eb1dc1b815dadf62b8cbde9dc7440cabc0352683f8d1055257bd0d7c7b592d29

Analysis

max time kernel
48s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 15:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
Size

184KB
MD5

e7c24ba6c0ec87029356f31c54050c18
SHA1

5ed2d1b8b533c56fcbffcf8c138567cafa3075e8
SHA256

eb1dc1b815dadf62b8cbde9dc7440cabc0352683f8d1055257bd0d7c7b592d29
SHA512

1fef20f6718a1a514878ad81d6560fe33a2a6eeed5f83041c899ce7c75d5f0977fff06f14d5febacc1dcfb04a9b0f813f571451572ceaa650129e365aa1cd171
SSDEEP

3072:PTWwoRBgWA0bOjmdTRiozobJbv6ckZP4DLx8MPlG7lPdpF1:PThoU70bVdNiozZZ9F7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 56 IoCs

pid	Process
2768	Unicorn-9797.exe
2564	Unicorn-61554.exe
2844	Unicorn-16992.exe
2724	Unicorn-54045.exe
2952	Unicorn-38263.exe
2448	Unicorn-25265.exe
2396	Unicorn-54559.exe
1416	Unicorn-60158.exe
776	Unicorn-6318.exe
1640	Unicorn-49141.exe
2088	Unicorn-64922.exe
2212	Unicorn-52862.exe
932	Unicorn-15914.exe
2140	Unicorn-40588.exe
2860	Unicorn-17149.exe
940	Unicorn-60620.exe
1044	Unicorn-32586.exe
2392	Unicorn-24056.exe
2020	Unicorn-20849.exe
804	Unicorn-40946.exe
1620	Unicorn-55104.exe
1616	Unicorn-12810.exe
2044	Unicorn-29893.exe
2828	Unicorn-49951.exe
828	Unicorn-5389.exe
2496	Unicorn-13962.exe
892	Unicorn-51103.exe
2500	Unicorn-26961.exe
1712	Unicorn-46827.exe
2188	Unicorn-59250.exe
2812	Unicorn-13578.exe
2556	Unicorn-59738.exe
2760	Unicorn-22960.exe
2532	Unicorn-18130.exe
2388	Unicorn-19068.exe
2472	Unicorn-47102.exe
2956	Unicorn-43978.exe
2720	Unicorn-44725.exe
1400	Unicorn-44170.exe
1280	Unicorn-31726.exe
572	Unicorn-23728.exe
1232	Unicorn-56038.exe
2800	Unicorn-43271.exe
1208	Unicorn-55929.exe
1764	Unicorn-47953.exe
936	Unicorn-47953.exe
2504	Unicorn-48124.exe
2632	Unicorn-61300.exe
1980	Unicorn-15629.exe
1528	Unicorn-4144.exe
2952	Unicorn-40578.exe
2316	Unicorn-32816.exe
2852	Unicorn-335.exe
2292	Unicorn-37537.exe
1152	Unicorn-15192.exe
2948	Unicorn-41503.exe

Loads dropped DLL 64 IoCs

pid	Process
2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
2768	Unicorn-9797.exe
2768	Unicorn-9797.exe
2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
2564	Unicorn-61554.exe
2564	Unicorn-61554.exe
2768	Unicorn-9797.exe
2768	Unicorn-9797.exe
2844	Unicorn-16992.exe
2844	Unicorn-16992.exe
2952	Unicorn-38263.exe
2952	Unicorn-38263.exe
2448	Unicorn-25265.exe
2448	Unicorn-25265.exe
2844	Unicorn-16992.exe
2844	Unicorn-16992.exe
2396	Unicorn-54559.exe
2952	Unicorn-38263.exe
2952	Unicorn-38263.exe
2396	Unicorn-54559.exe
1416	Unicorn-60158.exe
1416	Unicorn-60158.exe
776	Unicorn-6318.exe
776	Unicorn-6318.exe
2448	Unicorn-25265.exe
2448	Unicorn-25265.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
1640	Unicorn-49141.exe
1640	Unicorn-49141.exe
2212	Unicorn-52862.exe
2212	Unicorn-52862.exe
1416	Unicorn-60158.exe
1416	Unicorn-60158.exe
932	Unicorn-15914.exe
932	Unicorn-15914.exe
776	Unicorn-6318.exe
2140	Unicorn-40588.exe
2140	Unicorn-40588.exe
776	Unicorn-6318.exe
2724	Unicorn-54045.exe
2724	Unicorn-54045.exe
2860	Unicorn-17149.exe
2860	Unicorn-17149.exe
1640	Unicorn-49141.exe
1640	Unicorn-49141.exe
940	Unicorn-60620.exe
940	Unicorn-60620.exe
2212	Unicorn-52862.exe
2212	Unicorn-52862.exe
1044	Unicorn-32586.exe
1044	Unicorn-32586.exe
2020	Unicorn-20849.exe
2020	Unicorn-20849.exe
2140	Unicorn-40588.exe
2140	Unicorn-40588.exe
2392	Unicorn-24056.exe
2392	Unicorn-24056.exe
932	Unicorn-15914.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2164	2088	WerFault.exe	37

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
2768	Unicorn-9797.exe
2564	Unicorn-61554.exe
2844	Unicorn-16992.exe
2952	Unicorn-38263.exe
2448	Unicorn-25265.exe
2396	Unicorn-54559.exe
1416	Unicorn-60158.exe
776	Unicorn-6318.exe
1640	Unicorn-49141.exe
2088	Unicorn-64922.exe
2212	Unicorn-52862.exe
932	Unicorn-15914.exe
2140	Unicorn-40588.exe
2724	Unicorn-54045.exe
2860	Unicorn-17149.exe
940	Unicorn-60620.exe
1044	Unicorn-32586.exe
2392	Unicorn-24056.exe
804	Unicorn-40946.exe
2020	Unicorn-20849.exe
1620	Unicorn-55104.exe
1616	Unicorn-12810.exe
2044	Unicorn-29893.exe
2828	Unicorn-49951.exe
828	Unicorn-5389.exe
2496	Unicorn-13962.exe
892	Unicorn-51103.exe
2500	Unicorn-26961.exe
2812	Unicorn-13578.exe
2188	Unicorn-59250.exe
2556	Unicorn-59738.exe
2760	Unicorn-22960.exe
2532	Unicorn-18130.exe
2720	Unicorn-44725.exe
2472	Unicorn-47102.exe
1232	Unicorn-56038.exe
2388	Unicorn-19068.exe
2956	Unicorn-43978.exe
2800	Unicorn-43271.exe
1280	Unicorn-31726.exe
1208	Unicorn-55929.exe
1400	Unicorn-44170.exe
1764	Unicorn-47953.exe
1528	Unicorn-4144.exe
2316	Unicorn-32816.exe
2632	Unicorn-61300.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2768	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2768	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2768	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2768	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	28
PID 2768 wrote to memory of 2564	2768	Unicorn-9797.exe	29
PID 2768 wrote to memory of 2564	2768	Unicorn-9797.exe	29
PID 2768 wrote to memory of 2564	2768	Unicorn-9797.exe	29
PID 2768 wrote to memory of 2564	2768	Unicorn-9797.exe	29
PID 2228 wrote to memory of 2844	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	30
PID 2228 wrote to memory of 2844	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	30
PID 2228 wrote to memory of 2844	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	30
PID 2228 wrote to memory of 2844	2228	e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe	30
PID 2564 wrote to memory of 2724	2564	Unicorn-61554.exe	31
PID 2564 wrote to memory of 2724	2564	Unicorn-61554.exe	31
PID 2564 wrote to memory of 2724	2564	Unicorn-61554.exe	31
PID 2564 wrote to memory of 2724	2564	Unicorn-61554.exe	31
PID 2768 wrote to memory of 2952	2768	Unicorn-9797.exe	32
PID 2768 wrote to memory of 2952	2768	Unicorn-9797.exe	32
PID 2768 wrote to memory of 2952	2768	Unicorn-9797.exe	32
PID 2768 wrote to memory of 2952	2768	Unicorn-9797.exe	32
PID 2844 wrote to memory of 2448	2844	Unicorn-16992.exe	33
PID 2844 wrote to memory of 2448	2844	Unicorn-16992.exe	33
PID 2844 wrote to memory of 2448	2844	Unicorn-16992.exe	33
PID 2844 wrote to memory of 2448	2844	Unicorn-16992.exe	33
PID 2952 wrote to memory of 2396	2952	Unicorn-38263.exe	34
PID 2952 wrote to memory of 2396	2952	Unicorn-38263.exe	34
PID 2952 wrote to memory of 2396	2952	Unicorn-38263.exe	34
PID 2952 wrote to memory of 2396	2952	Unicorn-38263.exe	34
PID 2448 wrote to memory of 776	2448	Unicorn-25265.exe	35
PID 2448 wrote to memory of 776	2448	Unicorn-25265.exe	35
PID 2448 wrote to memory of 776	2448	Unicorn-25265.exe	35
PID 2448 wrote to memory of 776	2448	Unicorn-25265.exe	35
PID 2844 wrote to memory of 1416	2844	Unicorn-16992.exe	36
PID 2844 wrote to memory of 1416	2844	Unicorn-16992.exe	36
PID 2844 wrote to memory of 1416	2844	Unicorn-16992.exe	36
PID 2844 wrote to memory of 1416	2844	Unicorn-16992.exe	36
PID 2952 wrote to memory of 1640	2952	Unicorn-38263.exe	38
PID 2952 wrote to memory of 1640	2952	Unicorn-38263.exe	38
PID 2952 wrote to memory of 1640	2952	Unicorn-38263.exe	38
PID 2952 wrote to memory of 1640	2952	Unicorn-38263.exe	38
PID 2396 wrote to memory of 2088	2396	Unicorn-54559.exe	37
PID 2396 wrote to memory of 2088	2396	Unicorn-54559.exe	37
PID 2396 wrote to memory of 2088	2396	Unicorn-54559.exe	37
PID 2396 wrote to memory of 2088	2396	Unicorn-54559.exe	37
PID 1416 wrote to memory of 2212	1416	Unicorn-60158.exe	39
PID 1416 wrote to memory of 2212	1416	Unicorn-60158.exe	39
PID 1416 wrote to memory of 2212	1416	Unicorn-60158.exe	39
PID 1416 wrote to memory of 2212	1416	Unicorn-60158.exe	39
PID 776 wrote to memory of 932	776	Unicorn-6318.exe	40
PID 776 wrote to memory of 932	776	Unicorn-6318.exe	40
PID 776 wrote to memory of 932	776	Unicorn-6318.exe	40
PID 776 wrote to memory of 932	776	Unicorn-6318.exe	40
PID 2448 wrote to memory of 2140	2448	Unicorn-25265.exe	41
PID 2448 wrote to memory of 2140	2448	Unicorn-25265.exe	41
PID 2448 wrote to memory of 2140	2448	Unicorn-25265.exe	41
PID 2448 wrote to memory of 2140	2448	Unicorn-25265.exe	41
PID 2088 wrote to memory of 2164	2088	Unicorn-64922.exe	42
PID 2088 wrote to memory of 2164	2088	Unicorn-64922.exe	42
PID 2088 wrote to memory of 2164	2088	Unicorn-64922.exe	42
PID 2088 wrote to memory of 2164	2088	Unicorn-64922.exe	42
PID 1640 wrote to memory of 2860	1640	Unicorn-49141.exe	43
PID 1640 wrote to memory of 2860	1640	Unicorn-49141.exe	43
PID 1640 wrote to memory of 2860	1640	Unicorn-49141.exe	43
PID 1640 wrote to memory of 2860	1640	Unicorn-49141.exe	43

C:\Users\Admin\AppData\Local\Temp\e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7c24ba6c0ec87029356f31c54050c18_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        7⤵
        Executes dropped EXE
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
        8⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        6⤵
        
        PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        9⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52467.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
        11⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        7⤵
        Executes dropped EXE
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        7⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        8⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        6⤵
        Executes dropped EXE
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53416.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        9⤵
        
        PID:2224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        7⤵
        Executes dropped EXE
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
        8⤵
        Executes dropped EXE
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        12⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        13⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        8⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        6⤵
        Executes dropped EXE
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        6⤵
        Executes dropped EXE
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        7⤵
        
        PID:1328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        9⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27001.exe
        10⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        7⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        7⤵
        Executes dropped EXE
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
        8⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        5⤵
        Executes dropped EXE
        
        PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe

Filesize
184KB

MD5
d7b98605de2e37cb5b6c9ce6119f5edf

SHA1
3288cad2e4b85d104e8f4b08974a203e7fb5fc89

SHA256
030e2d561641d4d10ef7c4d2ad1f4d1de2d5a6e74c7eb06bd9dd720181649d22

SHA512
12719404e0c05be0aa15139775d854affe1bb88491398a405d052dc71820a6fcfd5173487df858abf2bf91f6bceb11d13eafb4f5b89cdc9c0c65c9dd38d1a396

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe

Filesize
184KB

MD5
b4c2fe72e9605e58024a826366b7c431

SHA1
cdd6c4ea8ea394a77d691335c4f4aac016fdf65c

SHA256
7bb7ce1e06bbb73c361f98f36d561bfa426392e6f7ed768099cfecf99272bbd7

SHA512
5605a690c210f256b122395cb94187c709a786de1b8febccd708dd66102683168918fcb12be6a871d6d8e02dcd18b0628fdda34f76a7eceef03500feb1c20000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe

Filesize
184KB

MD5
0f2508e951a0f6e21145a1de55c6b79c

SHA1
1689c6eedc28cefcc8ec2b82b610cd17f446df5d

SHA256
9c30c8d6372e7d996106504af0bf64f8ffbe1b386226c27a0ac2264a0b2d3427

SHA512
3afff5d6a4fa310f7dae885a4b5930454140a233628cc092b332cb43c5b44f3bafb77aed4d576661be4d4aec4e05b1655f95c5fee9c7267508fb5904485aa421

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe

Filesize
184KB

MD5
783808432e8ba8137b7c5a71b1c2d797

SHA1
9bbdf9fc88d5c9a46e5f48c56f3347ad8f4217d2

SHA256
92d88eee8e644577edd76a06d991590e1484ebbc5d23a0b6c1c3b17b72b5cadf

SHA512
e0a09f56ebf1c73d3599dd45730e282cc2a45077b7f5faa11488149dbccd1e8bec77d22be12b2959f08875688ae19a3bfc26b33cdd1303c2857bdc84afe59dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe

Filesize
184KB

MD5
328680fd49ed4b64ec4d39125d7a7fd5

SHA1
dc550b5d0cc87b601ab1bfd36f06383dc48ff04e

SHA256
0df4182d7ef0ed33cb98f84bf7ad5b27a70ead7369ef1cc32b081d25155439b6

SHA512
4562b1421ed3ed522f05dad3a4f489d16817a057ebc4980da689e5240b65cf8fd8767b01ca41a0a22d51917763801db24a16879442ee603ccc16460f6ae5e559

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe

Filesize
184KB

MD5
58a8ffc8ed4483ab406ee67b7757d85c

SHA1
bc5aea3bb73b560a991dbd70d1dfd83e876cf4f8

SHA256
d62840f02eddf762d11ad95532252ff987b72fcd1350e0e914ef18187e553d9c

SHA512
4c3298699b10572c7b88874807d7945ec808d36c405aceaee943a556d1ff045ae8f44ff6d13a164ff39fae36c295e30642ce7fba79bf13287f0f375ae90523ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe

Filesize
184KB

MD5
129ae133dc5604309f0e45aff3dad3a8

SHA1
9996d2c8347283dbc5e77e5b78dca0d7b9ad92c8

SHA256
23b43c7fd2784b15a948a686e7a6f40a6a662dd38f6ac6c8e17c4ced262aa5fe

SHA512
9b9f36a0e94bdab8f144de41a21e2d3cbbd27cebef1a5e672c5a3cac7cd9b72d6e60ecc94c6b01743316baca7e310ce1c2abd3fe945918c7d93c2b5532f04665

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe

Filesize
184KB

MD5
09227c4a734fd78e305428969dce74c2

SHA1
bda992b1b5f87fb6da16429100a1f7d6b2511838

SHA256
0b769011596a6cc2a522cd8105bf67af002225e4a6fc408f6a4e1c0df9c340f4

SHA512
1d22fe7f9b722d8a513081cf6739bbd10056c5e3e09d650e7baa1833e4474c654f2c22c54e030983963b06d78bf44533291a36c87a345c708b51a0931ce3168b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe

Filesize
184KB

MD5
4837abafdadd38255bb42dbd545e7d90

SHA1
cf78f41eb0e64178d1d9e269607ea10838d2620e

SHA256
0ead3582d96b9aaa4322bda8425d9e24b758651ba1977a0542da36aa278d75af

SHA512
61086fa6044820a31aca8b41fd656ed3adf00d3e4e16da5f35dcfdac192f69872d85e70b9bc520db73bab61507f50df0c42b274b2bf3638a606d1860f4a6295f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe

Filesize
184KB

MD5
f649bbc6c436529f67d89c6ea1b682fe

SHA1
62f7740683054c7ac36418d129df1ba9e4cc6e74

SHA256
1bd4f1fa9dd160e4803148318ce8539acf9c52164c5acbf24bac73fc43bc0c6d

SHA512
2c648fa0bffc9dff9cc9c893f035e8b0e210726e3f1a5c1b3eb704dd1bc0732ff07c13ff01af58201bea54fe8c03acdd199a512641c2badf1383c52301612fff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe

Filesize
184KB

MD5
01d75250b16cd4e1e17d2b8c19d06cd9

SHA1
475bc6146551c642908bdc19d80021c4428834d7

SHA256
58d1343e02badf777ad72932743c6d35cefc01d3c659cda7e8eb63fd4b42e431

SHA512
99ba07694b4b08759098852c8c48508e20265adee15d8b87062a52fa3f7582ac1afbc8137b4e48c5c893b63fe04f96f8f88a35c2858715304445dc864aec1e63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe

Filesize
184KB

MD5
907b5e13c8d0f6a8537b0bd3b90a8311

SHA1
46f95092cbb3cf2b6c9f4f25569e2f48eb6954e4

SHA256
614fa5d61244a3afe65647c2236be327dc361496e0304c7241bf6630531f4160

SHA512
fd17f6a231c224292d19b186e8979f4758c65b0ba0b0906a1de805c3b2ad53e2ce0e0602daeeb9c8176c7fc48aeeae6e9859063ce34a0f29f95d6d1c93de2299

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe

Filesize
184KB

MD5
203dcaf9357816c49e5b971723933987

SHA1
5a25dc22e304a49022f0701dc7a748ee12a8f673

SHA256
6af288c6452eece83b50af8bae09c04d5629fde5b2c6a19a8579408591486277

SHA512
70ce07de1e9ffec2e823a833f018a039627f26dfa4318cb3fca5da4bfafd4b192d2f2cacc1ce4f0349f1838500a3037966fc80ed098776c02df86bb602f99119

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe

Filesize
184KB

MD5
d07f64d7145f15963efaf367d96643a9

SHA1
547ebeaca0946443a0032e8330f848e126820572

SHA256
c13dd425418b01332ea3a0dc16007ee35c38c064aa7313042e76b0997ff340f4

SHA512
db0b7eabbbee9b70cbddf94091a8a772940976ddcce5a0180b9475ff99d8bbe7bc411479a834500cf5b8b39c03e380041bd3789304ca7f1adef0cb7c011ed81f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe

Filesize
184KB

MD5
3f1f0a52ff0832c6dc0e4655b5da8f1b

SHA1
9b43c74c346b69a9dc0d475884b6a4869d3e4aab

SHA256
240bb53727f54d62cf6baf15363df297f7a887ea53800152b63c21ea1f7f9dab

SHA512
a1d3d705069a03641b6367cba22375f6af88abc616a19b12fea8ccc46894e06b815422cc4dfb0e12aa42a499d1b10e04e716faafc5dc81957a9f8a7d4578d519

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe

Filesize
184KB

MD5
e9fbd3c176473f8740895c40e794fae4

SHA1
903c1d5ede2fa43eae2cda3167b6617199e666eb

SHA256
26f5b4992d80ff5d384b55dd4774bb6b75bef5531f38f59e78d744db01b91a8d

SHA512
6ae0b58be2095245b83fd086b833ef8c6b0f3cd87868fcbf1fec7c6eabecc70ccb8819250c68149a913ce2ba68279cf1b9392d947110658a7a54d0b49528bd9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe

Filesize
184KB

MD5
59fd2b5fce2cbf0801c54c059d60b785

SHA1
eaaf3d951b1335d60cb333cfea13a3beae308bfe

SHA256
356cfb3b186213aa4ab01124ca69b3d53e0ddfc87bc9a5d9eb3184ddcbd88332

SHA512
61b0c851aea98396f9cb19380488c379eaa17fc1185dc73500565d0091ee5c4f7240ee5aa7cb63437a8d53900235085f9dd6bf203ad949b72b599b2f8daedab8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe

Filesize
184KB

MD5
fd3be8f02a1fe94a8c62d48a8ff5dbfb

SHA1
109e599328bfa3f30cd8f42ed2dd5ef9b75725a7

SHA256
9e0f3fae1bf745f331a15afdfbf2235693ebdb6529e65b0250d3f88048b2bfe3

SHA512
8d60ccaef999fecd76b12131998e9c4bc41aa274fe3ebb6e0e5c24db3c064077b1af1af41b7970247de01a197e7fd4fda935da77c272ac0b92dca8a28b263c0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe

Filesize
184KB

MD5
cb1758a55d873a69cf361218f3844c68

SHA1
5167e37ac9165e3b67c8dda15615f6755970bdf7

SHA256
40f51d493038c8d5951e25dc8e495cde4447a1882032c1b239d50cfb4d0f9f89

SHA512
12975b120d122117a008d522bdb6e3dd12f5dfb581175ca0cd7bac83698c52532d7be067e11cea1cc45d4d56df3224459d0abda1dc5a655f9dae06f241134a52

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads