972	Unicorn-4732.exe	31
PID 2972 wrote to memory of 2588	2972	Unicorn-4732.exe	31
PID 2972 wrote to memory of 2588	2972	Unicorn-4732.exe	31
PID 2972 wrote to memory of 2588	2972	Unicorn-4732.exe	31
PID 2460 wrote to memory of 1916	2460	Unicorn-39870.exe	34
PID 2460 wrote to memory of 1916	2460	Unicorn-39870.exe	34
PID 2460 wrote to memory of 1916	2460	Unicorn-39870.exe	34
PID 2460 wrote to memory of 1916	2460	Unicorn-39870.exe	34
PID 2668 wrote to memory of 2380	2668	Unicorn-56367.exe	35
PID 2668 wrote to memory of 2380	2668	Unicorn-56367.exe	35
PID 2668 wrote to memory of 2380	2668	Unicorn-56367.exe	35
PID 2668 wrote to memory of 2380	2668	Unicorn-56367.exe	35
PID 2428 wrote to memory of 1620	2428	Unicorn-31702.exe	36
PID 2428 wrote to memory of 1620	2428	Unicorn-31702.exe	36
PID 2428 wrote to memory of 1620	2428	Unicorn-31702.exe	36
PID 2428 wrote to memory of 1620	2428	Unicorn-31702.exe	36
PID 2676 wrote to memory of 1652	2676	Unicorn-12874.exe	37
PID 2676 wrote to memory of 1652	2676	Unicorn-12874.exe	37
PID 2676 wrote to memory of 1652	2676	Unicorn-12874.exe	37
PID 2676 wrote to memory of 1652	2676	Unicorn-12874.exe	37
PID 2588 wrote to memory of 2308	2588	Unicorn-20004.exe	38
PID 2588 wrote to memory of 2308	2588	Unicorn-20004.exe	38
PID 2588 wrote to memory of 2308	2588	Unicorn-20004.exe	38
PID 2588 wrote to memory of 2308	2588	Unicorn-20004.exe	38
PID 2460 wrote to memory of 604	2460	Unicorn-39870.exe	39
PID 2460 wrote to memory of 604	2460	Unicorn-39870.exe	39
PID 2460 wrote to memory of 604	2460	Unicorn-39870.exe	39
PID 2460 wrote to memory of 604	2460	Unicorn-39870.exe	39
PID 1916 wrote to memory of 788	1916	Unicorn-11743.exe	40
PID 1916 wrote to memory of 788	1916	Unicorn-11743.exe	40
PID 1916 wrote to memory of 788	1916	Unicorn-11743.exe	40
PID 1916 wrote to memory of 788	1916	Unicorn-11743.exe	40
PID 1620 wrote to memory of 844	1620	Unicorn-4452.exe	41
PID 1620 wrote to memory of 844	1620	Unicorn-4452.exe	41
PID 1620 wrote to memory of 844	1620	Unicorn-4452.exe	41
PID 1620 wrote to memory of 844	1620	Unicorn-4452.exe	41
PID 2428 wrote to memory of 2720	2428	Unicorn-31702.exe	42
PID 2428 wrote to memory of 2720	2428	Unicorn-31702.exe	42
PID 2428 wrote to memory of 2720	2428	Unicorn-31702.exe	42
PID 2428 wrote to memory of 2720	2428	Unicorn-31702.exe	42
PID 2380 wrote to memory of 272	2380	Unicorn-25619.exe	43
PID 2380 wrote to memory of 272	2380	Unicorn-25619.exe	43
PID 2380 wrote to memory of 272	2380	Unicorn-25619.exe	43
PID 2380 wrote to memory of 272	2380	Unicorn-25619.exe	43

C:\Users\Admin\AppData\Local\Temp\dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc0075a33e27f6fd1e6ff87012717e1b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1048.exe
        12⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        8⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        10⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        11⤵
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 244
        8⤵
        Program crash
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        7⤵
        Executes dropped EXE
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        10⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        11⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        11⤵
        Program crash
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        10⤵
        Program crash
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
        8⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        8⤵
        
        PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 224
        8⤵
        Program crash
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        7⤵
        Executes dropped EXE
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        8⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        10⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20373.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        11⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
        7⤵
        
        PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        11⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
        12⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        9⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        7⤵
        Program crash
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        7⤵
        Program crash
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        7⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        10⤵
        
        PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        7⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        8⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 200
        9⤵
        Program crash
        
        PID:1596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 248
        6⤵
        Program crash
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 224
        6⤵
        Program crash
        
        PID:2476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        8⤵
        Executes dropped EXE
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        9⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 244
        7⤵
        Program crash
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 224
        7⤵
        Program crash
        
        PID:1424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 248
        6⤵
        Program crash
        
        PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 244
        7⤵
        Program crash
        
        PID:2288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 248
        6⤵
        Program crash
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 224
        6⤵
        Program crash
        
        PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        6⤵
        Executes dropped EXE
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        7⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
        7⤵
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24811.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        7⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 244
        8⤵
        Program crash
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52579.exe
        6⤵
        
        PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe

Filesize
192KB

MD5
6072f511a7202ac0fbd497448c0195f7

SHA1
8586e16ed3b3c58f9eb789386ce48879eeb8a339

SHA256
656cf1f5b49c3c948481b9138fb566079eaa899caf0a854897a5b5b33b1a1fd8

SHA512
986991bfc0318f02c1dadb707fff2ff4db58a136d7f08de3a0d9d2301ea3e7737fbf4f4045c652929e7bcbf1b52dc21df18c01d7e137a89219190fc719e9c295

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe

Filesize
192KB

MD5
27a0a8810c4ea471c3fb0dc302d8eed5

SHA1
92fd247b897035c44abf5eeb1fc44c236d64dc19

SHA256
e30a6636e9740382e38440be2559a055f25abd0dbebc1f5898728adcee0f1902

SHA512
36f5350a93d08d24c578babe47fcde0fa5e3087ca7f65ecad6cff5e891eaa479db2f77955b8b98f99412a9a990ef077030b9ccf57369ed9d5c8ec15add379cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe

Filesize
192KB

MD5
f9759f86f51f7595272bfa6df4784f5a

SHA1
8d657a21d557917a2140770310dc296b7792ef76

SHA256
73c4eef8569e68b783c810fef8ba6f906a6298662b92a99c5094cbb7608638d8

SHA512
11c19c3e681cc2f8234c59ab81dcd5a972caa0d0af60df2f31829e788e249d4dc4b6ab05d4bff1b4dbf15c2684b5631b10654e20556f51a3413f2de6efa9e16d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe

Filesize
192KB

MD5
2bcd237ee30e8feb5164d5f7f6bb0689

SHA1
1cb3d4fdca3975d42871e55d475f0048865d03ab

SHA256
47c5f4709571f643823486bc953e45396298d88023fae62f139a0a2a3499488a

SHA512
0c798850c9025142ba842d5ee7c4f8e96193f57f1ce2f1e3081a7f400aca116d2d5963b9bccd280fa52b0302a333d504263cb255a03db06deb3fcd03ebca269e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe

Filesize
192KB

MD5
9dd645d21d53e41bbf008bf6020cf3cb

SHA1
30998bd092969c270cf1807ad50e6c3d04f22a7d

SHA256
78ca029c2a7583c0632dc94f9a883c5c19a14adb244e0f715a58e8b886214c0f

SHA512
7b52e6fca792eb0bccec16372033f4ffd7c32747aad48c410b93e1e764cdd6324be60fd14ddc078ba2120f24762827c2d41173973887ba86d85b75c3bb81ce74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe

Filesize
192KB

MD5
2f55a7f4bba3e6f54f3081f2545ee219

SHA1
54c7a3a7df00198cbd1a7715352d982c9f05b072

SHA256
65de27acc58cde0e6f10d856ae9a3d23acfd99aa72fbc370f431e87dc99e1481

SHA512
b5c31c57bbe082196b20b62a9425e0ccb849c6e6d5b6b64916f43af2d52ffb8a78914be197fc31bb92700abaa4cb5cf27d50bcf30c77540221df38f435142f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe

Filesize
192KB

MD5
5241f5bcdb0da430709aa0f430500faf

SHA1
de100b028cab6b3dba203dd15546ff289849fcf9

SHA256
4c7422d1c4e8cc61a00e953e853d33a4a118de04e1a9041d2e99bdc69286d3e3

SHA512
7234b4e3e511a9918e96c6fd9980cb0f5148032389adf57d5221666fc33db6b3c44f3eba4e4a824f4475941a89fea0bf6a897959f71caecaa1cf01c792a2bacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe

Filesize
192KB

MD5
bed0a25a719c73fe4bf050a89d71f6ab

SHA1
418d9d73cb6f3f969e05cdd3942d9a6d8dd07597

SHA256
ee0944b2da4012d43cbba12cf8eda63c478d53b2bb5370ca475a52b796d2b2f8

SHA512
e38b4cb199e0cf8530ac2d10dc5469bd3941acc38e756a582e7d7da6a05b096c55558e0fbd493127425d7e1ec1e28289962e793d0e579d48e2a0c0ccbe9949d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe

Filesize
192KB

MD5
9be300cb1453caa4951d21c6b0b6d95e

SHA1
651338c647d52259f0884ab0c4a41ca29a8a7e8a

SHA256
e3ad6f6424de03162e047416f69f0e3c996085280ebe8c020d7f6a4431f9208a

SHA512
a65ad09bf54db1d9ed70f3306cfa07dd7865a8d93eccb12a9411447276d09f7e4e10298cf6f3e12bb70d0c46f2124ed61c9fbf22620e9c4009c5ca6a6b6b0bc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe

Filesize
192KB

MD5
d2dea00cb02130d7287d6271bf8a696a

SHA1
d559282cf6b478e1e414167fe7193a1387c10cf2

SHA256
624f747c4346ea7077c5fbcee9096193fda64046705013532cdfa389822d1712

SHA512
5d0b902c283435a98e4897dd422cfe82bc80bfe86c2acc0bd3309a8b8e413b45ddea87dc0bd43ec8f120feb40eaf1761e79a309f64c35d9ee1601945f0b4e6a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe

Filesize
192KB

MD5
45dfa87602f4a033833f8fcb06c59733

SHA1
94a0b738699325a0345ffe4a2c1a158f61837249

SHA256
f7953dd4fc5b47734d62eb7fa0642e9dce8f28f5441e3a8d4aa7932d09f9297f

SHA512
80bd769800561a5cf123fd09639775c6f418a3275ad5b4e14d11f315936bd3ffa605c6a6e6a3ab0726dfc215a5e7fa654f7c65151768b98af65816f24701aa83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe

Filesize
192KB

MD5
d3d0f469d2cda63fb09cb3bcdff85091

SHA1
a13f0caafb4da961410c6efe84cf20750e089dbd

SHA256
4a05c1056a5ba40ba2abb7789201b4cfcb5da0168625c5fbba7bd70aed3672ba

SHA512
3a7f6a863ce0ba9a7295feb0a60f4c42f65dc98364c1032ae5e7d58490f6696d374b4f956ee412f49fd109502eba43d7173f55601e469d4ab5332048f075c2ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe

Filesize
192KB

MD5
82585793a69642b2f4a32e3ad6ec67c8

SHA1
70f60e059ac9d93e1fe0c68d87c883c075ed0fea

SHA256
5f30b889dc972088d80c1562384d11b52916045d50aae86405de680eab488d57

SHA512
eb373ecd1fc5fc436b96e341aeb607963e02fbf1c5e2bfe9377ab9e7d54e6bed81557ae2f157ec7bbd5639696002b203b92bde86aad8712aa84ff5484098ffd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe

Filesize
192KB

MD5
f8b1bd2998c9bccd7b93e4f3da446304

SHA1
5fa52f311e19bcd08f64aa455be35efd173533c5

SHA256
193df2c2f27830a8090b9478373a3b38ece369d9853fe980b04bd6cb0fc899e7

SHA512
fd4a02861e3027181ca220e7567a29d582c88caaa851c66493f3e123e34a10b895ed173ba4b78a4a83ce88c77d478bff269d930e9ce9cbbff995aaccfa8983c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe

Filesize
192KB

MD5
9f7aaf0cb3445d2f16731ad15f562144

SHA1
67f501173ebbe4f619d5a8e6b4677763c999bc1b

SHA256
78a4849fc8663166d448366d2eb549cd7efb6d3cc63d9284b3a31a5bc0ddbccd

SHA512
db6eab3a320850a7ff4a9f3d6a90f6c31367f24708892491faebb740aed95c715954dda2671ab300a78faab2a5a5933542ef2c8c5b4766e2ffcfe93c025420a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe

Filesize
192KB

MD5
366166cd041bc751e5131a1066c19d29

SHA1
01adba9af982a40c898642e7dd6d134990c1e00c

SHA256
e86e2a27e971c2f7cf9c6bc390f7a8f4adc223e8fdc5f11f01a03c7528ee0b37

SHA512
f7b81ae3efe1a2e38c68593183fe5f424e39410d3294a6654e522a47c134fc65628b238bfbb17ebd7003fa82e6a173ad90802c70231e69450d693270c1a95743

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe

Filesize
192KB

MD5
a08ae8c39b8da99f63d2ee6642e60912

SHA1
54efb90e66702ac461b5463c65d89e0de4c0705d

SHA256
0f5a82ae53edc8622084dde8ef28103159558a9d75b7f5471dc995a919a63220

SHA512
2b665472de26bd60a2b361f9dc3bcce318806bf424443c82e8f01cbefeea7780d3af2af8d3149eb377c5fdfbd614d1a671b15bf1ebaffeacb39f0e844fde98d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe

Filesize
192KB

MD5
d7178fbf519cd06e37d7c6b3e495abb0

SHA1
c708e1948a48d3569d6cbb5c2e64e208c2e66433

SHA256
064c862dd7adfb127c456f9e5e1cf288298fd201a2c6cdb5b710dd9903c49c2e

SHA512
b7070c84f492a5215983f84d3bd3233811a8e472dd0006ebdebba149d7e063a9d77b4514d98d2ba3fa7184c8f6d72f380c401f391747d0345d73f8f862d5e480

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe

Filesize
192KB

MD5
5bc2dd9c1ce2b7930e1ae4c60bbec1c1

SHA1
ccf90c9abfbb8cc94e6b5867f766e1046f2363f9

SHA256
129f640d50339a2db7870f4b193f837ef15c8f6936b637be3c1ef270c6036275

SHA512
d12be9bad28c2b6bef92ec4b7d46171587ea4e55efaa3602c54884318889d35d0209ca92cc4225963a8aa17d0e51f046f438c370a803d7adb469793a41352d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe

Filesize
192KB

MD5
cbf120c4e42344d97aa47574f0e87df5

SHA1
1ebd65eb9b04510ef4bc108a64e3e60d6fea6673

SHA256
f1f33ad1480eacb012a6d89d2f08a14aee76d88847c7ff6a1e92e85169f5e7a9

SHA512
022356d1ca5be2e6c81216d8a9b9c3f45c41667306700d8a6cc55599ef1be7bd44368df4cc970d8db390720dd946b567ae900975dfea95c23ad8eaf05d3c157c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe

Filesize
192KB

MD5
bc408beebdefd9b13636d982eeb34ab7

SHA1
7dc1b40763a148c7631a281710a6d81db43603b6

SHA256
1b0f96769042e384f09c528f88d2f163f3b35b3cb99a42ba2dc5a5a40bcbd616

SHA512
fc5af4300d2d6e84ad5869562a1b9562f8039544e28048cf31c57cf9db5cf4fa7fd3ba8306958b7cdefe8ae14603ea90e12c6e51fdc684eefb3a3a39f99d1579

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads