b957639d7abc86146decb3cd8f56d445d4f5fc10787880b8252003cf80d2178e

Analysis

max time kernel
53s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
Size

192KB
MD5

e9ada4392f4ed5112e2632b1e26a4b77
SHA1

3d4350eea06b8e708d5048e991b4f20f542c1056
SHA256

b957639d7abc86146decb3cd8f56d445d4f5fc10787880b8252003cf80d2178e
SHA512

d19767c51cb89b7a4ac644bd7fc3a0a572fe321f31637e0c67a66dea10b3caa832b77f8251b34896d378707ba5395e9aa771a7954895dccc0f19d2103c14c13d
SSDEEP

3072:X4ABoA/vi9POZOjw8o/92OT+4hUUMjpfzxdxJjEID5lHtpFB:X46obxOZr8q92OiVZT95lHtpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2164	Unicorn-55926.exe
1580	Unicorn-39756.exe
1720	Unicorn-28058.exe
2732	Unicorn-46012.exe
2464	Unicorn-17075.exe
2600	Unicorn-36941.exe
2452	Unicorn-45275.exe
2612	Unicorn-59027.exe
3044	Unicorn-47330.exe
2988	Unicorn-21368.exe
2024	Unicorn-9670.exe
2708	Unicorn-50511.exe
1752	Unicorn-49956.exe
2860	Unicorn-21176.exe
1200	Unicorn-16381.exe
2120	Unicorn-21019.exe
2236	Unicorn-53137.exe
2108	Unicorn-52945.exe
324	Unicorn-3744.exe
1056	Unicorn-20081.exe
1648	Unicorn-53500.exe
1100	Unicorn-57584.exe
1280	Unicorn-21149.exe
384	Unicorn-41015.exe
1664	Unicorn-25639.exe
1672	Unicorn-34383.exe
332	Unicorn-49048.exe
2340	Unicorn-49048.exe
2316	Unicorn-7626.exe
3056	Unicorn-11212.exe
1624	Unicorn-23465.exe
2532	Unicorn-47969.exe
2764	Unicorn-16174.exe
2640	Unicorn-48846.exe
2668	Unicorn-40486.exe
2852	Unicorn-33662.exe
2804	Unicorn-13049.exe
2440	Unicorn-64663.exe
1944	Unicorn-65218.exe
1436	Unicorn-19355.exe
2864	Unicorn-23993.exe
2960	Unicorn-23439.exe
2784	Unicorn-56666.exe
2424	Unicorn-31415.exe
2508	Unicorn-12338.exe
2720	Unicorn-37589.exe
2820	Unicorn-49095.exe
2788	Unicorn-25145.exe
2412	Unicorn-16785.exe
1352	Unicorn-28291.exe
1116	Unicorn-41097.exe
2080	Unicorn-60963.exe
1132	Unicorn-53350.exe
488	Unicorn-43304.exe
1848	Unicorn-56111.exe
1536	Unicorn-22692.exe
1156	Unicorn-34752.exe
1548	Unicorn-16230.exe
992	Unicorn-15483.exe
880	Unicorn-48156.exe
2520	Unicorn-32374.exe
1508	Unicorn-52925.exe
1036	Unicorn-29935.exe
840	Unicorn-29935.exe

Loads dropped DLL 64 IoCs

pid	Process
2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
2164	Unicorn-55926.exe
2164	Unicorn-55926.exe
2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
1720	Unicorn-28058.exe
1720	Unicorn-28058.exe
2732	Unicorn-46012.exe
2732	Unicorn-46012.exe
1720	Unicorn-28058.exe
1720	Unicorn-28058.exe
2464	Unicorn-17075.exe
2464	Unicorn-17075.exe
2600	Unicorn-36941.exe
2600	Unicorn-36941.exe
2732	Unicorn-46012.exe
2732	Unicorn-46012.exe
2452	Unicorn-45275.exe
2452	Unicorn-45275.exe
2464	Unicorn-17075.exe
2464	Unicorn-17075.exe
2612	Unicorn-59027.exe
2612	Unicorn-59027.exe
2600	Unicorn-36941.exe
2600	Unicorn-36941.exe
3044	Unicorn-47330.exe
3044	Unicorn-47330.exe
2988	Unicorn-21368.exe
2988	Unicorn-21368.exe
2452	Unicorn-45275.exe
2452	Unicorn-45275.exe
2024	Unicorn-9670.exe
2024	Unicorn-9670.exe
1752	Unicorn-49956.exe
1752	Unicorn-49956.exe
2860	Unicorn-21176.exe
2860	Unicorn-21176.exe
2708	Unicorn-50511.exe
2708	Unicorn-50511.exe
2612	Unicorn-59027.exe
2612	Unicorn-59027.exe
3044	Unicorn-47330.exe
3044	Unicorn-47330.exe
1200	Unicorn-16381.exe
1200	Unicorn-16381.exe
2988	Unicorn-21368.exe
2988	Unicorn-21368.exe
2120	Unicorn-21019.exe
2120	Unicorn-21019.exe
2236	Unicorn-53137.exe
2236	Unicorn-53137.exe
324	Unicorn-3744.exe
1056	Unicorn-20081.exe
1056	Unicorn-20081.exe
324	Unicorn-3744.exe
1648	Unicorn-53500.exe
1648	Unicorn-53500.exe
1664	Unicorn-25639.exe
1664	Unicorn-25639.exe
1100	Unicorn-57584.exe
1100	Unicorn-57584.exe
2340	Unicorn-49048.exe
2340	Unicorn-49048.exe

Suspicious use of SetWindowsHookEx 59 IoCs

pid	Process
2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
2164	Unicorn-55926.exe
1580	Unicorn-39756.exe
1720	Unicorn-28058.exe
2732	Unicorn-46012.exe
2464	Unicorn-17075.exe
2600	Unicorn-36941.exe
2452	Unicorn-45275.exe
2612	Unicorn-59027.exe
3044	Unicorn-47330.exe
2988	Unicorn-21368.exe
2024	Unicorn-9670.exe
1752	Unicorn-49956.exe
2708	Unicorn-50511.exe
2860	Unicorn-21176.exe
1200	Unicorn-16381.exe
2120	Unicorn-21019.exe
2236	Unicorn-53137.exe
324	Unicorn-3744.exe
1100	Unicorn-57584.exe
1056	Unicorn-20081.exe
1648	Unicorn-53500.exe
384	Unicorn-41015.exe
1664	Unicorn-25639.exe
332	Unicorn-49048.exe
1280	Unicorn-21149.exe
1672	Unicorn-34383.exe
2108	Unicorn-52945.exe
2340	Unicorn-49048.exe
2316	Unicorn-7626.exe
3056	Unicorn-11212.exe
1624	Unicorn-23465.exe
2532	Unicorn-47969.exe
2764	Unicorn-16174.exe
2640	Unicorn-48846.exe
2668	Unicorn-40486.exe
2852	Unicorn-33662.exe
2804	Unicorn-13049.exe
2440	Unicorn-64663.exe
1944	Unicorn-65218.exe
1436	Unicorn-19355.exe
2864	Unicorn-23993.exe
2784	Unicorn-56666.exe
2424	Unicorn-31415.exe
2960	Unicorn-23439.exe
2720	Unicorn-37589.exe
2508	Unicorn-12338.exe
2820	Unicorn-49095.exe
2788	Unicorn-25145.exe
2412	Unicorn-16785.exe
1132	Unicorn-53350.exe
1352	Unicorn-28291.exe
1116	Unicorn-41097.exe
2080	Unicorn-60963.exe
488	Unicorn-43304.exe
1536	Unicorn-22692.exe
1848	Unicorn-56111.exe
1548	Unicorn-16230.exe
1156	Unicorn-34752.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2164	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2164	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2164	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2164	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	28
PID 2164 wrote to memory of 1580	2164	Unicorn-55926.exe	29
PID 2164 wrote to memory of 1580	2164	Unicorn-55926.exe	29
PID 2164 wrote to memory of 1580	2164	Unicorn-55926.exe	29
PID 2164 wrote to memory of 1580	2164	Unicorn-55926.exe	29
PID 2940 wrote to memory of 1720	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	30
PID 2940 wrote to memory of 1720	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	30
PID 2940 wrote to memory of 1720	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	30
PID 2940 wrote to memory of 1720	2940	e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe	30
PID 1720 wrote to memory of 2732	1720	Unicorn-28058.exe	31
PID 1720 wrote to memory of 2732	1720	Unicorn-28058.exe	31
PID 1720 wrote to memory of 2732	1720	Unicorn-28058.exe	31
PID 1720 wrote to memory of 2732	1720	Unicorn-28058.exe	31
PID 2732 wrote to memory of 2600	2732	Unicorn-46012.exe	32
PID 2732 wrote to memory of 2600	2732	Unicorn-46012.exe	32
PID 2732 wrote to memory of 2600	2732	Unicorn-46012.exe	32
PID 2732 wrote to memory of 2600	2732	Unicorn-46012.exe	32
PID 1720 wrote to memory of 2464	1720	Unicorn-28058.exe	33
PID 1720 wrote to memory of 2464	1720	Unicorn-28058.exe	33
PID 1720 wrote to memory of 2464	1720	Unicorn-28058.exe	33
PID 1720 wrote to memory of 2464	1720	Unicorn-28058.exe	33
PID 2464 wrote to memory of 2452	2464	Unicorn-17075.exe	34
PID 2464 wrote to memory of 2452	2464	Unicorn-17075.exe	34
PID 2464 wrote to memory of 2452	2464	Unicorn-17075.exe	34
PID 2464 wrote to memory of 2452	2464	Unicorn-17075.exe	34
PID 2600 wrote to memory of 2612	2600	Unicorn-36941.exe	35
PID 2600 wrote to memory of 2612	2600	Unicorn-36941.exe	35
PID 2600 wrote to memory of 2612	2600	Unicorn-36941.exe	35
PID 2600 wrote to memory of 2612	2600	Unicorn-36941.exe	35
PID 2732 wrote to memory of 3044	2732	Unicorn-46012.exe	36
PID 2732 wrote to memory of 3044	2732	Unicorn-46012.exe	36
PID 2732 wrote to memory of 3044	2732	Unicorn-46012.exe	36
PID 2732 wrote to memory of 3044	2732	Unicorn-46012.exe	36
PID 2452 wrote to memory of 2988	2452	Unicorn-45275.exe	37
PID 2452 wrote to memory of 2988	2452	Unicorn-45275.exe	37
PID 2452 wrote to memory of 2988	2452	Unicorn-45275.exe	37
PID 2452 wrote to memory of 2988	2452	Unicorn-45275.exe	37
PID 2464 wrote to memory of 2024	2464	Unicorn-17075.exe	38
PID 2464 wrote to memory of 2024	2464	Unicorn-17075.exe	38
PID 2464 wrote to memory of 2024	2464	Unicorn-17075.exe	38
PID 2464 wrote to memory of 2024	2464	Unicorn-17075.exe	38
PID 2612 wrote to memory of 1752	2612	Unicorn-59027.exe	39
PID 2612 wrote to memory of 1752	2612	Unicorn-59027.exe	39
PID 2612 wrote to memory of 1752	2612	Unicorn-59027.exe	39
PID 2612 wrote to memory of 1752	2612	Unicorn-59027.exe	39
PID 2600 wrote to memory of 2708	2600	Unicorn-36941.exe	40
PID 2600 wrote to memory of 2708	2600	Unicorn-36941.exe	40
PID 2600 wrote to memory of 2708	2600	Unicorn-36941.exe	40
PID 2600 wrote to memory of 2708	2600	Unicorn-36941.exe	40
PID 3044 wrote to memory of 2860	3044	Unicorn-47330.exe	41
PID 3044 wrote to memory of 2860	3044	Unicorn-47330.exe	41
PID 3044 wrote to memory of 2860	3044	Unicorn-47330.exe	41
PID 3044 wrote to memory of 2860	3044	Unicorn-47330.exe	41
PID 2988 wrote to memory of 1200	2988	Unicorn-21368.exe	42
PID 2988 wrote to memory of 1200	2988	Unicorn-21368.exe	42
PID 2988 wrote to memory of 1200	2988	Unicorn-21368.exe	42
PID 2988 wrote to memory of 1200	2988	Unicorn-21368.exe	42
PID 2452 wrote to memory of 2120	2452	Unicorn-45275.exe	43
PID 2452 wrote to memory of 2120	2452	Unicorn-45275.exe	43
PID 2452 wrote to memory of 2120	2452	Unicorn-45275.exe	43
PID 2452 wrote to memory of 2120	2452	Unicorn-45275.exe	43

C:\Users\Admin\AppData\Local\Temp\e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9ada4392f4ed5112e2632b1e26a4b77_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        10⤵
        Executes dropped EXE
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        9⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        9⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        9⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        9⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        9⤵
        Executes dropped EXE
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        9⤵
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        10⤵
        Executes dropped EXE
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        9⤵
        Executes dropped EXE
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        9⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        8⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        7⤵
        Executes dropped EXE
        
        PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        8⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        8⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        8⤵
        
        PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17075.exe

Filesize
192KB

MD5
f6eaac4b5cd36852ffc0087e6c06cd5d

SHA1
c2d140bf5068785170efb02894a41d251c586c79

SHA256
35d1d36d138ad6afaa2c67e36003b5e85b2d9eb13185fc0c9c2191b96735c9d1

SHA512
2ed675b22ea8d3829eace19c447b6d96e657d5a3c8a016368e2fd08d771c2e6ee1588a7a467113599d944b84b928a1f82326dae6c5b1e7cc56c0aa604ecdc09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe

Filesize
192KB

MD5
e39b086464f8cc9d928b61549cefa697

SHA1
70ad1a4c9e572f6be8600416b0f2e12ccc0b7bfc

SHA256
09c829223cb395cbe832b74972fe0edc625731e92318702e76d45da190c46b56

SHA512
6e7936c06cf91f6e8aad3ef6aa37fc9b457e89a047be4b86955505293f976280aab262b3ea161a3028634a25325ae30e10465d57dcfce12cac8bdfb902ca2e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe

Filesize
192KB

MD5
9dd76d3ba1797c81391e0ac80ad47ceb

SHA1
52c076997246ca055d9f5253d3c04e44993d3ebe

SHA256
22a79d68ae82c8a3c99ebddf092e86f4320611a06820590dbddc2601433307ea

SHA512
d056a824d946dc916619254a8a3964cd5d78f980d9364eac9eedba6cfc6c32dc335c81601febce778ed365cfc69d45a1d1c2fa2fae12d0853fc9a6525c0d1089

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe

Filesize
192KB

MD5
2e97e1f0892fe22efb138661972963b1

SHA1
bfc33d005ab7871ced4a41a61c1e7b76c5572c19

SHA256
7a7d4eb46a2f63882922c090ed3c37b5df732f20235eaea96f97aa08f8da07c2

SHA512
2e07e2afa4f52d21726a51d34693c928604374ed889863f0483266bfec242449ee33208b5e442562921af16285f30a5d198035eea81d68c13a710c37e28f6e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe

Filesize
192KB

MD5
8b4873a3925591c7df087cda72f6f961

SHA1
5288e3260ccaf1af6678b815c278ce777822a69e

SHA256
ae1b671c2cd1e9c8c3eeffd45198560b3105870043041ca7970b9b60f4286a7f

SHA512
543b0d70361befad653974ad34d3aa9297b7c4bf94a3ea86a09cd8241115118741fb12bd6683b930dede89375588d2770b00d6b4200da54ea7b3e1686f7d5047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe

Filesize
192KB

MD5
9babeedc7156aede4d018310bb3a551d

SHA1
7daf7e97c34a41ed3d46fc0f2db5ff0cafe097ed

SHA256
ea08155487f6763f6ba4db30d621ff7f6cde9958fc46992b2511979f3d477f45

SHA512
ece80ae431184fa7caca1ea2524c8d4f9844c46b3ea8543c809de8354014b1512b1834520785bca96ec7c5e6f768efa07a1a992a9b96a8c6a174ec34f35bfdfe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe

Filesize
192KB

MD5
a7179033450f8a435b5ecbf9b39e11f3

SHA1
afb14c0b0f4af936134a0e76c9853561fbe94e47

SHA256
9c8790ddf86d2da62fece3e809d0e9102390a3ae1d4429841573d36a4f82db79

SHA512
8f75798b8e1203de8727ed9a8d8bd82e459865c8b23fe35bdf272e786006da4533a519af8c830b7fa9d1f6a0042e0ee36b1dc39dbb01a548c5ac1beeb091ffa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe

Filesize
192KB

MD5
80fb8113fa93fc71a1e21678a283e6d9

SHA1
e92e487a22b0cfd190a3072bd0890acd9677f5b9

SHA256
9bdffeb300d68a3a0bf9511a1a587b92a56eb342507929a7dcd9b0172c30018c

SHA512
51e2477bdafd8d9db106c45b16670babb9227be6d29f164f221270ad42e6ea850fdccf29071a337254c7cb84d40aaa3600ae5e45e3069d040837b06ad597c408

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe

Filesize
192KB

MD5
a094e1eb7417ea8734bcdad0553f5fe0

SHA1
9d478dc43c7aeeb3bcc3eeeeeae8c23f6bd6128c

SHA256
7b33f9915eba71185183c11d8d436f7c73f60812c90eabb80191f34a8f9863a9

SHA512
b019672f0fd4d182d0e24cb1446639168ea3fbbb1fd5c20468bb6a0ac40f5a63bdba35a1c56045f2dd1fc4f34d6324eaa4e4651cdd04b3105f7a82f76558c35b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe

Filesize
192KB

MD5
9a139eece4179ad2fe87be58e7402584

SHA1
6995e24fe803f21fa592efeef211371d46483f93

SHA256
0b0c881ec23f442ecaf0554e8c691873149c18782d1ca7f439494e6ba3af517c

SHA512
283ce0c36ab4ec03b1e77697e37b6e09748c58d1bf059c482d84a24df250a84f08461bf7bea794d909a67bb42d91785c5dfaa187928e37284ce8d1ba07c54da7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe

Filesize
192KB

MD5
fdbe3fa6a7590b9e7e6b0d459b92c85c

SHA1
a2c61009d6cfdfd91ac8506e58e09a15013083a3

SHA256
aaf77f0ad952a66eb8c6d335e6eaa0cb0a3a39ce0bdcb4e58098506ee3208153

SHA512
c3f6c932f8bda5f0d83060c8b520df870c6e489a68ca9cb30e71a6f79aaca17f759d7a010ce09047f839e5284ca6f1a4ffce7d30968781ba78e88e901a555f3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe

Filesize
192KB

MD5
608d5500c0fd00165bb9042cf76703a1

SHA1
0777ac40f53f4e2a505f62ad3c73ced2b6f9bdbe

SHA256
18f45f4de6d77d6ce3e5b72b11f2d09199e24f29257ad2f240c91c9bef0a6d5e

SHA512
90b84c032356f38beaa43d4bac61eebc562b2f62fc1a90dcb3c4bfe93f08b7198112568f82d7aa3f98ff21cea04cf9bb1c3eadc83b894397ddda4f021e512c3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe

Filesize
192KB

MD5
2a40b7189a894ea847fffb677a3db95a

SHA1
bfffb7efb20af39b42728f60baab347c40ba1f44

SHA256
3dac745b09ad9b4279e8e6341d5ec6e4af687ef071c194e243e8235d6c43a198

SHA512
48fcde8b1d15f646933fa93399ab8057a26cc28e7aab5a1000f7a204111a61c6a9017d83ce64aea4eea75d750ae07281250ca9ae40ba56faa6b98fe0d46ff76e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe

Filesize
192KB

MD5
9048f2b8c8a824be0b856ccb71248a8b

SHA1
c514e7cff77d0c00f262d8cb6edfd07c42845e08

SHA256
3c7fdae7524e7c2029c3bb4c85c3a768234c340d6137c9983930da159d423413

SHA512
c52042c289917fcfda16d49ab3a274bcda26f79d6daafe265351343c468004913207714904af5d8b5ad2bff152814afb4f6840a1313ea41bc04cc95c0e125c39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe

Filesize
192KB

MD5
91a6d0a26926ed32f65a7db725eb3ee1

SHA1
2b28df10b6dd0ad9174880c48e4644e3284c04fe

SHA256
04f9a9a06471d685f26e94df3dc9e86bfe0ad8d550699660a8db9a54170cd1e8

SHA512
85e0e5c854e8ac5c46b8c803245f70940c823a9060e3779316bc3d44c892046724f420e295c1deb83f1eaa34a5364ac141e0e3e967d3f3060382862c2454b58a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe

Filesize
192KB

MD5
58ffd4562bf54fb972504608d634eb6b

SHA1
bde62fece1954a9f5a3230daf69df39358f5cdf1

SHA256
29f589c75827a49c9766036399a587bcc2bbe66031b65d51c56530a6f0599127

SHA512
f6ae5b5a645dcac3b86e0563e4eac1b5a66270d28165b89916d9c1d81ebae4a1505d7bb65052b11b8c2e5f7e5aa759b5f6992ecf646456fc8e4bdbd834b8caf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe

Filesize
192KB

MD5
a920de99fff36860cc75031c37bd76fe

SHA1
f271aa15da976bb693126c55b833e0faea9e94c2

SHA256
fcd17d059f5ff8856f8a7eaf41b631654d132b602531f82ded92e252cddcfbc0

SHA512
c8c9180fff16c740cc296e78b443dae40ccfef6a1ce4325676b20928ef82adaff73a2b0623350cec6bd00f1d6e3768e03e25333aff9521fac647475e85290844

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe

Filesize
192KB

MD5
bae334c95890ac1078bfc4e8c9a97b32

SHA1
db2c9dc95112e545486a131db0797bc6bb889af4

SHA256
a9c9e46b9c14f16a6d08e5329790f368912608f2510455c49606a8256edeaed8

SHA512
2ce9bbd644671ecf717327d93df2dcb32cea0d4b3ad1f05eee520d2d4de1daa38b53d7ea33451d6dbc4f0a9adaf601a9e5f0b51855c1869f4329feac3d3ed6be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads