693d4671c31cd12b5b867f157e824479d38383e2449394b82c503e01abac717b

Analysis

max time kernel
44s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
Size

184KB
MD5

e86bf30031310c07f23a72e9db46c912
SHA1

a352ca4ef4e90ef69ec84914e48ce8c1cad8ec43
SHA256

693d4671c31cd12b5b867f157e824479d38383e2449394b82c503e01abac717b
SHA512

4ccfc70ceb54037ad0f8ca07ca104fdc32861280e6a3bde0fdd2b69bf25fb14a21a506a368d3f4e8fe26a19917db55c06e99f7b661d3a762bdff06b7a9fea375
SSDEEP

3072:R2AvoJQaEEA7SOj+dxSMOz1eaL76lNnksDTx462yY7lXvpLc:R2wo0V7SddIMOz6kNp7lXvpL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 58 IoCs

pid	Process
2368	Unicorn-13353.exe
1696	Unicorn-4259.exe
2544	Unicorn-19204.exe
2832	Unicorn-16595.exe
3048	Unicorn-27455.exe
2636	Unicorn-12510.exe
2528	Unicorn-26792.exe
2144	Unicorn-2842.exe
1956	Unicorn-37098.exe
1436	Unicorn-10455.exe
2180	Unicorn-13148.exe
2492	Unicorn-49132.exe
1808	Unicorn-37434.exe
2976	Unicorn-36880.exe
936	Unicorn-45048.exe
788	Unicorn-20352.exe
484	Unicorn-31212.exe
376	Unicorn-4570.exe
592	Unicorn-51078.exe
2132	Unicorn-41047.exe
1080	Unicorn-35571.exe
1884	Unicorn-28795.exe
968	Unicorn-38909.exe
2276	Unicorn-53854.exe
1152	Unicorn-22573.exe
2272	Unicorn-51716.exe
2188	Unicorn-44939.exe
1012	Unicorn-35379.exe
3052	Unicorn-16351.exe
872	Unicorn-59329.exe
1652	Unicorn-65359.exe
2896	Unicorn-14767.exe
1176	Unicorn-57622.exe
1072	Unicorn-11114.exe
2884	Unicorn-23689.exe
2724	Unicorn-24758.exe
2400	Unicorn-23174.exe
2508	Unicorn-20482.exe
2008	Unicorn-41648.exe
2504	Unicorn-10175.exe
2164	Unicorn-16952.exe
2152	Unicorn-7414.exe
2916	Unicorn-58006.exe
1972	Unicorn-33672.exe
1048	Unicorn-53538.exe
1940	Unicorn-53538.exe
2456	Unicorn-53538.exe
2744	Unicorn-33672.exe
760	Unicorn-53538.exe
1188	Unicorn-53538.exe
2396	Unicorn-33672.exe
1696	Unicorn-30356.exe
1096	Unicorn-6428.exe
2972	Unicorn-50222.exe
2792	Unicorn-30356.exe
1824	Unicorn-26294.exe
2288	Unicorn-49127.exe
956	Unicorn-60372.exe

Loads dropped DLL 64 IoCs

pid	Process
1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
2368	Unicorn-13353.exe
2368	Unicorn-13353.exe
1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
2544	Unicorn-19204.exe
2544	Unicorn-19204.exe
2368	Unicorn-13353.exe
2368	Unicorn-13353.exe
1696	Unicorn-4259.exe
1696	Unicorn-4259.exe
2636	Unicorn-12510.exe
2636	Unicorn-12510.exe
1696	Unicorn-4259.exe
1696	Unicorn-4259.exe
2832	Unicorn-16595.exe
2832	Unicorn-16595.exe
3048	Unicorn-27455.exe
3048	Unicorn-27455.exe
2544	Unicorn-19204.exe
2544	Unicorn-19204.exe
2528	Unicorn-26792.exe
2528	Unicorn-26792.exe
2636	Unicorn-12510.exe
2636	Unicorn-12510.exe
2144	Unicorn-2842.exe
2144	Unicorn-2842.exe
2180	Unicorn-13148.exe
2180	Unicorn-13148.exe
1956	Unicorn-37098.exe
1956	Unicorn-37098.exe
2832	Unicorn-16595.exe
2832	Unicorn-16595.exe
1436	Unicorn-10455.exe
1436	Unicorn-10455.exe
3048	Unicorn-27455.exe
3048	Unicorn-27455.exe
2492	Unicorn-49132.exe
2492	Unicorn-49132.exe
2528	Unicorn-26792.exe
2528	Unicorn-26792.exe
1808	Unicorn-37434.exe
1808	Unicorn-37434.exe
2976	Unicorn-36880.exe
2976	Unicorn-36880.exe
2144	Unicorn-2842.exe
2144	Unicorn-2842.exe
788	Unicorn-20352.exe
788	Unicorn-20352.exe
1956	Unicorn-37098.exe
1956	Unicorn-37098.exe
936	Unicorn-45048.exe
936	Unicorn-45048.exe
484	Unicorn-31212.exe
484	Unicorn-31212.exe
2180	Unicorn-13148.exe
2180	Unicorn-13148.exe
592	Unicorn-51078.exe
592	Unicorn-51078.exe
376	Unicorn-4570.exe
376	Unicorn-4570.exe
1436	Unicorn-10455.exe
1436	Unicorn-10455.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2412	1652	WerFault.exe	58
2416	2288	WerFault.exe	86
2768	1972	WerFault.exe	72

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
2368	Unicorn-13353.exe
2544	Unicorn-19204.exe
1696	Unicorn-4259.exe
2832	Unicorn-16595.exe
2636	Unicorn-12510.exe
3048	Unicorn-27455.exe
2528	Unicorn-26792.exe
2144	Unicorn-2842.exe
1956	Unicorn-37098.exe
2180	Unicorn-13148.exe
1436	Unicorn-10455.exe
2492	Unicorn-49132.exe
1808	Unicorn-37434.exe
2976	Unicorn-36880.exe
936	Unicorn-45048.exe
788	Unicorn-20352.exe
376	Unicorn-4570.exe
484	Unicorn-31212.exe
592	Unicorn-51078.exe
2132	Unicorn-41047.exe
1080	Unicorn-35571.exe
1884	Unicorn-28795.exe
968	Unicorn-38909.exe
1152	Unicorn-22573.exe
2276	Unicorn-53854.exe
2272	Unicorn-51716.exe
2188	Unicorn-44939.exe
1652	Unicorn-65359.exe
3052	Unicorn-16351.exe
1012	Unicorn-35379.exe
2896	Unicorn-14767.exe
872	Unicorn-59329.exe
1176	Unicorn-57622.exe
1072	Unicorn-11114.exe
2884	Unicorn-23689.exe
2724	Unicorn-24758.exe
2508	Unicorn-20482.exe
2400	Unicorn-23174.exe
2008	Unicorn-41648.exe
2504	Unicorn-10175.exe
2164	Unicorn-16952.exe
2152	Unicorn-7414.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2368	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	28
PID 1420 wrote to memory of 2368	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	28
PID 1420 wrote to memory of 2368	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	28
PID 1420 wrote to memory of 2368	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	28
PID 2368 wrote to memory of 1696	2368	Unicorn-13353.exe	29
PID 2368 wrote to memory of 1696	2368	Unicorn-13353.exe	29
PID 2368 wrote to memory of 1696	2368	Unicorn-13353.exe	29
PID 2368 wrote to memory of 1696	2368	Unicorn-13353.exe	29
PID 1420 wrote to memory of 2544	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	30
PID 1420 wrote to memory of 2544	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	30
PID 1420 wrote to memory of 2544	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	30
PID 1420 wrote to memory of 2544	1420	e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2832	2544	Unicorn-19204.exe	31
PID 2544 wrote to memory of 2832	2544	Unicorn-19204.exe	31
PID 2544 wrote to memory of 2832	2544	Unicorn-19204.exe	31
PID 2544 wrote to memory of 2832	2544	Unicorn-19204.exe	31
PID 2368 wrote to memory of 3048	2368	Unicorn-13353.exe	32
PID 2368 wrote to memory of 3048	2368	Unicorn-13353.exe	32
PID 2368 wrote to memory of 3048	2368	Unicorn-13353.exe	32
PID 2368 wrote to memory of 3048	2368	Unicorn-13353.exe	32
PID 1696 wrote to memory of 2636	1696	Unicorn-4259.exe	33
PID 1696 wrote to memory of 2636	1696	Unicorn-4259.exe	33
PID 1696 wrote to memory of 2636	1696	Unicorn-4259.exe	33
PID 1696 wrote to memory of 2636	1696	Unicorn-4259.exe	33
PID 2636 wrote to memory of 2528	2636	Unicorn-12510.exe	34
PID 2636 wrote to memory of 2528	2636	Unicorn-12510.exe	34
PID 2636 wrote to memory of 2528	2636	Unicorn-12510.exe	34
PID 2636 wrote to memory of 2528	2636	Unicorn-12510.exe	34
PID 1696 wrote to memory of 2144	1696	Unicorn-4259.exe	35
PID 1696 wrote to memory of 2144	1696	Unicorn-4259.exe	35
PID 1696 wrote to memory of 2144	1696	Unicorn-4259.exe	35
PID 1696 wrote to memory of 2144	1696	Unicorn-4259.exe	35
PID 2832 wrote to memory of 1956	2832	Unicorn-16595.exe	36
PID 2832 wrote to memory of 1956	2832	Unicorn-16595.exe	36
PID 2832 wrote to memory of 1956	2832	Unicorn-16595.exe	36
PID 2832 wrote to memory of 1956	2832	Unicorn-16595.exe	36
PID 3048 wrote to memory of 1436	3048	Unicorn-27455.exe	37
PID 3048 wrote to memory of 1436	3048	Unicorn-27455.exe	37
PID 3048 wrote to memory of 1436	3048	Unicorn-27455.exe	37
PID 3048 wrote to memory of 1436	3048	Unicorn-27455.exe	37
PID 2544 wrote to memory of 2180	2544	Unicorn-19204.exe	38
PID 2544 wrote to memory of 2180	2544	Unicorn-19204.exe	38
PID 2544 wrote to memory of 2180	2544	Unicorn-19204.exe	38
PID 2544 wrote to memory of 2180	2544	Unicorn-19204.exe	38
PID 2528 wrote to memory of 2492	2528	Unicorn-26792.exe	39
PID 2528 wrote to memory of 2492	2528	Unicorn-26792.exe	39
PID 2528 wrote to memory of 2492	2528	Unicorn-26792.exe	39
PID 2528 wrote to memory of 2492	2528	Unicorn-26792.exe	39
PID 2636 wrote to memory of 1808	2636	Unicorn-12510.exe	40
PID 2636 wrote to memory of 1808	2636	Unicorn-12510.exe	40
PID 2636 wrote to memory of 1808	2636	Unicorn-12510.exe	40
PID 2636 wrote to memory of 1808	2636	Unicorn-12510.exe	40
PID 2144 wrote to memory of 2976	2144	Unicorn-2842.exe	41
PID 2144 wrote to memory of 2976	2144	Unicorn-2842.exe	41
PID 2144 wrote to memory of 2976	2144	Unicorn-2842.exe	41
PID 2144 wrote to memory of 2976	2144	Unicorn-2842.exe	41
PID 2180 wrote to memory of 936	2180	Unicorn-13148.exe	42
PID 2180 wrote to memory of 936	2180	Unicorn-13148.exe	42
PID 2180 wrote to memory of 936	2180	Unicorn-13148.exe	42
PID 2180 wrote to memory of 936	2180	Unicorn-13148.exe	42
PID 1956 wrote to memory of 788	1956	Unicorn-37098.exe	43
PID 1956 wrote to memory of 788	1956	Unicorn-37098.exe	43
PID 1956 wrote to memory of 788	1956	Unicorn-37098.exe	43
PID 1956 wrote to memory of 788	1956	Unicorn-37098.exe	43

C:\Users\Admin\AppData\Local\Temp\e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e86bf30031310c07f23a72e9db46c912_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        9⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        8⤵
        Executes dropped EXE
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        8⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 180
        9⤵
        Program crash
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        8⤵
        Executes dropped EXE
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        7⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        8⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe
        8⤵
        Executes dropped EXE
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6428.exe
        7⤵
        Executes dropped EXE
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        8⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        8⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        6⤵
        Executes dropped EXE
        
        PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        7⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        8⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        6⤵
        Executes dropped EXE
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        6⤵
        Executes dropped EXE
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
        8⤵
        
        PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        6⤵
        Program crash
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        6⤵
        
        PID:2960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        9⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        6⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        7⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        5⤵
        Executes dropped EXE
        
        PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        6⤵
        Executes dropped EXE
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        5⤵
        Executes dropped EXE
        
        PID:1972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 200
        6⤵
        Program crash
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        5⤵
        Executes dropped EXE
        
        PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe

Filesize
184KB

MD5
4ab17cff05a1c8bb903c67276a746f5d

SHA1
9433ebbd06bba0bcc404bf0c6ba75519848b0be5

SHA256
37abf15fca13a931b7a9cbf456f993a84a00a689d629d51d90bebd23dc882798

SHA512
38ddf33944d403c4d1f43a137d43181d942f70ed9ec4e5127ac0aceea9e393bf6e4e54054a0ae89a940c97a48943be9449b5effa705c98856fabb38cf93f0fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe

Filesize
184KB

MD5
9f623748e4ffaed6df85e6d262d54116

SHA1
3342f01d8dab35a7cb6f5adbb6736e8129b4de4d

SHA256
bbea65ca21f4dfde7245459b0f0aac6dac1fabfb382c40e50eb086a8fde19e13

SHA512
816a8b5348061026280ff0c311b3af0304fb8917872bf96ee3eaadeb98e24a8cc09e8100d34ed0adfd1b147056314eb39f8a0d888798c8655f9a6ea8d24cd24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe

Filesize
184KB

MD5
9a0524a86360f5c792dd9b63c2d069fa

SHA1
c779b0ec0d9c949259fe70581e6f7bf4d8660c4e

SHA256
a85fc938a4ab0c507e41de9a4919c0b5cceb3f398840deb53d3fda817979614b

SHA512
05725d4a911c161756777a02a23f0d6bd0f7aa5a5bd696515fad7b980b6b1942c09e193232d3ff8f8fba62c1cd783835b9bbde6daea5f166b6abbaf854d11877

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe

Filesize
184KB

MD5
bb1b3d012e468b755fc10d1bd97435f6

SHA1
05a0d83b7556155380174e312e3f773bf8396933

SHA256
754ce90ea99e27f22b31c76add3bfc31f12db26681dab504b49eb4fef70ca380

SHA512
e12677ef8f29047a0fd19a805f711a80d67379d9f4933e3fd93880bf603d36c1c19ce32ccd167799b7ca08817b30fc04fd723a1c60a1ddbe1b8454d8bdd0b963

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe

Filesize
184KB

MD5
5ed3058b4640a0eba1062f0270cb4980

SHA1
8c50886daa927f965d6066909d894d660f78d5db

SHA256
16aa2fc3f4484ba041ab4b46740e052617ba20aba4cd59a2d26da841059c8263

SHA512
3402db29d43b5a2bca153b3a092d34bebd018f0ceaa42038dc8073563b0024e80424a2ee2fd78c324812c979c19046dfa35100bdc0836b6122d1b5269aa93492

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe

Filesize
184KB

MD5
b4a7d98b46ef7c0e843a276845e363fb

SHA1
b5bebf01c345b75c9306a8123d8e0e7417f08fa5

SHA256
b231715d0d9501e853c6acc2670ae3b7122c304204a9547576ce34657a7b39a7

SHA512
a655bf63afb4f2f60e4cbfcd01ed840e16fbd1ca30a5cf25ba62be5bdfa15a7a00dbb5389768f3483bf94e85b5713ea4b64855f3686b53d567593bb6adeb6a24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe

Filesize
184KB

MD5
feefd43494cb55ea9bce4d3f7fb0cef1

SHA1
784b104e96c724dea50638db5fb64dc92a623091

SHA256
8d7e725731333eae9de336d7b508012b403503c292573adc712db211375c7656

SHA512
1c5ef24b82efe53424f1ef889ac81e6da1f43bd1641cc0c564d3c365d32b77f5a4a87c7039fc3aa695fb0c3555d3c162cea3b85871a45f80131e92a98d374841

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe

Filesize
184KB

MD5
eb6278e448617039baa0299e759f6b2b

SHA1
870292825a97cf332243061e80e8e784219442ff

SHA256
5e92d91a8188060098629c0b4f37172d47a18e2ce8b70a4ab22e6384f03e2b61

SHA512
61d268f4c73f09b0799eb5d797caecf14c8962a9cc263ad2f0c5cbe24c0cd3b28e985378d5368818dfb3da76c5e4175ce2e26184fc6c278e0fae797fd23f1956

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe

Filesize
184KB

MD5
7433355e3937b2e94cc33889b71d16c1

SHA1
bfcff03c0ba8b070898647e41333d7bf4aa37871

SHA256
38c3905c019d97e34b98e6c3d9d57491d90a6f7a2a31d2c2b805c80185d86eaa

SHA512
923e8e35d248cae017904ac96e7d2d5a18b38191755f9465807cea232a0cc63e468b12937ccd32ac0fa96b1154b56ed552497affe0423b0081f44f2657548f3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe

Filesize
184KB

MD5
01d7980841799b1d3591eab4cb367fe5

SHA1
a44971b2fa941a51758bf5263141c2da96445cbf

SHA256
6c24548b5651935e7b169cc9d518d44074eae71a26d9bbc2eb366e2d6f44f8ea

SHA512
29e9077d183e41cf9944151b65b1b1074c725bf885aea6f7e696c0cf8843edba1e12f912a301a118cbbb05c2f6ff3e7bc20942b792de0e791d438d7dc1510fed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe

Filesize
184KB

MD5
3ee321108b287c586be1b4419bcdbd61

SHA1
fa3c34b56a77ef2aaa61d27d074a68da73a98257

SHA256
941653c4fafe0983132add33a1126c2181bc3cb3bc91f69e12b2dea7502fb303

SHA512
f7077a5a3059ee1e7f6250a57148b160339609baeb1341750add2f843ebd9a38a2531ddff6c8b401a4fc2eb8d42ec52da7c03bdc35457cbd5e33dc4d18cabc7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe

Filesize
184KB

MD5
fd6f78fd2a42bc1a336e66e8c31016af

SHA1
d5081a23ea31bb97e3cb54fe6bb31f7d304c9665

SHA256
865a36504599d02f367e28cb174e8a30a4691fabb5e2d470857919f8dc258f83

SHA512
ebfa46a6936db9fcce69e821386a99e37e29ca5d8a28c6399275686fe1f81dc8f97848bb630be6478cdde4b2349abc7b8ff757edfdccea159638bf4b1815d1bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe

Filesize
184KB

MD5
9bba3ca0e313e7bc959170b66eae4adb

SHA1
f88e2c6c62f05ebcae0c4eb2cff2fbdb23af02d6

SHA256
55d9d620bf4a23c5db2601da9605653b97415575ef7226f72f59cf50b07e981e

SHA512
9039b1c6c3140557f667697bb8a7ac9c9f4ada8bf85b0f43ec43930cb48f7465d566546495a6f89e50114183f4a36bff1194732751edcdfef52d8785a5d93aa0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe

Filesize
184KB

MD5
7cb1a031281a498e828cf490783d595e

SHA1
d7b53ea70070994e28960bcf71ab1735a6347a1e

SHA256
eafa0ef442d370a2de2d1d15714b6c81bbf081118a1f762bfa745cc022b5446e

SHA512
753d8cef718f6046d8e26528935465fc247661a094fa246e77544c08ca898b73086e8e1f514372bf668cde0162c81b1626249a89c31ff07e7f9b0a7c845881de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe

Filesize
184KB

MD5
d20fc772e4363132de0cc597d5feda79

SHA1
d1ff3d089ac290fa15dc21b04d7c8f5d079c6c72

SHA256
be6355267907808018a738d3a9cb3c43b9e3e0151518367d22514500f3b7dd3c

SHA512
387cccc9e1841b89510968d607265fb01308f04b46e92b5a9e59be43580048248573e24085650acf930183513a2b870ed2e0bc9d2d450d85e7291b8111571150

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe

Filesize
184KB

MD5
4e7c8ec77f85760fdd1e13453ba8b3b6

SHA1
ebb118a1cc95300201d26da4762647b5359892bf

SHA256
80da36156ec84dd39023d583b195ca8234d9113129096953f761e5c1b440a05a

SHA512
cd706970918c79421205296b1a93b477d39c0488f135750c9ca59636b652200f5c842f18198e6112d345b516afda45cb0f8ddf3e5b386ff9c35b43ea84357cb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe

Filesize
184KB

MD5
b4f73b31df29a7b6f8a2a61bd19d7957

SHA1
a9c3b9f70e6606e96cb3872cf6d909eb628e56f5

SHA256
7fa37783090801f6a52b4677f4e06f8e705b0c182b6153cc747eaf1f95c9dd64

SHA512
86a1c7cb4eca664316a047c9c4ff452e980e7aad468d6942c07556ea3894b5f848d26f306fde97c15e02c144d37e798e1f1f20291a8ad09a2c45aea389d7888f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe

Filesize
184KB

MD5
7c119ef5c924ef21b24839683be53b7e

SHA1
6b31658364f3f5087ff384754435b3ef2f1631b4

SHA256
9cae4e7430267e9c14561fe231d29f59806db626962dc6943496ae7b0de7b9c4

SHA512
94fa0c33308ec02bd44989400a73279de5acf2c59bc11ad34f4f8aa38793073cf2f8475bfee1755d566de98691a51c364c89c26913743d07be2bedbdc9badaf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe

Filesize
184KB

MD5
3cbd19e4008046b32b6a4b657fb92437

SHA1
2cbf6db72e886ac4fea8d8dfac36ac706b62e647

SHA256
11af74b4b32adb740ed92da66e86bddf24591a142134997edcb8be2f40908812

SHA512
ff45c6dc0d8555120a6f21be6d5e6fec3adf70bf624b31d1c863d4b53af06f89a8a95d6d01fb8add9e446c0ece874c0742d1a7c54ca3414cd8b0ee9132ff8a36

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads