b7f2a4474a0b0747c093f6a3be1e64017e791e5bb7abb70da1a25fb76f76b52d

Analysis

max time kernel
24s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
Size

188KB
MD5

e95b956673ce963dce0528ba48cef6ae
SHA1

e61beb5840d7947eac879f06bf6f4bbbe11a72be
SHA256

b7f2a4474a0b0747c093f6a3be1e64017e791e5bb7abb70da1a25fb76f76b52d
SHA512

144ef2f307f52f3f4fbaa3f922fdfab4ae0f2e635720edfb6b4358ca3a573bbf10f374d6392b308ba887ea732fcead60344dc45022dfc2ed0068f01f9682dd63
SSDEEP

3072:3BTqom5tsTbpZHj68BE9TURg1UiMsBfESlxyg2I0dlv1pFA:3B2or/pZu8q9TUuNI1dlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 37 IoCs

pid	Process
2692	Unicorn-9491.exe
2496	Unicorn-13378.exe
2652	Unicorn-10041.exe
2312	Unicorn-7239.exe
2556	Unicorn-27105.exe
2448	Unicorn-2600.exe
2452	Unicorn-10571.exe
3016	Unicorn-51604.exe
2020	Unicorn-15402.exe
2152	Unicorn-9668.exe
1928	Unicorn-58163.exe
2592	Unicorn-8018.exe
1304	Unicorn-21401.exe
1492	Unicorn-49243.exe
1856	Unicorn-13041.exe
2216	Unicorn-64619.exe
2736	Unicorn-23779.exe
2040	Unicorn-44562.exe
2892	Unicorn-48091.exe
1780	Unicorn-3773.exe
1584	Unicorn-35486.exe
1620	Unicorn-23788.exe
892	Unicorn-43846.exe
896	Unicorn-17142.exe
776	Unicorn-30140.exe
1012	Unicorn-38308.exe
1736	Unicorn-14188.exe
2180	Unicorn-58174.exe
1744	Unicorn-17718.exe
2240	Unicorn-25886.exe
1964	Unicorn-9139.exe
2600	Unicorn-63171.exe
2928	Unicorn-58724.exe
2532	Unicorn-19507.exe
2612	Unicorn-9715.exe
2384	Unicorn-62652.exe
2404	Unicorn-16981.exe

Loads dropped DLL 64 IoCs

pid	Process
2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
2692	Unicorn-9491.exe
2692	Unicorn-9491.exe
2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
2692	Unicorn-9491.exe
2692	Unicorn-9491.exe
2496	Unicorn-13378.exe
2496	Unicorn-13378.exe
2652	Unicorn-10041.exe
2652	Unicorn-10041.exe
2556	Unicorn-27105.exe
2556	Unicorn-27105.exe
2312	Unicorn-7239.exe
2312	Unicorn-7239.exe
2496	Unicorn-13378.exe
2496	Unicorn-13378.exe
2448	Unicorn-2600.exe
2652	Unicorn-10041.exe
2448	Unicorn-2600.exe
2652	Unicorn-10041.exe
2452	Unicorn-10571.exe
2556	Unicorn-27105.exe
2452	Unicorn-10571.exe
2556	Unicorn-27105.exe
3016	Unicorn-51604.exe
3016	Unicorn-51604.exe
2312	Unicorn-7239.exe
2312	Unicorn-7239.exe
2020	Unicorn-15402.exe
2020	Unicorn-15402.exe
1928	Unicorn-58163.exe
1928	Unicorn-58163.exe
2152	Unicorn-9668.exe
2448	Unicorn-2600.exe
2152	Unicorn-9668.exe
2448	Unicorn-2600.exe
1304	Unicorn-21401.exe
1304	Unicorn-21401.exe
2592	Unicorn-8018.exe
2592	Unicorn-8018.exe
2452	Unicorn-10571.exe
2452	Unicorn-10571.exe
1856	Unicorn-13041.exe
1856	Unicorn-13041.exe
2736	Unicorn-23779.exe
2736	Unicorn-23779.exe
1928	Unicorn-58163.exe
1928	Unicorn-58163.exe
2152	Unicorn-9668.exe
2152	Unicorn-9668.exe
2020	Unicorn-15402.exe
2020	Unicorn-15402.exe
2892	Unicorn-48091.exe
2892	Unicorn-48091.exe
2040	Unicorn-44562.exe
2216	Unicorn-64619.exe
2040	Unicorn-44562.exe
2216	Unicorn-64619.exe
1780	Unicorn-3773.exe
1780	Unicorn-3773.exe
1304	Unicorn-21401.exe
1304	Unicorn-21401.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
2692	Unicorn-9491.exe
2496	Unicorn-13378.exe
2652	Unicorn-10041.exe
2556	Unicorn-27105.exe
2312	Unicorn-7239.exe
2448	Unicorn-2600.exe
2452	Unicorn-10571.exe
3016	Unicorn-51604.exe
2020	Unicorn-15402.exe
1928	Unicorn-58163.exe
2152	Unicorn-9668.exe
2592	Unicorn-8018.exe
1304	Unicorn-21401.exe
1856	Unicorn-13041.exe
1492	Unicorn-49243.exe
2216	Unicorn-64619.exe
2736	Unicorn-23779.exe
2040	Unicorn-44562.exe
2892	Unicorn-48091.exe
1780	Unicorn-3773.exe
1620	Unicorn-23788.exe
1584	Unicorn-35486.exe
892	Unicorn-43846.exe
896	Unicorn-17142.exe
776	Unicorn-30140.exe
1012	Unicorn-38308.exe
2180	Unicorn-58174.exe
1736	Unicorn-14188.exe
1744	Unicorn-17718.exe
2240	Unicorn-25886.exe
1964	Unicorn-9139.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2692	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	28
PID 2144 wrote to memory of 2692	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	28
PID 2144 wrote to memory of 2692	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	28
PID 2144 wrote to memory of 2692	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	28
PID 2692 wrote to memory of 2496	2692	Unicorn-9491.exe	29
PID 2692 wrote to memory of 2496	2692	Unicorn-9491.exe	29
PID 2692 wrote to memory of 2496	2692	Unicorn-9491.exe	29
PID 2692 wrote to memory of 2496	2692	Unicorn-9491.exe	29
PID 2144 wrote to memory of 2652	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	30
PID 2144 wrote to memory of 2652	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	30
PID 2144 wrote to memory of 2652	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	30
PID 2144 wrote to memory of 2652	2144	e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe	30
PID 2692 wrote to memory of 2312	2692	Unicorn-9491.exe	31
PID 2692 wrote to memory of 2312	2692	Unicorn-9491.exe	31
PID 2692 wrote to memory of 2312	2692	Unicorn-9491.exe	31
PID 2692 wrote to memory of 2312	2692	Unicorn-9491.exe	31
PID 2496 wrote to memory of 2556	2496	Unicorn-13378.exe	32
PID 2496 wrote to memory of 2556	2496	Unicorn-13378.exe	32
PID 2496 wrote to memory of 2556	2496	Unicorn-13378.exe	32
PID 2496 wrote to memory of 2556	2496	Unicorn-13378.exe	32
PID 2652 wrote to memory of 2448	2652	Unicorn-10041.exe	33
PID 2652 wrote to memory of 2448	2652	Unicorn-10041.exe	33
PID 2652 wrote to memory of 2448	2652	Unicorn-10041.exe	33
PID 2652 wrote to memory of 2448	2652	Unicorn-10041.exe	33
PID 2556 wrote to memory of 2452	2556	Unicorn-27105.exe	34
PID 2556 wrote to memory of 2452	2556	Unicorn-27105.exe	34
PID 2556 wrote to memory of 2452	2556	Unicorn-27105.exe	34
PID 2556 wrote to memory of 2452	2556	Unicorn-27105.exe	34
PID 2312 wrote to memory of 3016	2312	Unicorn-7239.exe	35
PID 2312 wrote to memory of 3016	2312	Unicorn-7239.exe	35
PID 2312 wrote to memory of 3016	2312	Unicorn-7239.exe	35
PID 2312 wrote to memory of 3016	2312	Unicorn-7239.exe	35
PID 2496 wrote to memory of 2020	2496	Unicorn-13378.exe	36
PID 2496 wrote to memory of 2020	2496	Unicorn-13378.exe	36
PID 2496 wrote to memory of 2020	2496	Unicorn-13378.exe	36
PID 2496 wrote to memory of 2020	2496	Unicorn-13378.exe	36
PID 2448 wrote to memory of 2152	2448	Unicorn-2600.exe	37
PID 2448 wrote to memory of 2152	2448	Unicorn-2600.exe	37
PID 2448 wrote to memory of 2152	2448	Unicorn-2600.exe	37
PID 2448 wrote to memory of 2152	2448	Unicorn-2600.exe	37
PID 2652 wrote to memory of 1928	2652	Unicorn-10041.exe	38
PID 2652 wrote to memory of 1928	2652	Unicorn-10041.exe	38
PID 2652 wrote to memory of 1928	2652	Unicorn-10041.exe	38
PID 2652 wrote to memory of 1928	2652	Unicorn-10041.exe	38
PID 2452 wrote to memory of 2592	2452	Unicorn-10571.exe	39
PID 2452 wrote to memory of 2592	2452	Unicorn-10571.exe	39
PID 2452 wrote to memory of 2592	2452	Unicorn-10571.exe	39
PID 2452 wrote to memory of 2592	2452	Unicorn-10571.exe	39
PID 2556 wrote to memory of 1304	2556	Unicorn-27105.exe	40
PID 2556 wrote to memory of 1304	2556	Unicorn-27105.exe	40
PID 2556 wrote to memory of 1304	2556	Unicorn-27105.exe	40
PID 2556 wrote to memory of 1304	2556	Unicorn-27105.exe	40
PID 3016 wrote to memory of 1492	3016	Unicorn-51604.exe	41
PID 3016 wrote to memory of 1492	3016	Unicorn-51604.exe	41
PID 3016 wrote to memory of 1492	3016	Unicorn-51604.exe	41
PID 3016 wrote to memory of 1492	3016	Unicorn-51604.exe	41
PID 2312 wrote to memory of 1856	2312	Unicorn-7239.exe	42
PID 2312 wrote to memory of 1856	2312	Unicorn-7239.exe	42
PID 2312 wrote to memory of 1856	2312	Unicorn-7239.exe	42
PID 2312 wrote to memory of 1856	2312	Unicorn-7239.exe	42
PID 2020 wrote to memory of 2216	2020	Unicorn-15402.exe	43
PID 2020 wrote to memory of 2216	2020	Unicorn-15402.exe	43
PID 2020 wrote to memory of 2216	2020	Unicorn-15402.exe	43
PID 2020 wrote to memory of 2216	2020	Unicorn-15402.exe	43

C:\Users\Admin\AppData\Local\Temp\e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e95b956673ce963dce0528ba48cef6ae_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        8⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        7⤵
        Executes dropped EXE
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        7⤵
        Executes dropped EXE
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        8⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3773.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        8⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        6⤵
        Executes dropped EXE
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        9⤵
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8044.exe
        7⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        6⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        7⤵
        
        PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        9⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        7⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        7⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        6⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        6⤵
        
        PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
        6⤵
        Executes dropped EXE
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        5⤵
        Executes dropped EXE
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        7⤵
        
        PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        5⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        6⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        7⤵
        
        PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe

Filesize
188KB

MD5
dfc53259d2ec79f21b546cdad09a8587

SHA1
7e4a8b45ca840aefae0cf42bd49e373d347a7ba7

SHA256
c82c77b735969dd01cdf0174c6f3b94be9c3739e88f5bf9d67d293e84a508fe1

SHA512
bf05e3a914550b044d20fd8044f0de06695fc6982a7b7ca1b637ef7a69196bf1a5692930ce46eea4a4cbabd70618160196757c83a817d6b516e959619ed5092d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe

Filesize
188KB

MD5
7daf4569f3cfda69152c804804cf0d1d

SHA1
10df812a686c13aef36107e6e2aa2554281b97db

SHA256
6752a97c36794dc987a091f0f957a56ec6c16061066478e9df5e817beddb17ee

SHA512
3fdc5c200f3564eb5a4f3c565cd5c0ae7acbb0b04a9be15345810899eec3f0b8fb819cba6e0122b3dccc71a94dc7b46136a2ea1f7b377b57a90dfbfd3a5f0eba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe

Filesize
188KB

MD5
84051b8b7a2f45992b664e98c3fd903b

SHA1
4fbd6f8ee9fcbd81fe91a3c4d114526ccbb2675e

SHA256
5642f4ef62fc0b19f55fd52cb265e7999af81c3bcb479f8e0ce4091cdaa3e1e1

SHA512
6cab28c843436a8bfe279707382e25b2bc07b9ab2ea66a0584d37d7822fb8bcb2c4be30edcbd0d8dff5fca0404b3dd1b2e8c3cd458fad356f90e3d2e7ebe238d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe

Filesize
188KB

MD5
3911bb5eb6734a6a283397473b510e26

SHA1
76c768541a318e42a4e2362197c356a3631a6084

SHA256
51aeba3d55763c34564869045401c610d8e82ca0db21b47f8f93f328ab5ad3f6

SHA512
c1650cb5e772e64af571f57b3943de285018470cee673bef68a25e2b8bee1d964eff4c3b994d8f84ff6464d179557f4fe0c9105c8415be9885d30f7017c68fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe

Filesize
188KB

MD5
04431225ff8e2e0712548ffa8fecc035

SHA1
a3f5d4ca1cc60ddd8e47d6f4ff31e8c2f389c415

SHA256
8e064a4273bc5e461b592fd6ee2c8251d67376045f4515e111e29b708bdd49df

SHA512
9d9cbb3160081e9b63eabe3727377ce200df6c434a8382e4d98bf9a7542c1129bc82db6657443403e8cbf2e91c0c56698f7a351233cb5a0979232bdedf069303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe

Filesize
188KB

MD5
3eec2b54e9879b6409b57473ffe99237

SHA1
63a5af83ed1d934a3b62ad99255ad13f4957644f

SHA256
95ccb71c20f796ec3a7608a4ac961a318d171ee679b7765c57e09bba2a76dca1

SHA512
f486080fc495c73c39fcca92024ddaad8f3c348dc273b574c33e67445b0970e1c93e7da73fc24057e0c2c1e653e3e01df2731a7ab3bfd2cc8ff687c9598dcb3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe

Filesize
188KB

MD5
498a0434a06e9177696228321aca9cfe

SHA1
a5422a8e054854cb63d5612dd55e48a9c710f4ba

SHA256
22d33b6dbddea708600211dd95188ed8d3e793f13f499cbedd692c0c75753511

SHA512
21adf427769e1f4ad15470475225978be508a5e6a650ea1e19ef03c96e743ca6591f01a2bbe163ca88149b21b8edae775c7c7c9bf51b8666952c272acb2abb31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe

Filesize
188KB

MD5
1a47f184721b9d2db4f5999d78b358d1

SHA1
4e4c60a48dec4f9dd3eab16cab07f71c9f79046a

SHA256
6082253c8c3e54abc7ade2605bbc57643d99fe10329627dd8846eb6c474eb362

SHA512
2ced3efedd58e08f87f9176dd8244158c47a2be18b455f44873f26c2d776cd994491f6b0b8685c68ae26ad6c5f05b6d83caac9cdd071c45d8e81cd86558eb4d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe

Filesize
188KB

MD5
b9c9c0a26cc73c71953d19bf03cc3ec8

SHA1
060d7071d1ac070c00ad2478e58b4dfc1391fd66

SHA256
d59e0bff3f7c53722233dc04ae4108be1ecf30fa1dffcd7e08b2b74593bc8d5d

SHA512
70b967ec5ed99a729cdebf00f56edb20f38db21c1f85de83d43e87a4575c820c3b6b7802fb591536d899b06af683926f8161ce9d8c4382427ad52cdfb8b9a881

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe

Filesize
188KB

MD5
d5c69e01f47a342fb5c4569ebf347d5f

SHA1
790a7ce522e1afa7a2fe631bb293b90fc9405c74

SHA256
a08575f32afbabe4d4c421696ad0c090625f1306194c7540a4933dd2250fdda0

SHA512
ebe99c3a024b58954f375a600b94d9b556628164179eb4fcd8d54886cb1c2bc0f0459084f26eccf40955ef812bcaed425740796ef052c5d04096d7a17bed5949

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe

Filesize
188KB

MD5
466dbcbf558356d0dc1691291c8feb5a

SHA1
14b2e5dfd604f3ff4f9e80a2ae1567d68f568b02

SHA256
6a7677894c6d81ca2a3516648b33abda7ba284b4318300bb4efc3f651b183547

SHA512
56991b70f31297ab39f05bdde57f9a62bc3380659e3619ae2756c665bb032c22b44d3ed7c1d868092835ed5e79e3a6acf83bbf7cecef34e7f0af0a283dcc620b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe

Filesize
188KB

MD5
364cc60fab548c71699762df44a67260

SHA1
d8a8f18c6bd0d667ed0e373609da1217780b19b4

SHA256
dcb7fd674232309bcebd677cce991755be21a8b29eb02286eec9a29cae94428f

SHA512
90e4e112c61a83fcdbc07edad65ee1e000c2bc74fa0da3e761c1621d0a6a5223ea3e49ee390e5db6fcc883e9a2e80fddf80656d17e8bdb56fdb3e7324097b991

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe

Filesize
188KB

MD5
d5eef0f3d014cc7632bca2e159442988

SHA1
b432bf7ce4af5d2343ce5f299f31f7f4f66c0beb

SHA256
2ea2d12b4f40bc1c6f00ff46462bbecf87cbd45c664cea1ae73cba6af373cbc5

SHA512
823c6d8721597b1ccf458130cf4b34a6752a445ab057e6bbe4b3f8ab96dceac63689f263088978c5d65d5b74694472cfccbfc1f0d68e006387c0cbc9c9586361

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe

Filesize
188KB

MD5
233f78dca83f313c64e349dfc97450d9

SHA1
a4c226636c49330bf1d9c76615cc27cf96d90b89

SHA256
fcecd50d42a74884b4278a62c47a362df377b38b25750c6e9fe84bc3b23c7ddf

SHA512
dd2226a36a896895619c67a3787af6b298c7979f671a7842c7f7b0131b2a1c650fc4f0f28ca5f30e93131a49e84753cee13a17e32d08a623944bf2a8b134b6ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe

Filesize
188KB

MD5
94fa9b9acc0557392d16a68560013dab

SHA1
9c2581a295ff0074dfbb294454f6e52565e34813

SHA256
d0e9ea6b5ccb4010905caf1d2590407769c1dea93e3c6e143f9090d57f9a2366

SHA512
1ea129828d439e95528767cf8787794804a0ff03269dc242aa2db93270a695736f6a1a06ea44eccee174dde51da66d278387fb8167d4082b336fdd92258c2ec1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe

Filesize
188KB

MD5
6cbc6acebbdff1f4564a8baaaaba3645

SHA1
48dfce571c640c77c1351ad3565df1108f51998e

SHA256
f1171bd781c09630b65d51e0a8521548be72980a6501facb6368f878c10b148a

SHA512
b675cd6c4c786d2a9f1bfddd57b9aa5f739712d4945821eadf6a419a70f3160cb3c6382dc9809f922fa7760da8eb8263cefaba4b3b610ef23ae55caeeccb47b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe

Filesize
188KB

MD5
1e57aa178ae68af477601bd73aa9ecf2

SHA1
c196ffea88d1374f5194939da7cf205e2fd399d1

SHA256
0fd5bf1b45d46db48761a3c349f8fe5057eeb731c4cda2baea584560a6038ee7

SHA512
01e028f9928da5403674143080bac5f3b3ca3d6914ee6664890071a278ed5fac771ab8dc38ddc87ce515147c8dabbb09b9129ac124dfa276e398041c1965cdae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe

Filesize
188KB

MD5
bc4360668920e2407e7cc2a1ef517e35

SHA1
03891c6ea209e79d85fea9091606229e6ae138ee

SHA256
bb2127b8d20633870b27acd0be949b0eb02c3047657dcdc745a7b472fb529d94

SHA512
ed8cf0b2d9035c910059750a6b559057b8bdd04a9b4970f545512e9214d89179f1a4db18677944e07365c954ebb3b129a12de00d659ac4ccb0f96025c4ef4963

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe

Filesize
188KB

MD5
622d0dd7bf397d12025761095dd70a26

SHA1
ec1bc38e7b645a5f878ced3cfb9c38cd391ca7d3

SHA256
ae535343663fa30510afd0d871f2dc7809d9bd578f95231eac409c1baa66688a

SHA512
5f529887b2215bbc236d04a51d3652a14a9a54170fd4e5ba65f98b76987b5f7aa0c268c40cd52b65cfc096b25d0a72df6189b72e4b6ce064cf227e3c33704dbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe

Filesize
188KB

MD5
6ecefb5ca3aea66039fea62c82bb2f91

SHA1
51fb696cd3d2678179e675e2abc42d13a486afc4

SHA256
845c3a4ecefa8fe8802b367979d4ec4dc2510b62bb807553de40f32493a080aa

SHA512
f562ee05c1e71defe4422a126429855e1d28b11dfcaff1bd297b53bfc573a7069d48c925b55395400c6dd0d393e428e30cf1ebd1915bb37eb49676d5c7e81183

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads