dbacec4b18adae11dfb0f8bacd72839918f3d58c78d887fcfecaf7bb5ffd447f

Analysis

max time kernel
23s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 22:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
Size

184KB
MD5

ec18f3c01f754095e67e4a647edd0fe1
SHA1

703bfe8abc70ab2a13c68b4855224fb1b377c139
SHA256

dbacec4b18adae11dfb0f8bacd72839918f3d58c78d887fcfecaf7bb5ffd447f
SHA512

1f1f0c3fca64e65ad3fb4359881e5706bd54b5aebc79bf59e8616e84031e0ad6d239756762a6f25773edbd89f484b6ca4b2757da1138f3eca787c7cc9b95bed0
SSDEEP

3072:+PeZoVg7eSAE5GPJHaLOJPcZChJwMBDYlgQrxKLL6BClP6pin:+P8ob3E5SHvJPcgIE2ClP6pi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 40 IoCs

pid	Process
1076	Unicorn-55546.exe
2640	Unicorn-31125.exe
1716	Unicorn-11259.exe
2876	Unicorn-42547.exe
2612	Unicorn-10237.exe
2472	Unicorn-30103.exe
2508	Unicorn-13849.exe
3020	Unicorn-12458.exe
1644	Unicorn-5681.exe
2348	Unicorn-39100.exe
320	Unicorn-58966.exe
2540	Unicorn-61742.exe
2636	Unicorn-16071.exe
1520	Unicorn-42713.exe
2964	Unicorn-46797.exe
2104	Unicorn-56911.exe
2024	Unicorn-49298.exe
2820	Unicorn-63688.exe
1636	Unicorn-60995.exe
448	Unicorn-47949.exe
1664	Unicorn-694.exe
1532	Unicorn-19723.exe
1996	Unicorn-4778.exe
956	Unicorn-38197.exe
1732	Unicorn-62147.exe
1200	Unicorn-64840.exe
2152	Unicorn-45811.exe
2140	Unicorn-25945.exe
3056	Unicorn-34135.exe
1072	Unicorn-25967.exe
1752	Unicorn-62723.exe
1808	Unicorn-42857.exe
1696	Unicorn-17860.exe
804	Unicorn-17860.exe
2212	Unicorn-37726.exe
2228	Unicorn-37726.exe
868	Unicorn-17882.exe
3012	Unicorn-28550.exe
2204	Unicorn-17882.exe
2868	Unicorn-9521.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
1076	Unicorn-55546.exe
1076	Unicorn-55546.exe
2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
1716	Unicorn-11259.exe
1716	Unicorn-11259.exe
1076	Unicorn-55546.exe
1076	Unicorn-55546.exe
2640	Unicorn-31125.exe
2640	Unicorn-31125.exe
2876	Unicorn-42547.exe
2876	Unicorn-42547.exe
1716	Unicorn-11259.exe
1716	Unicorn-11259.exe
2612	Unicorn-10237.exe
2612	Unicorn-10237.exe
2640	Unicorn-31125.exe
2640	Unicorn-31125.exe
2472	Unicorn-30103.exe
2472	Unicorn-30103.exe
2876	Unicorn-42547.exe
2508	Unicorn-13849.exe
2876	Unicorn-42547.exe
2508	Unicorn-13849.exe
3020	Unicorn-12458.exe
3020	Unicorn-12458.exe
1644	Unicorn-5681.exe
1644	Unicorn-5681.exe
2612	Unicorn-10237.exe
2612	Unicorn-10237.exe
2348	Unicorn-39100.exe
2348	Unicorn-39100.exe
2472	Unicorn-30103.exe
2472	Unicorn-30103.exe
320	Unicorn-58966.exe
320	Unicorn-58966.exe
2540	Unicorn-61742.exe
2540	Unicorn-61742.exe
2636	Unicorn-16071.exe
2636	Unicorn-16071.exe
2508	Unicorn-13849.exe
2508	Unicorn-13849.exe
1520	Unicorn-42713.exe
1520	Unicorn-42713.exe
3020	Unicorn-12458.exe
3020	Unicorn-12458.exe
2964	Unicorn-46797.exe
2964	Unicorn-46797.exe
1644	Unicorn-5681.exe
1644	Unicorn-5681.exe
2348	Unicorn-39100.exe
2104	Unicorn-56911.exe
2348	Unicorn-39100.exe
2104	Unicorn-56911.exe
2024	Unicorn-49298.exe
2024	Unicorn-49298.exe
1636	Unicorn-60995.exe
1636	Unicorn-60995.exe
2820	Unicorn-63688.exe
320	Unicorn-58966.exe
2820	Unicorn-63688.exe
320	Unicorn-58966.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
1076	Unicorn-55546.exe
1716	Unicorn-11259.exe
2640	Unicorn-31125.exe
2876	Unicorn-42547.exe
2612	Unicorn-10237.exe
2472	Unicorn-30103.exe
2508	Unicorn-13849.exe
3020	Unicorn-12458.exe
1644	Unicorn-5681.exe
2348	Unicorn-39100.exe
320	Unicorn-58966.exe
2540	Unicorn-61742.exe
2636	Unicorn-16071.exe
1520	Unicorn-42713.exe
2964	Unicorn-46797.exe
2104	Unicorn-56911.exe
2024	Unicorn-49298.exe
2820	Unicorn-63688.exe
1636	Unicorn-60995.exe
448	Unicorn-47949.exe
1664	Unicorn-694.exe
1532	Unicorn-19723.exe
1996	Unicorn-4778.exe
956	Unicorn-38197.exe
1732	Unicorn-62147.exe
1200	Unicorn-64840.exe
2152	Unicorn-45811.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1076	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	28
PID 2356 wrote to memory of 1076	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	28
PID 2356 wrote to memory of 1076	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	28
PID 2356 wrote to memory of 1076	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	28
PID 1076 wrote to memory of 2640	1076	Unicorn-55546.exe	30
PID 1076 wrote to memory of 2640	1076	Unicorn-55546.exe	30
PID 1076 wrote to memory of 2640	1076	Unicorn-55546.exe	30
PID 1076 wrote to memory of 2640	1076	Unicorn-55546.exe	30
PID 2356 wrote to memory of 1716	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	29
PID 2356 wrote to memory of 1716	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	29
PID 2356 wrote to memory of 1716	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	29
PID 2356 wrote to memory of 1716	2356	ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe	29
PID 1716 wrote to memory of 2876	1716	Unicorn-11259.exe	31
PID 1716 wrote to memory of 2876	1716	Unicorn-11259.exe	31
PID 1716 wrote to memory of 2876	1716	Unicorn-11259.exe	31
PID 1716 wrote to memory of 2876	1716	Unicorn-11259.exe	31
PID 1076 wrote to memory of 2612	1076	Unicorn-55546.exe	32
PID 1076 wrote to memory of 2612	1076	Unicorn-55546.exe	32
PID 1076 wrote to memory of 2612	1076	Unicorn-55546.exe	32
PID 1076 wrote to memory of 2612	1076	Unicorn-55546.exe	32
PID 2640 wrote to memory of 2472	2640	Unicorn-31125.exe	33
PID 2640 wrote to memory of 2472	2640	Unicorn-31125.exe	33
PID 2640 wrote to memory of 2472	2640	Unicorn-31125.exe	33
PID 2640 wrote to memory of 2472	2640	Unicorn-31125.exe	33
PID 2876 wrote to memory of 2508	2876	Unicorn-42547.exe	34
PID 2876 wrote to memory of 2508	2876	Unicorn-42547.exe	34
PID 2876 wrote to memory of 2508	2876	Unicorn-42547.exe	34
PID 2876 wrote to memory of 2508	2876	Unicorn-42547.exe	34
PID 1716 wrote to memory of 3020	1716	Unicorn-11259.exe	35
PID 1716 wrote to memory of 3020	1716	Unicorn-11259.exe	35
PID 1716 wrote to memory of 3020	1716	Unicorn-11259.exe	35
PID 1716 wrote to memory of 3020	1716	Unicorn-11259.exe	35
PID 2612 wrote to memory of 1644	2612	Unicorn-10237.exe	36
PID 2612 wrote to memory of 1644	2612	Unicorn-10237.exe	36
PID 2612 wrote to memory of 1644	2612	Unicorn-10237.exe	36
PID 2612 wrote to memory of 1644	2612	Unicorn-10237.exe	36
PID 2640 wrote to memory of 2348	2640	Unicorn-31125.exe	37
PID 2640 wrote to memory of 2348	2640	Unicorn-31125.exe	37
PID 2640 wrote to memory of 2348	2640	Unicorn-31125.exe	37
PID 2640 wrote to memory of 2348	2640	Unicorn-31125.exe	37
PID 2472 wrote to memory of 320	2472	Unicorn-30103.exe	38
PID 2472 wrote to memory of 320	2472	Unicorn-30103.exe	38
PID 2472 wrote to memory of 320	2472	Unicorn-30103.exe	38
PID 2472 wrote to memory of 320	2472	Unicorn-30103.exe	38
PID 2876 wrote to memory of 2540	2876	Unicorn-42547.exe	39
PID 2508 wrote to memory of 2636	2508	Unicorn-13849.exe	40
PID 2876 wrote to memory of 2540	2876	Unicorn-42547.exe	39
PID 2876 wrote to memory of 2540	2876	Unicorn-42547.exe	39
PID 2508 wrote to memory of 2636	2508	Unicorn-13849.exe	40
PID 2876 wrote to memory of 2540	2876	Unicorn-42547.exe	39
PID 2508 wrote to memory of 2636	2508	Unicorn-13849.exe	40
PID 2508 wrote to memory of 2636	2508	Unicorn-13849.exe	40
PID 3020 wrote to memory of 1520	3020	Unicorn-12458.exe	41
PID 3020 wrote to memory of 1520	3020	Unicorn-12458.exe	41
PID 3020 wrote to memory of 1520	3020	Unicorn-12458.exe	41
PID 3020 wrote to memory of 1520	3020	Unicorn-12458.exe	41
PID 1644 wrote to memory of 2964	1644	Unicorn-5681.exe	42
PID 1644 wrote to memory of 2964	1644	Unicorn-5681.exe	42
PID 1644 wrote to memory of 2964	1644	Unicorn-5681.exe	42
PID 1644 wrote to memory of 2964	1644	Unicorn-5681.exe	42
PID 2612 wrote to memory of 2024	2612	Unicorn-10237.exe	43
PID 2612 wrote to memory of 2024	2612	Unicorn-10237.exe	43
PID 2612 wrote to memory of 2024	2612	Unicorn-10237.exe	43
PID 2612 wrote to memory of 2024	2612	Unicorn-10237.exe	43

C:\Users\Admin\AppData\Local\Temp\ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec18f3c01f754095e67e4a647edd0fe1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        7⤵
        Executes dropped EXE
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        9⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        6⤵
        Executes dropped EXE
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        8⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        9⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62723.exe
        6⤵
        Executes dropped EXE
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        8⤵
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        8⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        5⤵
        Executes dropped EXE
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        6⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        8⤵
        
        PID:1676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        5⤵
        Executes dropped EXE
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        6⤵
        
        PID:592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        7⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        10⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        6⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        7⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        6⤵
        Executes dropped EXE
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        8⤵
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        6⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        7⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17860.exe
        5⤵
        Executes dropped EXE
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
        6⤵
        
        PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        6⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33046.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        10⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        5⤵
        Executes dropped EXE
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        7⤵
        
        PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        5⤵
        Executes dropped EXE
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        7⤵
        
        PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe

Filesize
184KB

MD5
3af002ddb073cf57f77a62d248597bb2

SHA1
62bdb2452644e95db2a7f058f8e790a741fb887d

SHA256
6b84edd26791812a252091822bee33100170bb82325c4b26c3dbaf2774d68071

SHA512
a9ad6fea422cbf97d7e0bc80ab28b573e689736f16f95ee3be62229cd2b84d0c5eb4aff1724eb6ca4fabe9f1c471194b655a15e86f7cf94298e051aa6cec4e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe

Filesize
184KB

MD5
a57eb70ab1ad48cec3ed9ba4796a4ce1

SHA1
12c399a495b2c5ede2c164d2dba734e491d751c5

SHA256
b902ab911ce3ddc05445eeb38f488cd9a2ad48ed59057531eca7953c341c6128

SHA512
e039eb5e8bcb4b08ab120bd13bd62703abde0403e36cad4f6c20c5c9d5e54319d938cc9ef7b74ce5aa389a97c3b2650d02c39fd982fd42b04bfd3984f886c7f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe

Filesize
184KB

MD5
413f6f78c8b2387a20183e9305a499a9

SHA1
ce7cfed5bb2769a0fce565fe2eeae8e583e2f795

SHA256
8691f2802a878a6f5254bfc398fee8e637a4510a60be0ea9b6b7e177a331422c

SHA512
3a85fc89155670a61d3bedc41dada75aa54837eac974a62ef6e4d18b402d3d55c7efe5074a7f02f87879e657e559cdf4694aa76c5d90318b95ef96d560d4de6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe

Filesize
184KB

MD5
1a235275e3d703e6f06008ecd35b43bb

SHA1
cd29587ea0992940b6a281fe13b8908561d2ddfd

SHA256
458d168f7af38786a4bb39d73fdd9a02371d3293f11c82355c21d6a6b18acfd2

SHA512
0f9b1b4b2713db69378c1870e82e83d3f6c70c689c3eee433ea6629cfba44f88ed448400dbbcd2c2eba7b457439e285f27a0aa5d5f3e568e5a03044a4c0fe60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe

Filesize
184KB

MD5
7c8f723bfdd77106f40f350c7cee6afe

SHA1
05d4b052ccfad0de1024b1c7f50798c8512bcfb7

SHA256
55b4aa6b7e71fbd7f86fa1134fe47c0b716bc2ff93a735f79c1dd20d7ce07106

SHA512
9bcc9bab59d5a35bcd717cbb3646cc533e29dd6a364be3e28774bcc5641a08d938b21c36afcb97ee6388f488a8cad844bad67cf5d560aeb3e92c1fa6aa3827b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe

Filesize
184KB

MD5
cb02b7abe6094e9189d8f1f0c1ba0c05

SHA1
8e49c74b31c07d31de18cb909190463b81834ded

SHA256
b2fcb8ef189d947bdf5f551e5c746f3dd257fa0dda88314ff66c4b5cf8eaae31

SHA512
7f4413e4be0f7816e2f01eacb1912bcc9245973676dd7b43835564161b3861cf856c0e4988a1fc59e30a85e19b9623b4d82eb090bc82b03d7946959c16fa1619

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe

Filesize
184KB

MD5
75c24a2dc04cd39956a3359ce6d8c19f

SHA1
7927e491eedf6f794efc3a729f07aec42f0d43f4

SHA256
1c0a45e5ccee5c6a6a1005a71ab32b5d1ee09e89ddc1acec535726cdcebe32eb

SHA512
1dd841f4326124f76e1634216f086ce94f6c6652fc3d53fc96e0c40c07774a429b031f0247849fd1da2ee41cd9804c8778b3e21f296e08838ab8df92a2287a2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe

Filesize
184KB

MD5
decbb258ae639fa7d20367aaf872fa3f

SHA1
7a605387b2fe7c7a85c4a75df459c1aea60269c2

SHA256
cd8336380b6b891bdfc2e52e8db95cf13d50cf4027632d4e5c4f2084dd1fc557

SHA512
1276c5f214f4547c15617116bc6cd2b140812c8adde8d0d4747dc5ea7ba0b0f57023994fde5bc18deaa777fd1ed87c5c985de3e252b0b6566f6dbe64d01a2b6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe

Filesize
184KB

MD5
c978a184272ac9e899717f96269c44ea

SHA1
3e3f760373f4bf65722d2e6aaaa8181252654ae1

SHA256
862fbef2c2993b21f508527277302236d4096fcc4954f71fac8d0b6f495994ae

SHA512
ab68691eb646fb799cd8b5497c1b0bb62621a65da962523d57c1462c0f280eec640b5b5e66f91d7ec986be96ff9c99b9fb292d2e8479316fb978b0617de74639

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe

Filesize
184KB

MD5
fd256820de6997e721e896a5eb9ce91d

SHA1
0736605db4e371cced6c385d1c7f5f60e66e8bc3

SHA256
59027d5d9ca112221c8c899fcfb0e50a765fbd6457eb203cb4160c896e45b89e

SHA512
f247bf16ce11fb09208926ac1f34f30f81c5e6c35104740e4adffb1727fc86e497f10ccec5ad57d51a554abbe1abb340822f4c9349f24800ae1e9b664104de01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe

Filesize
184KB

MD5
9dc5b25e78fdd3cc850bfe1a13092400

SHA1
9fcd31b7f6fc2894c8fe6d5ae0057973e510349a

SHA256
24a7ee82ec0c10b47087e61fe5c515e497d3c1bc939178ce008b0c580074d283

SHA512
eef7e0b3a598178bd575d901cbbb129938fd044f1dd5ea3e7e28bac000488372a2b649832e5bcac0726c01e4ed48f6cf8d6ae42587a067c649f554bf21b60ad1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe

Filesize
184KB

MD5
fc28ce9f62c34ce1f144dfa02a2afc88

SHA1
52a3190750c764078aa43827f6efda452c2677e3

SHA256
d379306b227b4d63c5bcc7edea21b614c7f622cb5d1e0dcb53975cde115099b6

SHA512
cbc5be71a284d8f9bc9f53ceb21d6d2a9c2a9e8655d76bbf8e8f10c364bbdd1e744add019bb4e5a21dacb82cb9658c8d6cf838ee2b0692ea6b4041c30528f995

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe

Filesize
184KB

MD5
e9346a096e3675aa3eb15b15c58870ad

SHA1
44628f00e7d72b295a126a2b8f2f586bf183b13a

SHA256
231ee83651e9a665cb3a10566b9f5771e3bb659c41dbc755bca2065a76783cc6

SHA512
7806ff34c7db876185afaf17c2a6507b78b5be3e9f412c7078c4b3455fb021fb36ead02df55dd40e9e624bdc7240172ddd6464a6be85d88b8ac8c9abf604444d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe

Filesize
184KB

MD5
f6752f0f1e6d0a889026b05a4824823c

SHA1
89d3a5ccf686ac8d7f8304635d8a2b67f9be2e4a

SHA256
137158020a88d82fce39be19b7e60616cf02eb0911252920d883ec1edec9fbd8

SHA512
7e43c8c4c9574056593cc840e682186ea8ca0659ebd53a0eac82393796b1780993fb45d7770e56d529007adae00249c409fb1f7ee91a145ee1622a138c7de402

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe

Filesize
184KB

MD5
22cef2eaf872163b520e0a68cc65dfa5

SHA1
acac5802cd1a726a623ddf636397b67667e38485

SHA256
0c780f5a1a7dfb99ca532866c4c73217538e4049ce9d97b4d33f8aa94cebf6cc

SHA512
48dac28abdd3d8bee2e4f0fa357bee6a31eecf4094955fa01156c7fa72389a7fa11fbeeb9f3351fe6291ccf7d568d5bd3361e2bd12ce4170c3311e1f7eb339c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe

Filesize
184KB

MD5
68fdf5c79c0bd09064139e5853fc154d

SHA1
9be05b8a881cf4b9f3257b691ebe0a548d8ef47a

SHA256
2784e5ee147df1dd6a61d09b90cfafd21192f3ff50ddec17f909a48f5497de44

SHA512
0df30a16063c40b860f055d5216d87323962e5c420e3007882c02f8551ff3ae256a6353bff1817bb9a4ead9157c1087459ba50865db99c3e52c46f2f133965e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe

Filesize
184KB

MD5
0fecd4d762b7c103dd47ffa90cd90527

SHA1
25713efbcd45b8a3c24ec35d84dcb7500f109235

SHA256
aa31b5ecc9fbf3aaed47be41784fd40382436f72b47e10ead51418be1bc12ba7

SHA512
0eb81a398d423ba0a1061ddc9f57a46d0927d5e5347cf1a226a128517fd13c368d7b40c8a34664bafd546091253b04a3ea1e7aac51a5418bfe2805903c8e72a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe

Filesize
184KB

MD5
6c728337b8d44142c200461f80aa1799

SHA1
a280069bf020255375cbd0d84242cef1c4cf2d47

SHA256
12b423f33e487a15a6a94484d6cb340ed7ac1303f2a0cef3b294c96c68d52007

SHA512
f65ff5187d5ddfb094c7e08056eb29775d1a7c4aabf772f91572c1414562eda8ca1172ee9076643adc29fc1f8fb6692e169068313e2f8f7b860ea5c90bd36edf

Download Submit
memory/1976-446-0x00000000028B0000-0x0000000002A0C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads