c3b7f0c7569de3786ae176e645528c174475d9a567f4d24b582d789fe4b9fdb6

Analysis

max time kernel
29s
max time network
120s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
06-04-2024 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
Size

192KB
MD5

e0565d98627160f0490beb57cb46770f
SHA1

2bd4796583f46893856108e1b00e846ff87e7be6
SHA256

c3b7f0c7569de3786ae176e645528c174475d9a567f4d24b582d789fe4b9fdb6
SHA512

d77da3a01cbd5607a23ebf24455d4b25a7892d659cdef6874bad0054cf26fbacfc249d6ecc8ed96a4a6699383f4199a02c7e0b9904840c80fc555738c43296ca
SSDEEP

3072:DAgPoRVGgGQM+OjTqvURu780Ww1Jw9WfxOxovjJpxlv1pFf:DA0ol3M+sqMRu7AUHvxlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 50 IoCs

pid	Process
2976	Unicorn-49420.exe
2508	Unicorn-45549.exe
2560	Unicorn-17515.exe
2420	Unicorn-27947.exe
2728	Unicorn-60811.exe
2580	Unicorn-105.exe
2940	Unicorn-15834.exe
2392	Unicorn-52036.exe
2780	Unicorn-19556.exe
2684	Unicorn-16218.exe
2252	Unicorn-36084.exe
2668	Unicorn-21341.exe
528	Unicorn-3660.exe
1036	Unicorn-49524.exe
1736	Unicorn-4044.exe
1624	Unicorn-12404.exe
344	Unicorn-23011.exe
1920	Unicorn-14843.exe
2076	Unicorn-42877.exe
3048	Unicorn-18539.exe
1032	Unicorn-64402.exe
1520	Unicorn-35259.exe
764	Unicorn-3245.exe
1980	Unicorn-48917.exe
2880	Unicorn-61190.exe
1200	Unicorn-57853.exe
1632	Unicorn-60038.exe
328	Unicorn-43702.exe
1740	Unicorn-48533.exe
1500	Unicorn-60230.exe
1432	Unicorn-19390.exe
1732	Unicorn-65061.exe
3004	Unicorn-16204.exe
3000	Unicorn-21034.exe
2640	Unicorn-57428.exe
2596	Unicorn-51180.exe
2956	Unicorn-47843.exe
2588	Unicorn-10531.exe
2556	Unicorn-17356.exe
2388	Unicorn-5850.exe
2960	Unicorn-8502.exe
1044	Unicorn-26183.exe
2396	Unicorn-6317.exe
2748	Unicorn-19384.exe
2464	Unicorn-28320.exe
1052	Unicorn-48186.exe
1860	Unicorn-61844.exe
828	Unicorn-16173.exe
2020	Unicorn-48186.exe
324	Unicorn-56904.exe

Loads dropped DLL 64 IoCs

pid	Process
2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
2976	Unicorn-49420.exe
2976	Unicorn-49420.exe
2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
2560	Unicorn-17515.exe
2560	Unicorn-17515.exe
2508	Unicorn-45549.exe
2508	Unicorn-45549.exe
2976	Unicorn-49420.exe
2976	Unicorn-49420.exe
2560	Unicorn-17515.exe
2560	Unicorn-17515.exe
2420	Unicorn-27947.exe
2420	Unicorn-27947.exe
2728	Unicorn-60811.exe
2728	Unicorn-60811.exe
2508	Unicorn-45549.exe
2508	Unicorn-45549.exe
2580	Unicorn-105.exe
2580	Unicorn-105.exe
2940	Unicorn-15834.exe
2940	Unicorn-15834.exe
2780	Unicorn-19556.exe
2780	Unicorn-19556.exe
2728	Unicorn-60811.exe
2728	Unicorn-60811.exe
2684	Unicorn-16218.exe
2684	Unicorn-16218.exe
2252	Unicorn-36084.exe
2252	Unicorn-36084.exe
2580	Unicorn-105.exe
2580	Unicorn-105.exe
2420	Unicorn-27947.exe
2420	Unicorn-27947.exe
2392	Unicorn-52036.exe
2392	Unicorn-52036.exe
2668	Unicorn-21341.exe
2668	Unicorn-21341.exe
2940	Unicorn-15834.exe
2940	Unicorn-15834.exe
528	Unicorn-3660.exe
528	Unicorn-3660.exe
1036	Unicorn-49524.exe
2780	Unicorn-19556.exe
2780	Unicorn-19556.exe
1036	Unicorn-49524.exe
1624	Unicorn-12404.exe
1624	Unicorn-12404.exe
2252	Unicorn-36084.exe
2252	Unicorn-36084.exe
1920	Unicorn-14843.exe
1920	Unicorn-14843.exe
1736	Unicorn-4044.exe
1736	Unicorn-4044.exe
2684	Unicorn-16218.exe
2076	Unicorn-42877.exe
2076	Unicorn-42877.exe
2684	Unicorn-16218.exe
344	Unicorn-23011.exe
2392	Unicorn-52036.exe
344	Unicorn-23011.exe
2392	Unicorn-52036.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
2976	Unicorn-49420.exe
2560	Unicorn-17515.exe
2508	Unicorn-45549.exe
2420	Unicorn-27947.exe
2728	Unicorn-60811.exe
2580	Unicorn-105.exe
2940	Unicorn-15834.exe
2392	Unicorn-52036.exe
2780	Unicorn-19556.exe
2684	Unicorn-16218.exe
2252	Unicorn-36084.exe
2668	Unicorn-21341.exe
528	Unicorn-3660.exe
1036	Unicorn-49524.exe
1736	Unicorn-4044.exe
1624	Unicorn-12404.exe
1920	Unicorn-14843.exe
344	Unicorn-23011.exe
2076	Unicorn-42877.exe
3048	Unicorn-18539.exe
1032	Unicorn-64402.exe
1520	Unicorn-35259.exe
764	Unicorn-3245.exe
1980	Unicorn-48917.exe
2880	Unicorn-61190.exe
1200	Unicorn-57853.exe
1432	Unicorn-19390.exe
1500	Unicorn-60230.exe
1740	Unicorn-48533.exe
328	Unicorn-43702.exe
1732	Unicorn-65061.exe
3004	Unicorn-16204.exe
3000	Unicorn-21034.exe
2640	Unicorn-57428.exe
2588	Unicorn-10531.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2976	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2976	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2976	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2976	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	28
PID 2976 wrote to memory of 2508	2976	Unicorn-49420.exe	29
PID 2976 wrote to memory of 2508	2976	Unicorn-49420.exe	29
PID 2976 wrote to memory of 2508	2976	Unicorn-49420.exe	29
PID 2976 wrote to memory of 2508	2976	Unicorn-49420.exe	29
PID 2968 wrote to memory of 2560	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	30
PID 2968 wrote to memory of 2560	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	30
PID 2968 wrote to memory of 2560	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	30
PID 2968 wrote to memory of 2560	2968	e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe	30
PID 2560 wrote to memory of 2420	2560	Unicorn-17515.exe	31
PID 2560 wrote to memory of 2420	2560	Unicorn-17515.exe	31
PID 2560 wrote to memory of 2420	2560	Unicorn-17515.exe	31
PID 2560 wrote to memory of 2420	2560	Unicorn-17515.exe	31
PID 2508 wrote to memory of 2728	2508	Unicorn-45549.exe	32
PID 2508 wrote to memory of 2728	2508	Unicorn-45549.exe	32
PID 2508 wrote to memory of 2728	2508	Unicorn-45549.exe	32
PID 2508 wrote to memory of 2728	2508	Unicorn-45549.exe	32
PID 2976 wrote to memory of 2580	2976	Unicorn-49420.exe	33
PID 2976 wrote to memory of 2580	2976	Unicorn-49420.exe	33
PID 2976 wrote to memory of 2580	2976	Unicorn-49420.exe	33
PID 2976 wrote to memory of 2580	2976	Unicorn-49420.exe	33
PID 2560 wrote to memory of 2940	2560	Unicorn-17515.exe	34
PID 2560 wrote to memory of 2940	2560	Unicorn-17515.exe	34
PID 2560 wrote to memory of 2940	2560	Unicorn-17515.exe	34
PID 2560 wrote to memory of 2940	2560	Unicorn-17515.exe	34
PID 2420 wrote to memory of 2392	2420	Unicorn-27947.exe	35
PID 2420 wrote to memory of 2392	2420	Unicorn-27947.exe	35
PID 2420 wrote to memory of 2392	2420	Unicorn-27947.exe	35
PID 2420 wrote to memory of 2392	2420	Unicorn-27947.exe	35
PID 2728 wrote to memory of 2780	2728	Unicorn-60811.exe	36
PID 2728 wrote to memory of 2780	2728	Unicorn-60811.exe	36
PID 2728 wrote to memory of 2780	2728	Unicorn-60811.exe	36
PID 2728 wrote to memory of 2780	2728	Unicorn-60811.exe	36
PID 2508 wrote to memory of 2684	2508	Unicorn-45549.exe	37
PID 2508 wrote to memory of 2684	2508	Unicorn-45549.exe	37
PID 2508 wrote to memory of 2684	2508	Unicorn-45549.exe	37
PID 2508 wrote to memory of 2684	2508	Unicorn-45549.exe	37
PID 2580 wrote to memory of 2252	2580	Unicorn-105.exe	38
PID 2580 wrote to memory of 2252	2580	Unicorn-105.exe	38
PID 2580 wrote to memory of 2252	2580	Unicorn-105.exe	38
PID 2580 wrote to memory of 2252	2580	Unicorn-105.exe	38
PID 2940 wrote to memory of 2668	2940	Unicorn-15834.exe	39
PID 2940 wrote to memory of 2668	2940	Unicorn-15834.exe	39
PID 2940 wrote to memory of 2668	2940	Unicorn-15834.exe	39
PID 2940 wrote to memory of 2668	2940	Unicorn-15834.exe	39
PID 2780 wrote to memory of 528	2780	Unicorn-19556.exe	40
PID 2780 wrote to memory of 528	2780	Unicorn-19556.exe	40
PID 2780 wrote to memory of 528	2780	Unicorn-19556.exe	40
PID 2780 wrote to memory of 528	2780	Unicorn-19556.exe	40
PID 2728 wrote to memory of 1036	2728	Unicorn-60811.exe	41
PID 2728 wrote to memory of 1036	2728	Unicorn-60811.exe	41
PID 2728 wrote to memory of 1036	2728	Unicorn-60811.exe	41
PID 2728 wrote to memory of 1036	2728	Unicorn-60811.exe	41
PID 2684 wrote to memory of 1736	2684	Unicorn-16218.exe	42
PID 2684 wrote to memory of 1736	2684	Unicorn-16218.exe	42
PID 2684 wrote to memory of 1736	2684	Unicorn-16218.exe	42
PID 2684 wrote to memory of 1736	2684	Unicorn-16218.exe	42
PID 2252 wrote to memory of 1624	2252	Unicorn-36084.exe	43
PID 2252 wrote to memory of 1624	2252	Unicorn-36084.exe	43
PID 2252 wrote to memory of 1624	2252	Unicorn-36084.exe	43
PID 2252 wrote to memory of 1624	2252	Unicorn-36084.exe	43

C:\Users\Admin\AppData\Local\Temp\e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e0565d98627160f0490beb57cb46770f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        8⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        7⤵
        Executes dropped EXE
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        8⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        7⤵
        Executes dropped EXE
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        6⤵
        Executes dropped EXE
        
        PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        8⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        6⤵
        Executes dropped EXE
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        7⤵
        
        PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        7⤵
        Executes dropped EXE
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        8⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        6⤵
        Executes dropped EXE
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        7⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        6⤵
        Executes dropped EXE
        
        PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48186.exe
        6⤵
        Executes dropped EXE
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        7⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19384.exe
        5⤵
        Executes dropped EXE
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        6⤵
        
        PID:1616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
        7⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
        6⤵
        Executes dropped EXE
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        6⤵
        
        PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        5⤵
        Executes dropped EXE
        
        PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        7⤵
        Executes dropped EXE
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        8⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        6⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56351.exe
        7⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        6⤵
        Executes dropped EXE
        
        PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        7⤵
        
        PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe

Filesize
192KB

MD5
5bb50ce5595f58f18aaadca355e73cf5

SHA1
ee9b420e4b052c1e4166de09cabc623a5c075344

SHA256
6d61a966c8f85b9bc907b7b5de0a23ceb38e0b4f758dd147eb347a53ba66edff

SHA512
1204b3aa4850a464ee97a72c64b5f0d4d3dba43b5160aeda40f73d8f6c8c9bc339163af531000160a4b9914593ec1d0659fd9efaa2d0810b9a45e950b5f7297e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe

Filesize
192KB

MD5
a7fc23b664f86792182749a045fef596

SHA1
af5e2b08f96a28a1999c7c18174673f0add1da59

SHA256
bba1941db02d624b296cc7fa4ed2451b33982352b13d7c3417a3dbadd5965de2

SHA512
513b5f1d3488b959a2ce3a00309fd46b6d894954b05a3f4212f8f51a95d1b03ae28cdef26ab65a1295493cddf8534d8d6eced0ca902cefc2671f1dc21cd0b4ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-105.exe

Filesize
192KB

MD5
c15da5f3b967b7ddf97dcb2d61328b9b

SHA1
2cb461cefdceb4005568171bb88e57ab0a9a0601

SHA256
1192f4793e49cbf89964f939352e07ad937fe5c49b24fc9aa6807e1a7ddce010

SHA512
686a53543aa18b67fdf1828394f2d0c52209c0f1f618dc6d1a286d6bd241cd750c8308eb3f0176adad1617ff0be2c255f7f7b1539d2c0b48cf06ffcbb337c5db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe

Filesize
192KB

MD5
7fcd9f56dc08a23dcdb6aca5051c8b66

SHA1
c3cb7e6656cb4deb8fe15c590ad497656a7e76d3

SHA256
a0e11efef1f1762b621957ae37864bcc246f72843475f55ba3bcfa4fdf7cb01e

SHA512
92c8942448d0fec52ee3c49cb09ef7b099eb2081f34618c34cfb43d38dbd971c833a684f3a5f0d9e18cc8fff992647531ceea4327ebfe1d430d3a93db7bc251d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe

Filesize
192KB

MD5
fc2299eff77fe52d0edca0a36c967bf7

SHA1
c465e7e6298e6fb281d5e10abc6f120af52a8015

SHA256
cd7a6ba6af9e8d0e5e8651aafdf7454b4a4e23f2c5010a2f9c701c118f9f091c

SHA512
a6cc62a38f24c7dc63aaa58c245d996dd434ab6eae31eb00c43bc45c25e7d60a584a13b7bf911616dffcccd41fd6a90decf958ef1e4fa2609cc87601074c2e0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe

Filesize
192KB

MD5
5b11d45872c8fabed9090903aea59ea5

SHA1
3ebbaa7f2d8c2070443c56c9a2332937fa6421ce

SHA256
accdefc73361805f08a03ba6ba77c75259094a29144938042a761fcc2006423a

SHA512
e9b77d117a6a489abd0b37a287ba5c48014ac55302af724800869f91afaf46dc9a781f03bf059e0047e5beb99f522b105691d801303fe93d3a818ae52b3ad011

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe

Filesize
192KB

MD5
79b37fab6f80a2890ef6edad3cd8f467

SHA1
2e323fb2f20a61340543dea07471a88eb6f2b5b4

SHA256
3da6b65e687db05ea2850ffa500a8bd583e1da2682d0991f1de55062ac1b86a0

SHA512
2bb6acd6a0f86f16bd0b55d5dd13681147f861d3c28c50e4014e8896909de6b738c015d81c22024fa6ab2608730f0991fa2fd3a9b7a8ee520ffa02b8917eaac1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe

Filesize
192KB

MD5
c2f93e08c5c1bb732b01d92388c0265e

SHA1
8c54c3e8dd39e3fc26a4bc748234744341a7f071

SHA256
500e1eba0a8aebc27374c79fb2135162739017d01a813df81462636cd1a8299a

SHA512
3a7ad64ad8efb43b6ecb89235c0a50795c079b574147e14fd01ff5ebe17ca79a69771cb1dc1ba73c5d02d329dddf30a727888f90cba547761cf5aa695bd3a403

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe

Filesize
192KB

MD5
a63b1f1247b7a02582e236868dbb7dd0

SHA1
0daf473f3a16267d6b7b1f7c2390969c584a9db0

SHA256
a4e3c430206a22fa99c48e2957230e85b53ac0c202ecab743e5d5afd7ca1b0a2

SHA512
bbf067114a8bcde585ad766be029f9d20f01072c80f2ffa805da10b190f51ad4b5d5d152de2dd666f6b8464a78fbc08cb2cf63b2bf66ed37ca15c3ee8cb42f44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe

Filesize
192KB

MD5
2b2c56f30f16db42beefe522cd3a82a1

SHA1
7b4d8379f2314924259e82b14cd54ff579e82db0

SHA256
f6ccb15cb957d80dc1986217acf8efd659ab0eca1413804bca16996bdf3a8f99

SHA512
31b6742fa472fcc422c0ec184851808d4717d6cacb042bf7f7616133a125bbf325f9db6a52a5fbda0a380fe5591b5b5998de62a578d724e1553c839fe0c4ed1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe

Filesize
192KB

MD5
0249e3324976886f862b31179579dc46

SHA1
8f2f9e6191dd82f43a8339843b679720bccffa76

SHA256
65a4f4f6fc5cc45c7996c78d205bf3ab80838cae65c944a28759a0666aafbcbe

SHA512
4f59ed2b8096b2736e123e3e13aa1315ac778be920758514eff573e403b87ae9f8a18689eb16b84eb5b08d2b260184aedc8f11d0cc64d311c406a90b7cede1e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe

Filesize
192KB

MD5
680c27a53d05eaecfe8ffea14c1f0b5f

SHA1
05284920f0508a1ae5798951329bed4236dba079

SHA256
0c1c64f5c8d02dc413b638106700994ae2bc66167b04bff04ee07aae16955db4

SHA512
9fbdcd124960e88aaf34c0973664177468dcc77dc6e1b33e912aa7d7e0db5b2cc193f094cd368f179b59c495350d844b0c41673e6f3a75e38fbaabd60374842f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe

Filesize
192KB

MD5
9ea286dabd15c682dfa9e8f58522cb97

SHA1
305e3223fb935b3c37f347da81537fcea6c7d63a

SHA256
9cc18707d9dfd4c489e7b0c3ab9b9d3c0de741a5fd58cab25d94d4bb7b616be8

SHA512
a791a6ed4ae38d2dfe9ce4a91d2f5c97a8d0182d67607ccbfa9f1cea6b42c0ffadb630ba1ca4912e8f1075aa7458bd086c2ad1f1037788f1549bfb8dd5b9a60c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe

Filesize
192KB

MD5
9033946517de6dedf02bee58724f814e

SHA1
91e2789f0a3b0219b683b0d14845605dd21f0d52

SHA256
aa4b8ae98a27603f12bd161a91e84964687045d2cb0262444996ed0a71ebba0f

SHA512
4f4055d2692c4ffceb8b8046c5c04484f6e99884d38093019fe60a86e306b7cee784bedd39c49def5dfc12b4fc344c65e8d7983d7e55285be28ec7dcfb46d66f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe

Filesize
192KB

MD5
1f512bdae98246babfd0184b660684b5

SHA1
ff5e4d77789240356470b04ac09a38158f6559a3

SHA256
80b09a4e7e5338aabd8bc7a109421c1ef55318af85589fd04b8a5c3914eed946

SHA512
eecbc5269c67c7277d6740334b7a112c4820ad957a166747160a936f4675ddcb5fbda63be724db2a67361bb28707388a945732eda1d7ccd4a664805c189c5dc6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe

Filesize
192KB

MD5
26aff00731caaad4dfae75a807d32e18

SHA1
e3430e0902ae09c31c749e7d67573549fe90a6c7

SHA256
29a9de0c5199efa1421d03a3f716d0c4b76b2199cb916d64d51e62b14d4e6ba3

SHA512
eaa309b4de205e03793612da65c1888607759fb42a8ce06366e0369bc1106c26f440818e25c6be8850d3e478d0528c0cfc2d13026abb4f3bd0b9248120418094

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe

Filesize
192KB

MD5
678b1f8af4d277e47c22085fc2b0c86c

SHA1
4a90d9c844eeed1276ae580579bd0c0fb5a3eb3a

SHA256
c3089e75a707b173c402e1318e7236ddee50a37ffc7aa23451210ed5114fb9fb

SHA512
7fa54f4941baaa6d059a06d71fc92872e494559bdd3df0e7f4ea812dbcb3216e658e154407a46f7bc21768ffdfc4f5d94d369022e211cd0ef5e6f8d9202bced5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe

Filesize
192KB

MD5
d1260f5f433acdf1538af491b225528d

SHA1
8bf48624a0a24f46423c38d47709a70b09383dcf

SHA256
96baae1daaef7f185e477114c0c93413e4b31ef07ddfeae809d76a19e5c27d1c

SHA512
d0214c1ef28530da70b55b156010230f7207ba1653c32949d055b511693777d3467c3a5bc7087a44924a983cd5a0e364aad4e74d32e37d5d63ac7e129571ed79

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads