2f2552b22d4b8f0ca88ef813b81f4dd518e9aebd5215be0de2c45a54657a058c

Analysis

max time kernel
26s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08-04-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
Size

184KB
MD5

e79408556fc1e7c0ab1296b39a9b6f45
SHA1

bb3ce99e6610630a9c28b8e2ca52bf48eadbc625
SHA256

2f2552b22d4b8f0ca88ef813b81f4dd518e9aebd5215be0de2c45a54657a058c
SHA512

449f156bfe16d317c42c0d6d6422f33b82c71236b2ca896fc5f99667fbaa71ffb35cd09f980ca56ea4837d4a172cf8aad5074de573c2c6cba32fa512bbf50cc9
SSDEEP

3072:S++yoEuHXDA8k5//wTOS08db3et6VdzhBR3x+Sd9TNlPvpFc:S+roP88kVwqS08p1cUNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 43 IoCs

pid	Process
1780	Unicorn-30838.exe
772	Unicorn-21923.exe
2384	Unicorn-63510.exe
2556	Unicorn-1346.exe
2928	Unicorn-25296.exe
2756	Unicorn-12659.exe
2456	Unicorn-13017.exe
3024	Unicorn-765.exe
3068	Unicorn-42352.exe
2892	Unicorn-53666.exe
2804	Unicorn-29716.exe
2864	Unicorn-36871.exe
2180	Unicorn-4369.exe
1588	Unicorn-53015.exe
2040	Unicorn-12729.exe
1564	Unicorn-25579.exe
1732	Unicorn-13326.exe
712	Unicorn-58998.exe
592	Unicorn-1074.exe
2284	Unicorn-39860.exe
2056	Unicorn-7742.exe
1784	Unicorn-15355.exe
964	Unicorn-48220.exe
960	Unicorn-21338.exe
2044	Unicorn-12615.exe
916	Unicorn-37866.exe
2536	Unicorn-54333.exe
2204	Unicorn-12423.exe
2304	Unicorn-45843.exe
1312	Unicorn-44904.exe
2120	Unicorn-13492.exe
1800	Unicorn-26107.exe
1204	Unicorn-45610.exe
2540	Unicorn-25744.exe
1692	Unicorn-45610.exe
1440	Unicorn-45610.exe
2032	Unicorn-21660.exe
2328	Unicorn-37250.exe
2640	Unicorn-29082.exe
1816	Unicorn-17960.exe
2488	Unicorn-28157.exe
2632	Unicorn-48023.exe
2788	Unicorn-29466.exe

Loads dropped DLL 64 IoCs

pid	Process
1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
1780	Unicorn-30838.exe
1780	Unicorn-30838.exe
1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
772	Unicorn-21923.exe
772	Unicorn-21923.exe
1780	Unicorn-30838.exe
1780	Unicorn-30838.exe
2384	Unicorn-63510.exe
2384	Unicorn-63510.exe
2556	Unicorn-1346.exe
2556	Unicorn-1346.exe
2928	Unicorn-25296.exe
2928	Unicorn-25296.exe
772	Unicorn-21923.exe
772	Unicorn-21923.exe
2756	Unicorn-12659.exe
2756	Unicorn-12659.exe
2384	Unicorn-63510.exe
2384	Unicorn-63510.exe
2456	Unicorn-13017.exe
2456	Unicorn-13017.exe
2556	Unicorn-1346.exe
2556	Unicorn-1346.exe
2892	Unicorn-53666.exe
2892	Unicorn-53666.exe
2756	Unicorn-12659.exe
3024	Unicorn-765.exe
2756	Unicorn-12659.exe
3024	Unicorn-765.exe
3068	Unicorn-42352.exe
3068	Unicorn-42352.exe
2928	Unicorn-25296.exe
2928	Unicorn-25296.exe
2804	Unicorn-29716.exe
2804	Unicorn-29716.exe
2864	Unicorn-36871.exe
2864	Unicorn-36871.exe
2456	Unicorn-13017.exe
2456	Unicorn-13017.exe
2180	Unicorn-4369.exe
2180	Unicorn-4369.exe
1588	Unicorn-53015.exe
1588	Unicorn-53015.exe
2892	Unicorn-53666.exe
2892	Unicorn-53666.exe
1564	Unicorn-25579.exe
1564	Unicorn-25579.exe
3024	Unicorn-765.exe
3024	Unicorn-765.exe
712	Unicorn-58998.exe
712	Unicorn-58998.exe
1732	Unicorn-13326.exe
1732	Unicorn-13326.exe
3068	Unicorn-42352.exe
592	Unicorn-1074.exe
2040	Unicorn-12729.exe
3068	Unicorn-42352.exe
592	Unicorn-1074.exe
2040	Unicorn-12729.exe
2804	Unicorn-29716.exe
2804	Unicorn-29716.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1780	3024	WerFault.exe	35
1968	916	WerFault.exe	53
2352	1564	WerFault.exe	43
1708	2044	WerFault.exe	52
2412	2428	WerFault.exe	73
1876	2592	WerFault.exe	85

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
1780	Unicorn-30838.exe
772	Unicorn-21923.exe
2384	Unicorn-63510.exe
2928	Unicorn-25296.exe
2556	Unicorn-1346.exe
2756	Unicorn-12659.exe
2456	Unicorn-13017.exe
3024	Unicorn-765.exe
2892	Unicorn-53666.exe
3068	Unicorn-42352.exe
2804	Unicorn-29716.exe
2864	Unicorn-36871.exe
2180	Unicorn-4369.exe
1588	Unicorn-53015.exe
2040	Unicorn-12729.exe
1564	Unicorn-25579.exe
1732	Unicorn-13326.exe
712	Unicorn-58998.exe
592	Unicorn-1074.exe
2284	Unicorn-39860.exe
2056	Unicorn-7742.exe
1784	Unicorn-15355.exe
964	Unicorn-48220.exe
960	Unicorn-21338.exe
916	Unicorn-37866.exe
2536	Unicorn-54333.exe
2044	Unicorn-12615.exe
1312	Unicorn-44904.exe
2204	Unicorn-12423.exe
2120	Unicorn-13492.exe
1800	Unicorn-26107.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 1780	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	28
PID 1244 wrote to memory of 1780	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	28
PID 1244 wrote to memory of 1780	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	28
PID 1244 wrote to memory of 1780	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	28
PID 1780 wrote to memory of 772	1780	Unicorn-30838.exe	29
PID 1780 wrote to memory of 772	1780	Unicorn-30838.exe	29
PID 1780 wrote to memory of 772	1780	Unicorn-30838.exe	29
PID 1780 wrote to memory of 772	1780	Unicorn-30838.exe	29
PID 1244 wrote to memory of 2384	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	30
PID 1244 wrote to memory of 2384	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	30
PID 1244 wrote to memory of 2384	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	30
PID 1244 wrote to memory of 2384	1244	e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe	30
PID 772 wrote to memory of 2928	772	Unicorn-21923.exe	31
PID 772 wrote to memory of 2928	772	Unicorn-21923.exe	31
PID 772 wrote to memory of 2928	772	Unicorn-21923.exe	31
PID 772 wrote to memory of 2928	772	Unicorn-21923.exe	31
PID 1780 wrote to memory of 2556	1780	Unicorn-30838.exe	32
PID 1780 wrote to memory of 2556	1780	Unicorn-30838.exe	32
PID 1780 wrote to memory of 2556	1780	Unicorn-30838.exe	32
PID 1780 wrote to memory of 2556	1780	Unicorn-30838.exe	32
PID 2384 wrote to memory of 2756	2384	Unicorn-63510.exe	33
PID 2384 wrote to memory of 2756	2384	Unicorn-63510.exe	33
PID 2384 wrote to memory of 2756	2384	Unicorn-63510.exe	33
PID 2384 wrote to memory of 2756	2384	Unicorn-63510.exe	33
PID 2556 wrote to memory of 2456	2556	Unicorn-1346.exe	34
PID 2556 wrote to memory of 2456	2556	Unicorn-1346.exe	34
PID 2556 wrote to memory of 2456	2556	Unicorn-1346.exe	34
PID 2556 wrote to memory of 2456	2556	Unicorn-1346.exe	34
PID 2928 wrote to memory of 3024	2928	Unicorn-25296.exe	35
PID 2928 wrote to memory of 3024	2928	Unicorn-25296.exe	35
PID 2928 wrote to memory of 3024	2928	Unicorn-25296.exe	35
PID 2928 wrote to memory of 3024	2928	Unicorn-25296.exe	35
PID 772 wrote to memory of 3068	772	Unicorn-21923.exe	36
PID 772 wrote to memory of 3068	772	Unicorn-21923.exe	36
PID 772 wrote to memory of 3068	772	Unicorn-21923.exe	36
PID 772 wrote to memory of 3068	772	Unicorn-21923.exe	36
PID 2756 wrote to memory of 2892	2756	Unicorn-12659.exe	37
PID 2756 wrote to memory of 2892	2756	Unicorn-12659.exe	37
PID 2756 wrote to memory of 2892	2756	Unicorn-12659.exe	37
PID 2756 wrote to memory of 2892	2756	Unicorn-12659.exe	37
PID 2384 wrote to memory of 2804	2384	Unicorn-63510.exe	38
PID 2384 wrote to memory of 2804	2384	Unicorn-63510.exe	38
PID 2384 wrote to memory of 2804	2384	Unicorn-63510.exe	38
PID 2384 wrote to memory of 2804	2384	Unicorn-63510.exe	38
PID 2456 wrote to memory of 2864	2456	Unicorn-13017.exe	39
PID 2456 wrote to memory of 2864	2456	Unicorn-13017.exe	39
PID 2456 wrote to memory of 2864	2456	Unicorn-13017.exe	39
PID 2456 wrote to memory of 2864	2456	Unicorn-13017.exe	39
PID 2556 wrote to memory of 2180	2556	Unicorn-1346.exe	40
PID 2556 wrote to memory of 2180	2556	Unicorn-1346.exe	40
PID 2556 wrote to memory of 2180	2556	Unicorn-1346.exe	40
PID 2556 wrote to memory of 2180	2556	Unicorn-1346.exe	40
PID 2892 wrote to memory of 1588	2892	Unicorn-53666.exe	41
PID 2892 wrote to memory of 1588	2892	Unicorn-53666.exe	41
PID 2892 wrote to memory of 1588	2892	Unicorn-53666.exe	41
PID 2892 wrote to memory of 1588	2892	Unicorn-53666.exe	41
PID 2756 wrote to memory of 2040	2756	Unicorn-12659.exe	42
PID 2756 wrote to memory of 2040	2756	Unicorn-12659.exe	42
PID 2756 wrote to memory of 2040	2756	Unicorn-12659.exe	42
PID 2756 wrote to memory of 2040	2756	Unicorn-12659.exe	42
PID 3024 wrote to memory of 1564	3024	Unicorn-765.exe	43
PID 3024 wrote to memory of 1564	3024	Unicorn-765.exe	43
PID 3024 wrote to memory of 1564	3024	Unicorn-765.exe	43
PID 3024 wrote to memory of 1564	3024	Unicorn-765.exe	43

C:\Users\Admin\AppData\Local\Temp\e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e79408556fc1e7c0ab1296b39a9b6f45_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32542.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
        10⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 380
        10⤵
        Program crash
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 372
        9⤵
        Program crash
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 380
        8⤵
        Program crash
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 372
        7⤵
        Program crash
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        7⤵
        Executes dropped EXE
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 380
        7⤵
        Program crash
        
        PID:1968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 380
        6⤵
        Program crash
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        9⤵
        
        PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        7⤵
        Executes dropped EXE
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        9⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
        6⤵
        Executes dropped EXE
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        5⤵
        Executes dropped EXE
        
        PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        7⤵
        Executes dropped EXE
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
        6⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        9⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        6⤵
        Executes dropped EXE
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        6⤵
        Executes dropped EXE
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        7⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        5⤵
        Executes dropped EXE
        
        PID:2032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        6⤵
        Executes dropped EXE
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        8⤵
        
        PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        6⤵
        Executes dropped EXE
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
        5⤵
        Executes dropped EXE
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        6⤵
        
        PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        5⤵
        
        PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe

Filesize
184KB

MD5
93a4860a601fedb579cba04d9f5f5ca5

SHA1
ea614aa21516b34d27cc26f17c8a702c4e82875e

SHA256
6140f9a72e80b6076017aca710e2f2162208ab293c7e0c47738ff0fd514b6534

SHA512
bbaa2ea1d2721a9a4c1d160cedba8a520e25c405df40a3689f61bb9622d380e3f5b3fb9152e4e992a0c9e88167e2b784dffe851b608f47f9930d3eae99f0ad0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe

Filesize
184KB

MD5
a22b7809987efab4158749680fb66684

SHA1
9fcfc29d5d3e232cc356092421b727503f20a8ee

SHA256
66402f7e5082e6c61e6528e79c512da1298796757d49ddd7f4422ecf239b1798

SHA512
7117206284d3d7d03a5a242b91d75daa96ebad29d87bcfac5735a3b92c473449720219c392abe250a75e68021134c507fab6292b6dc10f206f21ed1dd97ca417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe

Filesize
184KB

MD5
c8a626e702de347c0726431833063e18

SHA1
c6fefded460fda307006ffe23014922dd8b7ce49

SHA256
f564da87fddb4a8846f73a7298be2fc91e4d5113aa956d752c8c1c08e97dc822

SHA512
2d4e1a5e6937913a8401eaa76bb5f789311489afd8d41a7865bbbdb05dd5a6cbb3bccee41a57094a94f320b43f852e68a2719294669fa27ef7c31902a0e427da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe

Filesize
184KB

MD5
7dec5b05b919c9ca86c013da4353e916

SHA1
e47f33c45230befa973ee24634d07d234d30c031

SHA256
0f6b31d5f98185b9bdb6a53b8654c60bfaf63619067d965312865f3d8dd9879b

SHA512
b09fe2871438266721378c45b31c9bd912e226687b8319fd52e1c8ad913f4adb026df1313430f2d787378715e0afde1fdb45c6441e57a4a88fe476301530ebc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe

Filesize
184KB

MD5
6fa97f12a2477c605a6cfb3a95544609

SHA1
d084cedd52de75aa21b21198df1982bcfd488bb8

SHA256
722c7780bbd47f2904b2993230e8950c05b31ed29113f0954d96373e8c2ffa9a

SHA512
038032213733eb18002a399ab7651b6323250d8e6ac46234ea606585ff05bac667468a245cfe9f244fae8ee8cc7dcd48f844b8a33a62fdae80b92cf9307873e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe

Filesize
184KB

MD5
d56078bada2b7eea58dd941ff3d5e627

SHA1
bfad7e5cc0be101169a4a40c7d1396c105f7e4a8

SHA256
852fcd16edd278fb048f1f98735d9f86e5d39f440eefaf274db0ed547dc12808

SHA512
7b0ffd9b823fb3c2e44f7767aa2dc6674bdcf645cb91dbc4c03afcc36043db6119df5600818dcb0a34d4cdf54dc590dc72e4e2c29eeedcec6e7bd7ab7a64a13b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe

Filesize
184KB

MD5
55223ce8e9a44f967a885ad6e14c6c74

SHA1
4d4772f04e2ce0364312a9f6d072657f6f830f8e

SHA256
bb815a2978fd8afe6ba78c7de0c9e9bae31e858a61b7f23422abd03f546a154c

SHA512
fa5d08185f2e90170e5183c3d32b2275032e8722c53c4b6c09cda575f039f1c96373e4fea56229a85e7b9ab65f82b97e1b4e84d351fbdf088b89d48e0f8fa38d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe

Filesize
184KB

MD5
b5f54c8df8abf371eb24a055466fade8

SHA1
8c7166fb9b87ee978c49c500d4d8a96867211482

SHA256
b86cf9ec366e431ef7b9214279cd06f83b19cb1bd234c93e629748592c06772a

SHA512
e14f5483c453c0fb63ceb9c103ca3aa8b3ff11a1014d5497971cf561ff14cb4ac6139a2e10ca1c006616eb887567f1ac3f010d71f6299f072b0af33d3c42302b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe

Filesize
184KB

MD5
5ffbe648bb8a6ebd582c148a4c2b2386

SHA1
c60cea65f7095759e76ada706063e8b535ff879c

SHA256
16c3de0cd7b4c7f793096cc63995b3847c38d55da1c2add15f3845fd8efaf49d

SHA512
b5ba9d6057ae639f206509ea169aff5b817fc95fdce66702f15a6bef36a8eb997e9b3caf18d7943e6c95c8855cf7c7ad5846fcac9521d5d34b5b80f07d06937a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe

Filesize
184KB

MD5
bda88fa0630dec18eec38304e033e8d3

SHA1
d8c6b87957853c6967388e575fd210d3ba68c1e4

SHA256
997b072739aa88965e79cce6845cabee8657b85780cc089508102a83d18ca16d

SHA512
f9705fbe7ac8ee943ce3323b7eabb6f4afbf11840ffd7f83239f223eb6b4b19ad2986de6ada0dfb49f96886e0dc678b166e4667bad93484ed1458e475e57032b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe

Filesize
184KB

MD5
c4461011d13d5ac9afd9c5ed3dfac3ff

SHA1
27d5a2b972bb34756522d8b5613db4d18f3aef95

SHA256
f7b3f44391cbab16b51c2333f39b36f977cc04b5d96976a844f0a0939245a3e9

SHA512
ab2e0e5429b18b8f68bf5a58025d11e21b0bbea83f6b8eadfe8b9cba6fbbe311f1d8ee6788dad4adf6b1233b0b5fa56cc2885986d66f78622970b46534a63423

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe

Filesize
184KB

MD5
12612216544f33479293f41741de7888

SHA1
e7506ca63d8a9d1309409fc00768dcf36e0064b6

SHA256
a1c110ba1e1d894b1d8d0a525737e7bf0b12f02653010b6444d5870c73e2e11a

SHA512
07d662c40e52082e358fff2bd3e3e88074e5c269c844dc38e4f096d0386e34650ed523521f13bbd8879d51c1ea51cbd64aca422b1b836251a561f51ad783ed71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe

Filesize
184KB

MD5
4aa060d7d5c68a87345adfddc7b15623

SHA1
b70ff3105f815238d548b992df4162624fa4e11c

SHA256
a17da7f770c758eb59fce25742b7ad09fed15aaa78269b8c96e9569156224178

SHA512
b5f6c9452c0f3f9b170830a52f1666b42559e7470175bbd94748c3414c69415e734ad9bd3618a68996807ca825553b1519e335224ba173e2d24f57dddc761d67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe

Filesize
184KB

MD5
6b1678c57c6f8be84925dc89b81af8bc

SHA1
67e00766cebbda639e453ddd917ebe4159b7fcff

SHA256
5fc83d2b3e59aed9527c5f7fdf0e4c2abcdabebfc4096563223e4cfd425ef5ac

SHA512
9bb8d00357e6c04a07bcd0068232eef2f440d3d2214687a9e860ac7573ceb77bc1d2817581d5bf4f623e6ff6a6bc4e12837758443e3018c0c79b061a8d54afcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe

Filesize
184KB

MD5
2b63b52fb3cb8731bd164da9fcb1a33c

SHA1
9991a5e128538087b85669d3a5f311afb32090e7

SHA256
319ead1d9b31c74d9897357dd4057b93f42f32575e61cb7b41707cc5d70b5a7c

SHA512
f36d44ac8d8927d454180eb856a3fa3f782aaf54681f75ca78533c53a146aa2d07598f9fa2a1a0f5c6a3ea440a41d66ee5e23f649e55211cf78f49817f5fb903

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe

Filesize
184KB

MD5
6bc25e4fb6e30c5cf59b695397ba4a8c

SHA1
7eadc920bde9471fae98b1b67ddd8828dcec0d56

SHA256
9ecb215888f17569637ae2ab6e1762c2d37b34738db7b5abd5c6eeb0fd60b19c

SHA512
ffb21972daa1064fc372d69e50f6792749cfdcf7fec40c88da8f2d0713f012af4c410bc2ed5ff0b848ed6d6d24b8f435205c606ddc7a02e0dfb936e402226642

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe

Filesize
184KB

MD5
cc4971743e6bc9c90f6ad18f1ea2d26d

SHA1
a3f1d2f57b15ef9df77483fba125230bd93cb43c

SHA256
cdb5ceb3b55ad3d70a61388bc688a2b83dbabebf160f90b7ce01d97e1fec97df

SHA512
ce69282d5a5bb376caae48c4d3077ef4ff698197a182237a57f7c771b6a9900493482f80dcd5864d916f180d17059660a154cdc7fe0fd193f5de15aefcf6badc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe

Filesize
184KB

MD5
a361fae159753783866bc14368fb8a94

SHA1
43e0a7048592687209f7096c38a32dd2625a833d

SHA256
16d570125481bbda0a947c760a7d30e628632834682dcce5458c4a8b0866bf5b

SHA512
943e4963c3f5a794bcfc8c1129a811ce7a243e503edce44253459724bc09c6575be2625446ec9c5196f4afdc63abf2ef3d531995fbc54bf8646d396c62825993

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-765.exe

Filesize
184KB

MD5
387b8afe35345f3a20351d218bf15e2f

SHA1
683a026b9e954c3541c0f123cb4658366cf060f9

SHA256
48a27055cbd998805d94c8b2ac9b5ddb5bc8ee3a98fc1de5af54e384c3a3f10a

SHA512
835435d95e30d0d218e3fd4fd9d432013f0ae983a4913604a0eb0dc3dfab1986f3a32927295b60869e6207600ee510f48045d53d68fed92876280d43de770689

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads