39ea3a59da4469e0540f79bb73e1483ae885e1f36827842edb41d0128fa635c3

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
Size

184KB
MD5

e7db6aaab350ba0a4b8b83078b7f13ec
SHA1

0ce7dac439a35da42df6b4324296ac4c526b712d
SHA256

39ea3a59da4469e0540f79bb73e1483ae885e1f36827842edb41d0128fa635c3
SHA512

85c3e717489ab84afd41f6f2f81b2aff1f004b666f204320327b8b20bb09a535bb1f2d30c22e669df8bb61bb41e8a0726bcc2709d914902463005dfcc5f7aa23
SSDEEP

3072:N/bgoYbQ6SA01OjJdTNWl8FbgdY6UDWIBTExq9PJDNlPv1F:N/Mos301GdZWl8JXDvNlPv1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2136	Unicorn-39376.exe
1148	Unicorn-3854.exe
2612	Unicorn-4601.exe
2364	Unicorn-45546.exe
2516	Unicorn-50185.exe
2520	Unicorn-16958.exe
2420	Unicorn-6000.exe
2216	Unicorn-25544.exe
528	Unicorn-18890.exe
2668	Unicorn-60603.exe
936	Unicorn-65434.exe
1912	Unicorn-44267.exe
1980	Unicorn-36099.exe
632	Unicorn-57266.exe
1432	Unicorn-21708.exe
1852	Unicorn-29322.exe
2192	Unicorn-157.exe
3008	Unicorn-17240.exe
2788	Unicorn-57417.exe
1036	Unicorn-25814.exe
1544	Unicorn-57609.exe
892	Unicorn-58356.exe
1116	Unicorn-46317.exe
564	Unicorn-34148.exe
3024	Unicorn-9643.exe
1796	Unicorn-9643.exe
1540	Unicorn-43062.exe
948	Unicorn-22642.exe
1652	Unicorn-33764.exe
604	Unicorn-10006.exe
1900	Unicorn-5367.exe
2920	Unicorn-35470.exe
1348	Unicorn-55336.exe
1688	Unicorn-7074.exe
2680	Unicorn-26940.exe
1588	Unicorn-26255.exe
1928	Unicorn-6389.exe
2152	Unicorn-7541.exe
1196	Unicorn-47443.exe
2256	Unicorn-27407.exe
2980	Unicorn-27577.exe
2604	Unicorn-30770.exe
2512	Unicorn-30770.exe
2628	Unicorn-10904.exe
1984	Unicorn-380.exe
1940	Unicorn-9825.exe
1960	Unicorn-58938.exe
340	Unicorn-194.exe
1956	Unicorn-40571.exe
1880	Unicorn-7597.exe
1472	Unicorn-50332.exe
568	Unicorn-59891.exe
2672	Unicorn-763.exe
1200	Unicorn-33794.exe
1504	Unicorn-32829.exe
1580	Unicorn-45932.exe
2196	Unicorn-47105.exe
2596	Unicorn-44355.exe
2072	Unicorn-19052.exe
432	Unicorn-52575.exe
2216	Unicorn-26024.exe
1008	Unicorn-1986.exe
1132	Unicorn-59547.exe
772	Unicorn-18707.exe

Loads dropped DLL 64 IoCs

pid	Process
2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
2136	Unicorn-39376.exe
2136	Unicorn-39376.exe
2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
1148	Unicorn-3854.exe
1148	Unicorn-3854.exe
2136	Unicorn-39376.exe
2136	Unicorn-39376.exe
2612	Unicorn-4601.exe
2612	Unicorn-4601.exe
2516	Unicorn-50185.exe
2516	Unicorn-50185.exe
2520	Unicorn-16958.exe
2520	Unicorn-16958.exe
2612	Unicorn-4601.exe
2612	Unicorn-4601.exe
2420	Unicorn-6000.exe
2420	Unicorn-6000.exe
2516	Unicorn-50185.exe
2516	Unicorn-50185.exe
528	Unicorn-18890.exe
528	Unicorn-18890.exe
2216	Unicorn-25544.exe
2216	Unicorn-25544.exe
2520	Unicorn-16958.exe
2520	Unicorn-16958.exe
2668	Unicorn-60603.exe
2668	Unicorn-60603.exe
2420	Unicorn-6000.exe
2420	Unicorn-6000.exe
1912	Unicorn-44267.exe
1912	Unicorn-44267.exe
528	Unicorn-18890.exe
528	Unicorn-18890.exe
936	Unicorn-65434.exe
936	Unicorn-65434.exe
632	Unicorn-57266.exe
632	Unicorn-57266.exe
1980	Unicorn-36099.exe
1980	Unicorn-36099.exe
2216	Unicorn-25544.exe
2216	Unicorn-25544.exe
2364	Unicorn-45546.exe
2364	Unicorn-45546.exe
1852	Unicorn-29322.exe
1852	Unicorn-29322.exe
2668	Unicorn-60603.exe
1432	Unicorn-21708.exe
2192	Unicorn-157.exe
2192	Unicorn-157.exe
1432	Unicorn-21708.exe
2668	Unicorn-60603.exe
1912	Unicorn-44267.exe
1912	Unicorn-44267.exe
1036	Unicorn-25814.exe
1036	Unicorn-25814.exe
632	Unicorn-57266.exe
632	Unicorn-57266.exe
2788	Unicorn-57417.exe
2788	Unicorn-57417.exe
1544	Unicorn-57609.exe
936	Unicorn-65434.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
2136	Unicorn-39376.exe
1148	Unicorn-3854.exe
2612	Unicorn-4601.exe
2516	Unicorn-50185.exe
2520	Unicorn-16958.exe
2420	Unicorn-6000.exe
2216	Unicorn-25544.exe
528	Unicorn-18890.exe
2668	Unicorn-60603.exe
1912	Unicorn-44267.exe
936	Unicorn-65434.exe
632	Unicorn-57266.exe
1980	Unicorn-36099.exe
2364	Unicorn-45546.exe
1852	Unicorn-29322.exe
1432	Unicorn-21708.exe
2192	Unicorn-157.exe
3008	Unicorn-17240.exe
1036	Unicorn-25814.exe
2788	Unicorn-57417.exe
1544	Unicorn-57609.exe
892	Unicorn-58356.exe
1116	Unicorn-46317.exe
564	Unicorn-34148.exe
3024	Unicorn-9643.exe
1540	Unicorn-43062.exe
948	Unicorn-22642.exe
1796	Unicorn-9643.exe
1652	Unicorn-33764.exe
1900	Unicorn-5367.exe
1348	Unicorn-55336.exe
604	Unicorn-10006.exe
2920	Unicorn-35470.exe
2680	Unicorn-26940.exe
2980	Unicorn-27577.exe
1928	Unicorn-6389.exe
2256	Unicorn-27407.exe
2604	Unicorn-30770.exe
1688	Unicorn-7074.exe
1984	Unicorn-380.exe
1940	Unicorn-9825.exe
1588	Unicorn-26255.exe
2152	Unicorn-7541.exe
1960	Unicorn-58938.exe
2512	Unicorn-30770.exe
2628	Unicorn-10904.exe
1196	Unicorn-47443.exe
1956	Unicorn-40571.exe
1472	Unicorn-50332.exe
1504	Unicorn-32829.exe
2672	Unicorn-763.exe
340	Unicorn-194.exe
1880	Unicorn-7597.exe
2196	Unicorn-47105.exe
568	Unicorn-59891.exe
1200	Unicorn-33794.exe
1580	Unicorn-45932.exe
2072	Unicorn-19052.exe
2596	Unicorn-44355.exe
432	Unicorn-52575.exe
2216	Unicorn-26024.exe
1008	Unicorn-1986.exe
1132	Unicorn-59547.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2136	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2136	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2136	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	28
PID 2024 wrote to memory of 2136	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	28
PID 2136 wrote to memory of 1148	2136	Unicorn-39376.exe	29
PID 2136 wrote to memory of 1148	2136	Unicorn-39376.exe	29
PID 2136 wrote to memory of 1148	2136	Unicorn-39376.exe	29
PID 2136 wrote to memory of 1148	2136	Unicorn-39376.exe	29
PID 2024 wrote to memory of 2612	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	30
PID 2024 wrote to memory of 2612	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	30
PID 2024 wrote to memory of 2612	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	30
PID 2024 wrote to memory of 2612	2024	e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe	30
PID 1148 wrote to memory of 2364	1148	Unicorn-3854.exe	31
PID 1148 wrote to memory of 2364	1148	Unicorn-3854.exe	31
PID 1148 wrote to memory of 2364	1148	Unicorn-3854.exe	31
PID 1148 wrote to memory of 2364	1148	Unicorn-3854.exe	31
PID 2136 wrote to memory of 2516	2136	Unicorn-39376.exe	32
PID 2136 wrote to memory of 2516	2136	Unicorn-39376.exe	32
PID 2136 wrote to memory of 2516	2136	Unicorn-39376.exe	32
PID 2136 wrote to memory of 2516	2136	Unicorn-39376.exe	32
PID 2612 wrote to memory of 2520	2612	Unicorn-4601.exe	33
PID 2612 wrote to memory of 2520	2612	Unicorn-4601.exe	33
PID 2612 wrote to memory of 2520	2612	Unicorn-4601.exe	33
PID 2612 wrote to memory of 2520	2612	Unicorn-4601.exe	33
PID 2516 wrote to memory of 2420	2516	Unicorn-50185.exe	34
PID 2516 wrote to memory of 2420	2516	Unicorn-50185.exe	34
PID 2516 wrote to memory of 2420	2516	Unicorn-50185.exe	34
PID 2516 wrote to memory of 2420	2516	Unicorn-50185.exe	34
PID 2520 wrote to memory of 2216	2520	Unicorn-16958.exe	35
PID 2520 wrote to memory of 2216	2520	Unicorn-16958.exe	35
PID 2520 wrote to memory of 2216	2520	Unicorn-16958.exe	35
PID 2520 wrote to memory of 2216	2520	Unicorn-16958.exe	35
PID 2612 wrote to memory of 528	2612	Unicorn-4601.exe	36
PID 2612 wrote to memory of 528	2612	Unicorn-4601.exe	36
PID 2612 wrote to memory of 528	2612	Unicorn-4601.exe	36
PID 2612 wrote to memory of 528	2612	Unicorn-4601.exe	36
PID 2420 wrote to memory of 2668	2420	Unicorn-6000.exe	37
PID 2420 wrote to memory of 2668	2420	Unicorn-6000.exe	37
PID 2420 wrote to memory of 2668	2420	Unicorn-6000.exe	37
PID 2420 wrote to memory of 2668	2420	Unicorn-6000.exe	37
PID 2516 wrote to memory of 936	2516	Unicorn-50185.exe	38
PID 2516 wrote to memory of 936	2516	Unicorn-50185.exe	38
PID 2516 wrote to memory of 936	2516	Unicorn-50185.exe	38
PID 2516 wrote to memory of 936	2516	Unicorn-50185.exe	38
PID 528 wrote to memory of 1912	528	Unicorn-18890.exe	39
PID 528 wrote to memory of 1912	528	Unicorn-18890.exe	39
PID 528 wrote to memory of 1912	528	Unicorn-18890.exe	39
PID 528 wrote to memory of 1912	528	Unicorn-18890.exe	39
PID 2216 wrote to memory of 1980	2216	Unicorn-25544.exe	40
PID 2216 wrote to memory of 1980	2216	Unicorn-25544.exe	40
PID 2216 wrote to memory of 1980	2216	Unicorn-25544.exe	40
PID 2216 wrote to memory of 1980	2216	Unicorn-25544.exe	40
PID 2520 wrote to memory of 632	2520	Unicorn-16958.exe	41
PID 2520 wrote to memory of 632	2520	Unicorn-16958.exe	41
PID 2520 wrote to memory of 632	2520	Unicorn-16958.exe	41
PID 2520 wrote to memory of 632	2520	Unicorn-16958.exe	41
PID 2668 wrote to memory of 1852	2668	Unicorn-60603.exe	42
PID 2668 wrote to memory of 1852	2668	Unicorn-60603.exe	42
PID 2668 wrote to memory of 1852	2668	Unicorn-60603.exe	42
PID 2668 wrote to memory of 1852	2668	Unicorn-60603.exe	42
PID 2420 wrote to memory of 1432	2420	Unicorn-6000.exe	43
PID 2420 wrote to memory of 1432	2420	Unicorn-6000.exe	43
PID 2420 wrote to memory of 1432	2420	Unicorn-6000.exe	43
PID 2420 wrote to memory of 1432	2420	Unicorn-6000.exe	43

C:\Users\Admin\AppData\Local\Temp\e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e7db6aaab350ba0a4b8b83078b7f13ec_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45546.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        7⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        7⤵
        
        PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        8⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        9⤵
        
        PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        8⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
        8⤵
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        9⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        10⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        7⤵
        
        PID:1720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        7⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
        9⤵
        
        PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        8⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        6⤵
        
        PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        8⤵
        Executes dropped EXE
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        7⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        8⤵
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        5⤵
        
        PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe

Filesize
184KB

MD5
db476f24c7da86eb64e47ac8349fbe6e

SHA1
23b63d668e5d7b0ec67b21dfb0a8e95b6ca5996d

SHA256
857096211bea0fc1b8d2f011e4c78ad55eeafcdc72923a093c02fd5f84a9dd1d

SHA512
4c7c853b7641baeaa0539165c0600d569f77ced0a89d5af5edea77fd522dbd294c1d11e89d18f7001938bb47ff8ee5c76181879bccf6866fc225c02745084fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe

Filesize
184KB

MD5
79e6ad36948ff2e341fe4d1290df0d21

SHA1
bd3a8866fa946d190055cb61509a89cd19598dfd

SHA256
645af193ed8b965a259835b659e48e0451c56f4f62d6796ff1c5317df0d6a586

SHA512
e3f887f3b11577eaf18f78a6787778f56b36ae70cab9d857c6ebbf74adb9a09de2da5b36b5aed3dd87f682fc7e506271bb62d9793151df57adad8b9ca48e08ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe

Filesize
184KB

MD5
7bcf1a348224d8f888d2651a5e20c74b

SHA1
dccd0dae36a41f3a86901c05b7cea341982b53b1

SHA256
5660088864a79f9a76c6ba92e20fc28ffeeed3e0c7a2a47bd9989dea70d860d1

SHA512
9f0516c2833bd3a63d8cb1915c6ddec3b2672813c78626de819c2c1ffc81147d94c7c690d011bebdcc8548951c30d08d357f1cc69919c285060bf3dfb830fb5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe

Filesize
184KB

MD5
ad4570a174f22ac66704cbb2c35a4e29

SHA1
c45bc8cfee2dc2fb36fbd0a02c2b82baf4db937c

SHA256
cb0d7c96e041e9c7374bdced3f24853760da2c6c2da195aec5455fd8051604ef

SHA512
dc594c97d3e1f42c24ae8bb06a47b5987f32fbeefb3ff0a48338f12fbe51192ffeed8e7eb0b12e3f31a03bbc9be4a29ec7d460426046aa9bf2ef0bf186199b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe

Filesize
184KB

MD5
032cd6e79aa2e1f41972e635669725f8

SHA1
1b809fa2a2b3549e7b020b2ccb13f5b6c9800dd7

SHA256
aec833445e90bdf92bfb17a079f66ca00e8cc310e2f5a78577d14ef91cb597b5

SHA512
50ae8cfb0c0d5e8b6ac02fc24b4958fcbaa23e84e044d59c82bf4e71ae13a586992c1403a3199f895f2d580c78ecd54229c62a268d52a52348c9a686d698991b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-157.exe

Filesize
184KB

MD5
b6ad7b0e913d5e4b1e052f0bf96044b2

SHA1
127cc742f7c9083fbb3a2b68be2aab0a6aefa801

SHA256
aaa925698b33272128bf1977954e8e4526563b71c94079935a99cb8c8bf7d120

SHA512
01cb7a2e271371cfb2eefbec10dca914d8d96bf52bf57419430883e08a8c6f94b39c2d5100b8efa21730dfb8329b6b16f39be3bcbc036b6967f31a40fac8d2c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe

Filesize
184KB

MD5
57674952cf72cfadd0f52497889ac323

SHA1
4a5bf06e07e85bfa775c7a1da9d2d9b37e48624a

SHA256
1cacf5eea3e81b38b081a98d118393ae06f4ef34eb0947e1b49bb203a7283615

SHA512
32f2231ef2aaa2095433f36c45db8c74985e36ca008ac9081ccc3a923eacb071808b0cab33ed02d4d09b618236b190208dcdff1880aff01993807f63eeea3208

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe

Filesize
184KB

MD5
34fa0bb28db768a295a52e0b586558a4

SHA1
de3ab561e6f337bc379b6d1087eac7a8d7f851ae

SHA256
de896b1e38eaeb5a22d0ed298095a56997a93fe1c5eb1405081a04df50fdd0cb

SHA512
a0fcc84c92df8cda3fab0a873c8b87cc1b34cb20ffa7b0a73abe66541dd076e6b5082b565f69b83f7f6eefae7888463dd0aca4e4a93d92e41f7e16485e76d566

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe

Filesize
184KB

MD5
73a582b0860843719d11e09cecff3d9b

SHA1
c1d5c5244e6b9848a4e36557d366f460069823b9

SHA256
d77a9992429840ffe7489669baa85203215c05da01f2b9611007ec69ed6bbc35

SHA512
3bf7fbd21f747f8dff813efa52d3f38be398dbec94bfb4a0eacfc9d090286a2a72911eab92d22631c3751dd0902e74bd6c4ebd165ba23daa9a8706d53319ada9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe

Filesize
184KB

MD5
7dd56a2051ffc5c6c5d3c7e4d701e22d

SHA1
17d688805d9d5c6906d30beb7c6daad6381b2615

SHA256
6453a75b4ee8d3d715e4b63132c1e8478b1957d057b2a5af0f4cb09caf192698

SHA512
f5fc10861396ec2a2abaac0470dfe09ead216008803b8959d60d426a528fb6c670eeb3c39dc13d282c6be9f6f1d73f824cf7b4a6f8fad8d91a99ec3b9ad11e2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe

Filesize
184KB

MD5
1e25addf572e8a38b4531be910b7e4be

SHA1
ffef09a0b86b1cf842d522deca1aba971a6d0386

SHA256
7a26bd93fd50154700457b8ec590cd5bd8361199c10774d31a5cff8df06c4ea7

SHA512
1c1fe4854ca3a4256e3761e204f0c5c11459137aa26ffe19aa7b7b975476026d304e28f6c5cbde4cc61a558c2d0ea3f52b79dd829a46f53a91edba7e32a9eb2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe

Filesize
184KB

MD5
d9f69a69f42916db57d45eca0333cc25

SHA1
ffe989c54a321c04a938715bf3e8b4e0ad2163dd

SHA256
4a43feebc046ffcf365488587235d1b52c56e62d0764f45ff14bc977c92adb81

SHA512
5768293c8d9ef352754b59f74afd252d4850d3dac4ff003728cae55cd6759826f3b20bd84be1773117b11803bf83dd6676f2094068165298174351d6500a0c49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe

Filesize
184KB

MD5
415829c9f3858c10cb8b5fa43cf6236f

SHA1
682cfc7bb7cf0891ddbe8277a7a31aba3be5a28e

SHA256
452c537ff2b0844a348913337e16c0475eec9ef21c1343ed38cee8c136f15fbc

SHA512
c378ca0e64ee4241e7ae5cce3fa1a6660ce67d9dce4aaac29cad811e7ff09fe6e907384c78cc7389456d0cea731d12be166ad48acff40a8cdc741d0a7801aff9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe

Filesize
184KB

MD5
60dcabdd9e0df34141457086e545dea0

SHA1
c8e7835f237fdbc5ae38107cb1695af3b4886cdf

SHA256
41b5a97a6ce13b5a5c6dcc5e5db9ba9c78b527c39efe06feca2f296705a9a696

SHA512
1d6e7140a6f18df1d9b3631344f79d33f881f1042b40732caab0f5965ddd3cb8bb18c87cdef9ea7806366660f74b004a408fd1264ffda94d711fff33a069fa6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45546.exe

Filesize
184KB

MD5
544a490b1962d04fe71ef8e1ca58b23c

SHA1
7dc535326335c3c75c0d370d6a3f9ecc24f95ad7

SHA256
9130f63e8bc5b7a3361bb43002865f465393c9ee647bed0590d8e0bd21e45b08

SHA512
4e2c963d2ecd5c4e84e2c211240e52cc3c901fb49f4d0acb2efa9a1a69a2e88aa1b8687d4e45e773b9c178ac18296c0d09711caa61a88774144704cc69aaae8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe

Filesize
184KB

MD5
9151f9dc296687e1b694acef687d3e0d

SHA1
7fa86bbb52e46c60d94926967722a12bba91c22f

SHA256
02dc3672b995fe48cd20e503a55512b09bb63de15e8e45513f3b407569843bfc

SHA512
fa3f8db61b351cdf6fee6eaa914647bb8df97694249ac17eb421f0081fc72f654c2fcc2861356634f2f5db23184497e35f30c6e9323eddbd5b912595ae7153ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe

Filesize
184KB

MD5
e2f1fa3177cb6ad9c5d7a71a45922ba1

SHA1
07c4c8a740b14b942d96701461461c0fb0d709a8

SHA256
818616c276bfd366413e180d0687d6612e237678c53619ad28e916e74b0b0444

SHA512
710bd3cc9ee6cf4cb67e67171caa462aa08a563016bd77fec0582765eb0939a345ed89f79a21f3097fc2f9b71af71942ae9fe7244887a3e55a5887fcd7027d95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe

Filesize
184KB

MD5
e74855f6fb28e3d36a05a32dab00966a

SHA1
aed6963865e1642f328df0ea83dc915114ebb6f4

SHA256
72dcac24a623234f246aad5838d2b7e7e34ed30a741610b9dda790ae7c738707

SHA512
02ad9f8d03acd8fae85dcba407210d3fb60e95805eb2c45d7e0029029ea10e17d56fa51b2496b85835d5afb71c39969c195076d584c4a29519da172e773dbdc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe

Filesize
184KB

MD5
d64174e63b72f89942445af3db642583

SHA1
605e92b974936bcbb5122ee869f04b96827dc286

SHA256
df225cd9835439bf49e95e21a31ba76a9ab7efdbc52ef40062de372c3abbc045

SHA512
5b33462c096dc846dcf1dd2b5f696c1fb045cb3bfc4502ea01b4ae9f1545924c07f0b3a557f08b87815f80f67ad51c82b4731929ba8f7a8cc5baa9f86e9346fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads