f63466af9707d89f4edc1ad2bebc0201b41adcfafd46ebdbfa974b32c951f1cc

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
Size

196KB
MD5

e00fee55100da0a57cfe6c1ed2294372
SHA1

7cf01ac257675c6d1d3f2df1a436e5ffcda47079
SHA256

f63466af9707d89f4edc1ad2bebc0201b41adcfafd46ebdbfa974b32c951f1cc
SHA512

42be78a23cb7f6dd0f6771714cbc7c73265f4b0323f3118c113fa9a97149c62fe19f9c32eb953ae62091641c4cca3e0521ce49be383b3386b6eb168401386933
SSDEEP

3072:lVecoq3Ma3AUkbn1Fd7iDH8b6Svbr5FMT6NFx7BWdP2lVvMe:lVdoSQjbzd2DH8R+Uy2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3016	Unicorn-2440.exe
2540	Unicorn-59290.exe
2500	Unicorn-21787.exe
2676	Unicorn-50780.exe
2420	Unicorn-18108.exe
2448	Unicorn-22746.exe
2864	Unicorn-19857.exe
1772	Unicorn-24687.exe
1060	Unicorn-46281.exe
980	Unicorn-13608.exe
1628	Unicorn-10271.exe
1912	Unicorn-57137.exe
312	Unicorn-44138.exe
1052	Unicorn-8258.exe
2196	Unicorn-11657.exe
1428	Unicorn-39456.exe
2760	Unicorn-18482.exe
2064	Unicorn-2145.exe
2032	Unicorn-64345.exe
1400	Unicorn-25036.exe
1296	Unicorn-46203.exe
1764	Unicorn-33780.exe
936	Unicorn-6198.exe
1856	Unicorn-39063.exe
1648	Unicorn-19197.exe
616	Unicorn-35725.exe
2236	Unicorn-39255.exe
2292	Unicorn-62415.exe
2304	Unicorn-22919.exe
2848	Unicorn-1709.exe
2284	Unicorn-13406.exe
1588	Unicorn-9877.exe
2544	Unicorn-59649.exe
2976	Unicorn-56120.exe
2592	Unicorn-26977.exe
2440	Unicorn-20729.exe
2508	Unicorn-17199.exe
2464	Unicorn-37880.exe
2852	Unicorn-59047.exe
2408	Unicorn-54408.exe
592	Unicorn-1870.exe
436	Unicorn-21736.exe
1636	Unicorn-26566.exe
1524	Unicorn-12690.exe
2004	Unicorn-61424.exe
2216	Unicorn-61616.exe
1808	Unicorn-36920.exe
1740	Unicorn-65378.exe
568	Unicorn-27875.exe
1968	Unicorn-24537.exe
852	Unicorn-44403.exe
768	Unicorn-57402.exe
2140	Unicorn-48004.exe
2488	Unicorn-48004.exe
2480	Unicorn-2332.exe
2996	Unicorn-47620.exe
1660	Unicorn-1948.exe
748	Unicorn-40454.exe
2712	Unicorn-50872.exe
2412	Unicorn-10031.exe
2332	Unicorn-21935.exe
2144	Unicorn-64493.exe
2756	Unicorn-64405.exe
2184	Unicorn-15911.exe

Loads dropped DLL 64 IoCs

pid	Process
1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
3016	Unicorn-2440.exe
1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
3016	Unicorn-2440.exe
2540	Unicorn-59290.exe
2540	Unicorn-59290.exe
2500	Unicorn-21787.exe
2500	Unicorn-21787.exe
3016	Unicorn-2440.exe
3016	Unicorn-2440.exe
2676	Unicorn-50780.exe
2676	Unicorn-50780.exe
2540	Unicorn-59290.exe
2540	Unicorn-59290.exe
2448	Unicorn-22746.exe
2448	Unicorn-22746.exe
2420	Unicorn-18108.exe
2420	Unicorn-18108.exe
2500	Unicorn-21787.exe
2500	Unicorn-21787.exe
2864	Unicorn-19857.exe
1772	Unicorn-24687.exe
2676	Unicorn-50780.exe
2676	Unicorn-50780.exe
1772	Unicorn-24687.exe
2864	Unicorn-19857.exe
980	Unicorn-13608.exe
980	Unicorn-13608.exe
2420	Unicorn-18108.exe
1628	Unicorn-10271.exe
2420	Unicorn-18108.exe
1628	Unicorn-10271.exe
1060	Unicorn-46281.exe
2448	Unicorn-22746.exe
1060	Unicorn-46281.exe
2448	Unicorn-22746.exe
312	Unicorn-44138.exe
312	Unicorn-44138.exe
2864	Unicorn-19857.exe
2864	Unicorn-19857.exe
1912	Unicorn-57137.exe
1912	Unicorn-57137.exe
2064	Unicorn-2145.exe
1052	Unicorn-8258.exe
1060	Unicorn-46281.exe
1052	Unicorn-8258.exe
1060	Unicorn-46281.exe
2064	Unicorn-2145.exe
1772	Unicorn-24687.exe
1772	Unicorn-24687.exe
2196	Unicorn-11657.exe
1428	Unicorn-39456.exe
2196	Unicorn-11657.exe
1428	Unicorn-39456.exe
2032	Unicorn-64345.exe
2032	Unicorn-64345.exe
980	Unicorn-13608.exe
980	Unicorn-13608.exe
1628	Unicorn-10271.exe
2760	Unicorn-18482.exe
1628	Unicorn-10271.exe
2760	Unicorn-18482.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
108	2292	WerFault.exe	54
1592	1400	WerFault.exe	47
3052	2508	WerFault.exe	64
3028	2440	WerFault.exe	63
2812	2976	WerFault.exe	61
2724	2592	WerFault.exe	62
2844	936	WerFault.exe	50
1504	2408	WerFault.exe	67
2572	2464	WerFault.exe	65
2780	2216	WerFault.exe	73
2548	2996	WerFault.exe	89

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
3016	Unicorn-2440.exe
2540	Unicorn-59290.exe
2500	Unicorn-21787.exe
2676	Unicorn-50780.exe
2420	Unicorn-18108.exe
2448	Unicorn-22746.exe
2864	Unicorn-19857.exe
1772	Unicorn-24687.exe
980	Unicorn-13608.exe
1628	Unicorn-10271.exe
1060	Unicorn-46281.exe
312	Unicorn-44138.exe
1912	Unicorn-57137.exe
1052	Unicorn-8258.exe
2064	Unicorn-2145.exe
2196	Unicorn-11657.exe
2032	Unicorn-64345.exe
1428	Unicorn-39456.exe
2760	Unicorn-18482.exe
1400	Unicorn-25036.exe
1296	Unicorn-46203.exe
1764	Unicorn-33780.exe
936	Unicorn-6198.exe
1648	Unicorn-19197.exe
1856	Unicorn-39063.exe
616	Unicorn-35725.exe
2284	Unicorn-13406.exe
2292	Unicorn-62415.exe
2236	Unicorn-39255.exe
2848	Unicorn-1709.exe
1588	Unicorn-9877.exe
2304	Unicorn-22919.exe
2544	Unicorn-59649.exe
2976	Unicorn-56120.exe
2592	Unicorn-26977.exe
2440	Unicorn-20729.exe
2508	Unicorn-17199.exe
2464	Unicorn-37880.exe
2852	Unicorn-59047.exe
2408	Unicorn-54408.exe
592	Unicorn-1870.exe
436	Unicorn-21736.exe
2216	Unicorn-61616.exe
2004	Unicorn-61424.exe
1740	Unicorn-65378.exe
568	Unicorn-27875.exe
1524	Unicorn-12690.exe
1636	Unicorn-26566.exe
2488	Unicorn-48004.exe
768	Unicorn-57402.exe
1660	Unicorn-1948.exe
2140	Unicorn-48004.exe
852	Unicorn-44403.exe
748	Unicorn-40454.exe
2996	Unicorn-47620.exe
2412	Unicorn-10031.exe
2480	Unicorn-2332.exe
1968	Unicorn-24537.exe
2332	Unicorn-21935.exe
2712	Unicorn-50872.exe
2144	Unicorn-64493.exe
2184	Unicorn-15911.exe
1708	Unicorn-59868.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 3016	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	28
PID 1124 wrote to memory of 3016	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	28
PID 1124 wrote to memory of 3016	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	28
PID 1124 wrote to memory of 3016	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	28
PID 1124 wrote to memory of 2540	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	30
PID 1124 wrote to memory of 2540	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	30
PID 1124 wrote to memory of 2540	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	30
PID 1124 wrote to memory of 2540	1124	e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe	30
PID 3016 wrote to memory of 2500	3016	Unicorn-2440.exe	29
PID 3016 wrote to memory of 2500	3016	Unicorn-2440.exe	29
PID 3016 wrote to memory of 2500	3016	Unicorn-2440.exe	29
PID 3016 wrote to memory of 2500	3016	Unicorn-2440.exe	29
PID 2540 wrote to memory of 2676	2540	Unicorn-59290.exe	31
PID 2540 wrote to memory of 2676	2540	Unicorn-59290.exe	31
PID 2540 wrote to memory of 2676	2540	Unicorn-59290.exe	31
PID 2540 wrote to memory of 2676	2540	Unicorn-59290.exe	31
PID 2500 wrote to memory of 2420	2500	Unicorn-21787.exe	32
PID 2500 wrote to memory of 2420	2500	Unicorn-21787.exe	32
PID 2500 wrote to memory of 2420	2500	Unicorn-21787.exe	32
PID 2500 wrote to memory of 2420	2500	Unicorn-21787.exe	32
PID 3016 wrote to memory of 2448	3016	Unicorn-2440.exe	33
PID 3016 wrote to memory of 2448	3016	Unicorn-2440.exe	33
PID 3016 wrote to memory of 2448	3016	Unicorn-2440.exe	33
PID 3016 wrote to memory of 2448	3016	Unicorn-2440.exe	33
PID 2676 wrote to memory of 2864	2676	Unicorn-50780.exe	34
PID 2676 wrote to memory of 2864	2676	Unicorn-50780.exe	34
PID 2676 wrote to memory of 2864	2676	Unicorn-50780.exe	34
PID 2676 wrote to memory of 2864	2676	Unicorn-50780.exe	34
PID 2540 wrote to memory of 1772	2540	Unicorn-59290.exe	35
PID 2540 wrote to memory of 1772	2540	Unicorn-59290.exe	35
PID 2540 wrote to memory of 1772	2540	Unicorn-59290.exe	35
PID 2540 wrote to memory of 1772	2540	Unicorn-59290.exe	35
PID 2448 wrote to memory of 1060	2448	Unicorn-22746.exe	36
PID 2448 wrote to memory of 1060	2448	Unicorn-22746.exe	36
PID 2448 wrote to memory of 1060	2448	Unicorn-22746.exe	36
PID 2448 wrote to memory of 1060	2448	Unicorn-22746.exe	36
PID 2420 wrote to memory of 980	2420	Unicorn-18108.exe	37
PID 2420 wrote to memory of 980	2420	Unicorn-18108.exe	37
PID 2420 wrote to memory of 980	2420	Unicorn-18108.exe	37
PID 2420 wrote to memory of 980	2420	Unicorn-18108.exe	37
PID 2500 wrote to memory of 1628	2500	Unicorn-21787.exe	38
PID 2500 wrote to memory of 1628	2500	Unicorn-21787.exe	38
PID 2500 wrote to memory of 1628	2500	Unicorn-21787.exe	38
PID 2500 wrote to memory of 1628	2500	Unicorn-21787.exe	38
PID 2676 wrote to memory of 1912	2676	Unicorn-50780.exe	41
PID 2676 wrote to memory of 1912	2676	Unicorn-50780.exe	41
PID 2676 wrote to memory of 1912	2676	Unicorn-50780.exe	41
PID 2676 wrote to memory of 1912	2676	Unicorn-50780.exe	41
PID 1772 wrote to memory of 1052	1772	Unicorn-24687.exe	40
PID 1772 wrote to memory of 1052	1772	Unicorn-24687.exe	40
PID 1772 wrote to memory of 1052	1772	Unicorn-24687.exe	40
PID 1772 wrote to memory of 1052	1772	Unicorn-24687.exe	40
PID 2864 wrote to memory of 312	2864	Unicorn-19857.exe	39
PID 2864 wrote to memory of 312	2864	Unicorn-19857.exe	39
PID 2864 wrote to memory of 312	2864	Unicorn-19857.exe	39
PID 2864 wrote to memory of 312	2864	Unicorn-19857.exe	39
PID 980 wrote to memory of 2196	980	Unicorn-13608.exe	42
PID 980 wrote to memory of 2196	980	Unicorn-13608.exe	42
PID 980 wrote to memory of 2196	980	Unicorn-13608.exe	42
PID 980 wrote to memory of 2196	980	Unicorn-13608.exe	42
PID 2420 wrote to memory of 1428	2420	Unicorn-18108.exe	43
PID 2420 wrote to memory of 1428	2420	Unicorn-18108.exe	43
PID 2420 wrote to memory of 1428	2420	Unicorn-18108.exe	43
PID 2420 wrote to memory of 1428	2420	Unicorn-18108.exe	43

C:\Users\Admin\AppData\Local\Temp\e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e00fee55100da0a57cfe6c1ed2294372_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62415.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 244
        8⤵
        Program crash
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        8⤵
        Program crash
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
        7⤵
        
        PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 244
        8⤵
        Program crash
        
        PID:1504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 248
        7⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        6⤵
        Executes dropped EXE
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
        8⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        6⤵
        
        PID:1888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
        7⤵
        Program crash
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 244
        7⤵
        Program crash
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 244
        7⤵
        Program crash
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 244
        7⤵
        Program crash
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        7⤵
        Executes dropped EXE
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        8⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 244
        6⤵
        Program crash
        
        PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 244
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 244
        7⤵
        Program crash
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe

Filesize
196KB

MD5
af95256b4b10436a323e33225df4aebf

SHA1
dc37eb600d16b7b8c36f96641936dd2c61bc738d

SHA256
7fadc74070ec42f0096a9f794fe7f80eeff85f14052398d9997909337c4e0cae

SHA512
4c5924722b838dbecaf9f9100bc140e578592eb19b920245b2ba93b0ba27ee4b18b82122692d4d6c987f80154fec59174f4f54fac7cbe4bdc0355b7015b937a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe

Filesize
196KB

MD5
76803f32c2a28d155594c3d891be202b

SHA1
aad150ea2e12dd3cfca21899309fa715df9765e6

SHA256
0aebd1f62b81df9f6e03bc5284fc3092fc052af2bd64531f69c482e083d44534

SHA512
640f14fe72f5691b24311a111ad0de2cc8d994b50383c356da9c579ae11cd1efae5ca49645526a011586b93248b8e9656f658e3244079b06aafde11ebe53f595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe

Filesize
196KB

MD5
19f694a57f689f95625209d2bac35792

SHA1
5a81d4a30c817852f349637a609dc9004294ebf5

SHA256
27e40d73cc0e4db5a785efdd5df6f75a7d20c39989d97f85f2ecff7c3eee6a48

SHA512
18c9a1cd3773c14f1484c812c397cc340829e159686d7741e8706143e1dc6853d3583db74b69ac7d56af1a7ee2532191d40ad8bf09d30c128bc45a69d7c9c694

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe

Filesize
196KB

MD5
9bebfbed9258bc6eb75a99421fd38563

SHA1
c063c1b0dc6992eaba7ca5cae0e47466e748c480

SHA256
7516f1099dc29f868665410050d4f4324662057a52f73df7d065a3de1c5a4643

SHA512
57f195564ec441619a6949f3f92611aac879e7e83482239b3bb8f9fc5780978d9f8eeb9789edb58ec138850bb4c1213d2138771ce3d29b6253195f8bc6a49217

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe

Filesize
196KB

MD5
04888e1ee90477c6127de8330cf7e7b2

SHA1
57477c11606f76b43baf436d0ed8e03f53edadfb

SHA256
af83cc97af40be51927812c6da33c984c4aab7d6975dd982052b28207d1bebbf

SHA512
f21b5b654f3187724ec2a2e992827295412bdcefd60a8595d87d48727e869b345edb0d46081dc158eed7b2e10152c46ad32724a6e1f118547c1d1f0d02f40be2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10271.exe

Filesize
196KB

MD5
eacaa5455c3c3d00a74f5f5c2cd29c4d

SHA1
56997cf5c4f28ded9cc9d509917f61a416ca1b09

SHA256
b2eca582c81a9a6c37dfa09e8a5ab722e80db5a9de034f0df637cf18f4bf8121

SHA512
12f4e82f52d8ab2edb44a71010fad8e91d7964c670bb9a48c3e5d0c8b3f50b0035d7836b32bd3b3a80b63c432739dd050d46b4406374737b181c67ac5f7cae02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe

Filesize
196KB

MD5
76b2d644526208341d3a8e49e0879da6

SHA1
afd1afe7929a25155338f27ccea620d9aa3b216d

SHA256
7321c54c35461d28d95b5731385c024d7af8514bba1e62b0838ac9ef046b9364

SHA512
e0647556409aa6ff4054f733a4cd4c73f04a83058a8431249f9c1a54e3f28784621d6dcd52d60f9f10b94e0f85ce870f83a22bf59da7076afd4240287c54edbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe

Filesize
196KB

MD5
2def3bb72bd33484610ffa84b34e0080

SHA1
ba21e09e5d4c21072d0a46a92d325848d4c39cdd

SHA256
8a445c4203df68f2ae84e8698949669846649e891babeafd297939323a763caf

SHA512
595184df613bed287d36ee15cf6c414959180ca1432187865e160e3a82e7d62958030abb1357594b430e5c3a42c4b61f4b0e711c4517be07bbe307499e0516e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe

Filesize
196KB

MD5
bfbe4e7c730e270f8d3772f170060ba6

SHA1
c57b386e5b12d4888cb9844df8e0074cc6663799

SHA256
450f88eaf53309b66982e8b21590959bed2096ff4fb034b2935e85cab73cd651

SHA512
3799abf696d5eb513765a7931feb7f438bed2b55f144180de3b9064e7d6ecaaa587aede8d85fac6941d4bd195b091e9b96cb18640ae7f6ecfb4c49cf68393f8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe

Filesize
196KB

MD5
14a6267886c716a05ce693bfbad15317

SHA1
0b6c3bc53ec873e7d26c2182045181a73d334c4f

SHA256
7af85cce375295e175c171f61d11ab651e932a4d7d3262147c7d6ba2e914d293

SHA512
42255e905787309f73633b0f9a075898d08989feb3b7648863272818bb36d984c58510974b89ea97cd66f27fcbfbb69b07465973e7044fb18f18054d98ee47b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe

Filesize
196KB

MD5
577ac8834aa35dfb6730c4a54e4c5763

SHA1
e8e4bbadd06a4d4e882853c8597964e15d63e952

SHA256
6ad7741e04c31e006522942526b4a79c7850330af1c0f7030c1cfd9260f97d4e

SHA512
dd6168f4b2be7a010e62d3b75b5c112814fa126b980819e7aa9ecae5cd1a2a2b87295e5a6c59f9a95eff2fca82dc241f7972b38d8079cf48dcf46a603e389b96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe

Filesize
196KB

MD5
7b9b159ea707d2a5702df1415dbb052f

SHA1
ccd4cc670f7addaae9b697f9d7a8f9bdc9d4aebd

SHA256
b6e34f2fccff43001a00949a7143c80d03440e3b040664033dda779de55deb35

SHA512
8d0b26f840eea2a45521e916701a296a4d0ffd1ac8fc212227da957aaf63622e857b1868db1f2acc499589b651fafb308ce21930b875c875b9e579ea313eeaec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe

Filesize
196KB

MD5
74d68dfb7de7df1595fbaf9b9ca86811

SHA1
a61705b07143ad9d3e8c13fc8ba161b0e941cc0a

SHA256
17325a6597075bd008a1c31674d2a9e37a02e56ae5a9c658531f0df21221f953

SHA512
9efa6456103eb310b0ba44e933ee72534c9c3a6be6678d3967a12333a5373d714c6368afdf9dcdcc0106d7cebef363ca7b5eb4b9867ed46d31d67dcc4c0c64f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe

Filesize
196KB

MD5
66d116fbba351ee627fe898fdbacebed

SHA1
9498e2acc13fa4717e11d9cbb48e137709cb220b

SHA256
8eb0145e5d6e4947a5f0e8592a1e14c5d03419ad0062c1789a261101af1420d3

SHA512
e308a712b5f4d8bee9c5e08429857004211fe3cfc7949603d2a5192ff7868df0a267d7017fb3d2171b473ba5d9a4b8022ead3a7327a5253b5f4718e3548011c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe

Filesize
196KB

MD5
60997b75dc9cb863d3d910c5cc425938

SHA1
0b06a44247d26cea660d6cdfaa8638a9c0845754

SHA256
f41990ed68ddd06be97d12036d17e407728d235bc053a573db14fc1a2393df4d

SHA512
577298b877b44b241e4737fd4bc98cf1af5649bbea0ed2c7f4ae5439d2cebad77985de3d822580396cc13e41b31ee99fb371b0484fdacbf4df8c58e514c60e59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe

Filesize
196KB

MD5
aedf8cbd577ef568c3c7dfaeff64eeb6

SHA1
55c2dcd166438f82c87d52004b5c78bf119b569f

SHA256
a54fa2024b20715e85fc7f874f8eca9806979360c8e69bf492bdcca91154f424

SHA512
67dd7f0cc2d7456a1ee1f264fda5aff1b6df945b4b49278cc8626be4668b14d1d1c1bdd387847d8100f5fe246c3db0c361f6d18520bc84788a62ca85f0fdd4b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe

Filesize
196KB

MD5
fed03ebd194395a59813c7e6ee9e3189

SHA1
0a2b266b8c3c82c55df73d7ed9a09c053b981d06

SHA256
d8ea5f5086626dffb3f65911de8ecd99ef25d05f6e4774e58fa070d6dd296ad8

SHA512
754bf4c46bc7c4229b23449f6f8ecdac4a6d42e4134e195b10aab9cf06b9136964270ead44807e685af25bf6c7b9c90b9e8281f8f22427b884e56b68ee07d92f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe

Filesize
196KB

MD5
b4c41e5431ddfd4707df31980ea75301

SHA1
8f6e2c8928ad0c6460509b1de30e66f5a4db464a

SHA256
b4a5ca6172b0507273e4fa8f53133253e5c372f870eb1241e2427f5b535f2a6e

SHA512
b845d97013e5824761fe16bf978452fc7bdeba9a6fc6a0a945dfe0a322acdc690ca490081dbcf8e7bf1174200b1551e8d63873f7aac8c764c966a978f6eb246f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe

Filesize
196KB

MD5
896aea10364b8a0a8d43dadd9f642dd7

SHA1
c4fac471a08541bc47aaee343b311df58d80c4d7

SHA256
fce5cb15dd163bfc5dd175c461a18376835390d99aca8cf1b1c1ab78827e22bb

SHA512
c06b0a377ceecc3d648b944feb670095882c618654b7cdeffeac39246936dd6d0f82faa3915d1d08a95d38e565b51bff8c8fbd07a44917662cf311e640a55793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe

Filesize
196KB

MD5
0dd4de0cd809fddd8a14723d1f6e265f

SHA1
3061ceb92942e46450c9af9d0265df5512b0ae2c

SHA256
2e3534089424fbc578a5295fc29081949d90179e115616455f899f0704149abd

SHA512
f642498025ae1d7afa574fda77d96355d3b5a18d780a07e8993d177573cf83b9b13d2c19e6b742b1fe6c6114c7d7c856f1ee837c12e1e95782caafa45699d7e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads