4e750bdcb51023842ad7492c8c72ab55214c74b6933eb0d331368461ff7cabf4

Analysis

max time kernel
30s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
Size

184KB
MD5

ec57263c9a5567aa65de0155e7bab0f6
SHA1

71bab95152915640d525b614ad4554dfa9d02a1b
SHA256

4e750bdcb51023842ad7492c8c72ab55214c74b6933eb0d331368461ff7cabf4
SHA512

baeb0f2c4e48f7b799c929cb6b4f29401110aa23de8bcb74d2da50c836ec412bb6bb642373fa1b7e2d87eccad1448748d8ce8d223f385c7c097330c33c12d888
SSDEEP

3072:SvTGoAZU5EAUkrk0pds60088rP+pr3QcTU0Yx7gt4aBlPvwFF:SviodVjrHdf008QuEEBlPvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 60 IoCs

pid	Process
1704	Unicorn-60340.exe
3064	Unicorn-57500.exe
2636	Unicorn-6716.exe
2460	Unicorn-17813.exe
2528	Unicorn-15160.exe
2436	Unicorn-47195.exe
1516	Unicorn-6067.exe
2820	Unicorn-56347.exe
2924	Unicorn-29425.exe
2060	Unicorn-8023.exe
1048	Unicorn-40058.exe
320	Unicorn-54218.exe
788	Unicorn-35312.exe
960	Unicorn-57171.exe
1336	Unicorn-41913.exe
1996	Unicorn-64732.exe
2024	Unicorn-62786.exe
1444	Unicorn-3803.exe
2096	Unicorn-45033.exe
3036	Unicorn-8814.exe
2076	Unicorn-53910.exe
1340	Unicorn-6868.exe
1376	Unicorn-19858.exe
1320	Unicorn-46972.exe
1780	Unicorn-724.exe
3028	Unicorn-28836.exe
1924	Unicorn-25939.exe
2292	Unicorn-25188.exe
2836	Unicorn-64663.exe
2160	Unicorn-1010.exe
1940	Unicorn-23600.exe
1608	Unicorn-4310.exe
2112	Unicorn-28450.exe
2624	Unicorn-9544.exe
2628	Unicorn-7344.exe
2840	Unicorn-23790.exe
2640	Unicorn-42574.exe
2424	Unicorn-16686.exe
2484	Unicorn-28314.exe
2596	Unicorn-54552.exe
2456	Unicorn-8304.exe
2940	Unicorn-624.exe
2968	Unicorn-20355.exe
2704	Unicorn-46509.exe
1716	Unicorn-46509.exe
1856	Unicorn-837.exe
2700	Unicorn-837.exe
1036	Unicorn-57158.exe
2488	Unicorn-44792.exe
1916	Unicorn-52472.exe
324	Unicorn-25502.exe
2776	Unicorn-8253.exe
488	Unicorn-53925.exe
1492	Unicorn-13162.exe
2000	Unicorn-20615.exe
1332	Unicorn-53835.exe
712	Unicorn-20442.exe
1512	Unicorn-31183.exe
2712	Unicorn-31183.exe
1796	Unicorn-51049.exe

Loads dropped DLL 64 IoCs

pid	Process
1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
1704	Unicorn-60340.exe
1704	Unicorn-60340.exe
1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
3064	Unicorn-57500.exe
1704	Unicorn-60340.exe
3064	Unicorn-57500.exe
1704	Unicorn-60340.exe
2636	Unicorn-6716.exe
2636	Unicorn-6716.exe
2460	Unicorn-17813.exe
2460	Unicorn-17813.exe
3064	Unicorn-57500.exe
2528	Unicorn-15160.exe
3064	Unicorn-57500.exe
2528	Unicorn-15160.exe
2636	Unicorn-6716.exe
2636	Unicorn-6716.exe
2436	Unicorn-47195.exe
2436	Unicorn-47195.exe
1516	Unicorn-6067.exe
1516	Unicorn-6067.exe
2460	Unicorn-17813.exe
2460	Unicorn-17813.exe
2924	Unicorn-29425.exe
2924	Unicorn-29425.exe
2528	Unicorn-15160.exe
2528	Unicorn-15160.exe
2820	Unicorn-56347.exe
2060	Unicorn-8023.exe
2060	Unicorn-8023.exe
2820	Unicorn-56347.exe
1048	Unicorn-40058.exe
1048	Unicorn-40058.exe
2436	Unicorn-47195.exe
2436	Unicorn-47195.exe
320	Unicorn-54218.exe
320	Unicorn-54218.exe
1516	Unicorn-6067.exe
1516	Unicorn-6067.exe
788	Unicorn-35312.exe
788	Unicorn-35312.exe
960	Unicorn-57171.exe
960	Unicorn-57171.exe
2924	Unicorn-29425.exe
2924	Unicorn-29425.exe
1336	Unicorn-41913.exe
1336	Unicorn-41913.exe
1996	Unicorn-64732.exe
1996	Unicorn-64732.exe
2060	Unicorn-8023.exe
2060	Unicorn-8023.exe
2024	Unicorn-62786.exe
2024	Unicorn-62786.exe
2820	Unicorn-56347.exe
2820	Unicorn-56347.exe
2096	Unicorn-45033.exe
2096	Unicorn-45033.exe
1444	Unicorn-3803.exe
1444	Unicorn-3803.exe
1048	Unicorn-40058.exe
1048	Unicorn-40058.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1872	1780	WerFault.exe	52
2720	2424	WerFault.exe	65

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
1704	Unicorn-60340.exe
3064	Unicorn-57500.exe
2636	Unicorn-6716.exe
2460	Unicorn-17813.exe
2528	Unicorn-15160.exe
2436	Unicorn-47195.exe
1516	Unicorn-6067.exe
2924	Unicorn-29425.exe
2820	Unicorn-56347.exe
2060	Unicorn-8023.exe
1048	Unicorn-40058.exe
320	Unicorn-54218.exe
788	Unicorn-35312.exe
960	Unicorn-57171.exe
1336	Unicorn-41913.exe
1996	Unicorn-64732.exe
2024	Unicorn-62786.exe
2096	Unicorn-45033.exe
1444	Unicorn-3803.exe
3036	Unicorn-8814.exe
2076	Unicorn-53910.exe
1340	Unicorn-6868.exe
1376	Unicorn-19858.exe
1320	Unicorn-46972.exe
1780	Unicorn-724.exe
3028	Unicorn-28836.exe
1924	Unicorn-25939.exe
2292	Unicorn-25188.exe
2836	Unicorn-64663.exe
2160	Unicorn-1010.exe
1940	Unicorn-23600.exe
1608	Unicorn-4310.exe
2112	Unicorn-28450.exe
2628	Unicorn-7344.exe
2624	Unicorn-9544.exe
2840	Unicorn-23790.exe
2456	Unicorn-8304.exe
2640	Unicorn-42574.exe
2596	Unicorn-54552.exe
2484	Unicorn-28314.exe
2940	Unicorn-624.exe
2424	Unicorn-16686.exe
2968	Unicorn-20355.exe
1492	Unicorn-13162.exe
2488	Unicorn-44792.exe
2000	Unicorn-20615.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1704	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	28
PID 1752 wrote to memory of 1704	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	28
PID 1752 wrote to memory of 1704	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	28
PID 1752 wrote to memory of 1704	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	28
PID 1704 wrote to memory of 3064	1704	Unicorn-60340.exe	29
PID 1704 wrote to memory of 3064	1704	Unicorn-60340.exe	29
PID 1704 wrote to memory of 3064	1704	Unicorn-60340.exe	29
PID 1704 wrote to memory of 3064	1704	Unicorn-60340.exe	29
PID 1752 wrote to memory of 2636	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	30
PID 1752 wrote to memory of 2636	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	30
PID 1752 wrote to memory of 2636	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	30
PID 1752 wrote to memory of 2636	1752	ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2460	3064	Unicorn-57500.exe	31
PID 3064 wrote to memory of 2460	3064	Unicorn-57500.exe	31
PID 3064 wrote to memory of 2460	3064	Unicorn-57500.exe	31
PID 3064 wrote to memory of 2460	3064	Unicorn-57500.exe	31
PID 1704 wrote to memory of 2528	1704	Unicorn-60340.exe	32
PID 1704 wrote to memory of 2528	1704	Unicorn-60340.exe	32
PID 1704 wrote to memory of 2528	1704	Unicorn-60340.exe	32
PID 1704 wrote to memory of 2528	1704	Unicorn-60340.exe	32
PID 2636 wrote to memory of 2436	2636	Unicorn-6716.exe	33
PID 2636 wrote to memory of 2436	2636	Unicorn-6716.exe	33
PID 2636 wrote to memory of 2436	2636	Unicorn-6716.exe	33
PID 2636 wrote to memory of 2436	2636	Unicorn-6716.exe	33
PID 2460 wrote to memory of 1516	2460	Unicorn-17813.exe	34
PID 2460 wrote to memory of 1516	2460	Unicorn-17813.exe	34
PID 2460 wrote to memory of 1516	2460	Unicorn-17813.exe	34
PID 2460 wrote to memory of 1516	2460	Unicorn-17813.exe	34
PID 3064 wrote to memory of 2820	3064	Unicorn-57500.exe	35
PID 3064 wrote to memory of 2820	3064	Unicorn-57500.exe	35
PID 3064 wrote to memory of 2820	3064	Unicorn-57500.exe	35
PID 3064 wrote to memory of 2820	3064	Unicorn-57500.exe	35
PID 2528 wrote to memory of 2924	2528	Unicorn-15160.exe	36
PID 2528 wrote to memory of 2924	2528	Unicorn-15160.exe	36
PID 2528 wrote to memory of 2924	2528	Unicorn-15160.exe	36
PID 2528 wrote to memory of 2924	2528	Unicorn-15160.exe	36
PID 2636 wrote to memory of 2060	2636	Unicorn-6716.exe	37
PID 2636 wrote to memory of 2060	2636	Unicorn-6716.exe	37
PID 2636 wrote to memory of 2060	2636	Unicorn-6716.exe	37
PID 2636 wrote to memory of 2060	2636	Unicorn-6716.exe	37
PID 2436 wrote to memory of 1048	2436	Unicorn-47195.exe	38
PID 2436 wrote to memory of 1048	2436	Unicorn-47195.exe	38
PID 2436 wrote to memory of 1048	2436	Unicorn-47195.exe	38
PID 2436 wrote to memory of 1048	2436	Unicorn-47195.exe	38
PID 1516 wrote to memory of 320	1516	Unicorn-6067.exe	39
PID 1516 wrote to memory of 320	1516	Unicorn-6067.exe	39
PID 1516 wrote to memory of 320	1516	Unicorn-6067.exe	39
PID 1516 wrote to memory of 320	1516	Unicorn-6067.exe	39
PID 2460 wrote to memory of 788	2460	Unicorn-17813.exe	40
PID 2460 wrote to memory of 788	2460	Unicorn-17813.exe	40
PID 2460 wrote to memory of 788	2460	Unicorn-17813.exe	40
PID 2460 wrote to memory of 788	2460	Unicorn-17813.exe	40
PID 2924 wrote to memory of 960	2924	Unicorn-29425.exe	41
PID 2924 wrote to memory of 960	2924	Unicorn-29425.exe	41
PID 2924 wrote to memory of 960	2924	Unicorn-29425.exe	41
PID 2924 wrote to memory of 960	2924	Unicorn-29425.exe	41
PID 2528 wrote to memory of 1336	2528	Unicorn-15160.exe	42
PID 2528 wrote to memory of 1336	2528	Unicorn-15160.exe	42
PID 2528 wrote to memory of 1336	2528	Unicorn-15160.exe	42
PID 2528 wrote to memory of 1336	2528	Unicorn-15160.exe	42
PID 2060 wrote to memory of 1996	2060	Unicorn-8023.exe	44
PID 2060 wrote to memory of 1996	2060	Unicorn-8023.exe	44
PID 2060 wrote to memory of 1996	2060	Unicorn-8023.exe	44
PID 2060 wrote to memory of 1996	2060	Unicorn-8023.exe	44

C:\Users\Admin\AppData\Local\Temp\ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec57263c9a5567aa65de0155e7bab0f6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28450.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20615.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        9⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        8⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        8⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        7⤵
        Executes dropped EXE
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        7⤵
        Executes dropped EXE
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        6⤵
        Executes dropped EXE
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        6⤵
        Executes dropped EXE
        
        PID:1036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        8⤵
        Executes dropped EXE
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        7⤵
        Executes dropped EXE
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        7⤵
        Executes dropped EXE
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33981.exe
        8⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        6⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        7⤵
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        7⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 372
        7⤵
        Program crash
        
        PID:2720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 380
        6⤵
        Program crash
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        6⤵
        
        PID:1328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        7⤵
        Executes dropped EXE
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        8⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        6⤵
        Executes dropped EXE
        
        PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8253.exe
        6⤵
        Executes dropped EXE
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        7⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        5⤵
        Executes dropped EXE
        
        PID:488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        8⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        5⤵
        Executes dropped EXE
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        6⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        5⤵
        Executes dropped EXE
        
        PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe

Filesize
184KB

MD5
ce39ee9240adb901273ebce2d138c013

SHA1
35896db93d9e3b5e0c5947b2ca2ff85e08fe77cd

SHA256
3e1552d6c76802038b7a56d143fc790c6e4f7e26f120fa6188d08ef75aa04064

SHA512
9aed0a1645cb3496114eb37dc3edfd8125c05e4273bc70d296be12881e70152ccd32dbadd30dd38cc9d264d3ab297c55d10e9c376e47c059b9ee71ff77fa1b2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe

Filesize
184KB

MD5
556e197ec0eaa8df0add93f951417b10

SHA1
76775b5a0601db9450e1a39b2570fce6cf0265e9

SHA256
646632bd5ded71de9ebef502f083b30836c7709fff76ca9e28f287b78d7df3fe

SHA512
42d4df963545ab8be16613078e1bed8ef00071cbcb6eb885bffac06f237840dc92552d88abf21de4ab8c7fdf98016d33e867087aa992b448b9e478ef6a7cb4db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe

Filesize
184KB

MD5
4d9198573794f60f718d3d7bf4e246f5

SHA1
e81d938d0ae632f056c5898c3e4ef799f614330d

SHA256
98ef6ad65348f70aeef7c35c7b930f363272374001d79e67d01e22590a5ad8c2

SHA512
306ce25d2763c1997a09f342b4f4b5c2714ccee5273ea9c1fcc7e18703f0271c94fc7bf169140f0a2e3d6d47a22be1b9e12172f8fabf0caeac4b5b7eb367fc53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe

Filesize
184KB

MD5
074b65936f9da93008089ce0b0e90b53

SHA1
94b9df25cbf34df06a4bf1fbf6470af7604e28e9

SHA256
85b6dbd05a435fadd314f7573693cf81588b339845b4ad054d498bddd119a9d1

SHA512
173e6226affc9c708a309683ebb96357dbcb614e4c43e26592e63db2702506a6dbe7deb937a4470cd2627d8147e194dbc493b2a82e116002ae6ffdb6ab7dc400

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe

Filesize
184KB

MD5
76fd3858f7bb10e934e71afb1072ef32

SHA1
f247d6a62e03774c2c13c52c00cfd1cdc3a0b5e6

SHA256
0fcff89985983fb48e4b5810312f696c654fc5a8aaab6757fe2835d30436f5da

SHA512
4d9b26f334a2993f3f07b6f962a481dacc3c4135de887f490f3fd3f1da2f060ce234a08a5b307dc34361a4d1a4f289ef38d296dcc71338f1d315ed500d9c8082

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe

Filesize
184KB

MD5
166147f44f4a98b3485dc77c52c78217

SHA1
e3349d34e27ed88e481478663bea393842ae632c

SHA256
ce1492d06a235420f93604f076b9bbef1c62f1ec9744e3ad209969f10235ccea

SHA512
f697280a7cdd06421efec814f34a8e2c7a7683bc03c64490edf166148f6efa90bd06e8dba383c7aa941385836b4e0ecc51dec03b6123f6bf5e648b352cdd3e64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe

Filesize
184KB

MD5
3a132f20064ca1dda9d53e8e58594247

SHA1
9a331972e42f46bf71b0f446834edc532e9e0b1d

SHA256
524ca31318091d60c2ec492ae6f9cd3bfbda805f9e72880a04540f1d286e9702

SHA512
2a24f0bb5d526e981a992981ca535b0e81e759cd79a4ef569d4e3319334b1971f8c92a657f6af3bd8f674d8c4a599b92d3e52c77c811a13817a202654d1ec595

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe

Filesize
184KB

MD5
bca17542f4c27c361506daffe09013dd

SHA1
4b09c3aeeb10754fcc27293575e01140c3d82022

SHA256
bc47328c34bad8341e4cddc6545487edfd6004057a9da9fe6a0fb5e4d01627b5

SHA512
24cf1f1fb5a1c6f6f291a869e701aba71276840db1a83989b17bd809174f33b480fceec46ca18bc3b2b6b7aca7a41bdffecd4d8d19e53d7153784428fddd6cbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe

Filesize
184KB

MD5
4ab76e75fe5e96b9f99c21c0af7193f8

SHA1
ce3bfb55400beb2e296f4d4523c599949312d610

SHA256
b3aefb520a9c00e73ce2e6fbcfc309909b399ac226c62501f1e0e0eb3eb81d89

SHA512
d6c29a65c54d10df5182c26486df929bb58efa032de874077287dc4bb34ef266fc30a79f8f43151e10769bd1366dbc753557911bf47a064a1c32c344625b64ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe

Filesize
184KB

MD5
b81d4a18bceabf0d4340edecc41eb294

SHA1
fe87b6e73ebdc60fb4b60f728f9c6fa73f7ddb1f

SHA256
7aef2c02fb4747dac2ede41d263ff833896a210606892bbab2a05e90efa0afe2

SHA512
89ac6fbd36cc4957b7ccd8c28c76bf22407477fba955bc96393eef2df4019ff0456bedbc00308c72f3b93ad3c6abb2940383a9e47b4dfbe2da10698c351057b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe

Filesize
184KB

MD5
2e339e4ce87fa1bdf85eb5906ad836fd

SHA1
43d5a08007825d6f48c0540c1bba28aeea13708a

SHA256
8e9d065f53ead1de4e1978a13199aacb1f1439fe1ba8aadb8b92137764bef346

SHA512
8d8fb49edfd82727377407d6f0d4674b78d60e600129b2b9cb2330d5ab30242e5b8f4dae2cbd61fdddb79bdb0340bede5a29d41158432ac1783875b5124c101d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe

Filesize
184KB

MD5
e519f81c30cfde2e496192bcdccfcfbe

SHA1
8aad31be6934bd66bfbd22d931afb0b9c06e2e60

SHA256
1782068bb342378da638bdd7b0af8ca48cf379865b1959000f19174f45d5bdd2

SHA512
f0e3fa9f2baf73a93d714a0d30b539836e52c439ac3ce80c20c45f209763d0c7e6ec48e69a976dd374e07202a6964c7021767fb93f931d867e89d7a2d8b31219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe

Filesize
184KB

MD5
a9ef3958411b8d375bddf8a27a9dadd8

SHA1
58463fb5ec65518fe0b42193ff5c2197c71f79da

SHA256
f825cc53396c9533e9895f1a2ae293d7b73128cf29d28f46776d9478d679fd58

SHA512
dc850f42c6d6d8d2f66f16f5fc0a30e91012b0362cbc158903fd5e82d681cf3cb7234832158ee4e84236bb31ecf80eb2c0b6a685dd745e75bcd69a1feadda05c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe

Filesize
184KB

MD5
a32975ef96f47ddd418d8a732cd299ae

SHA1
c1bf09b4f84a4397f8b052ee018a51a856af4922

SHA256
54ecfbb0e075b8594d5328f6ce83bbcd1b62caafed2bb6434c16a7e3cd76cf0b

SHA512
83ec52188c2799a8ae8ba41a7aa88832e3da218b70945f49431aa22a80b39c133a96c9eda18e05e4acb0e6818f52a5269c4c2a71b4176c7d47a7cbfc3e07acd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe

Filesize
184KB

MD5
28b79889cbd54f88adb99c2cc13af390

SHA1
0178839c2ca8389e3beca27417ea9a151de5877f

SHA256
dc93d7bac1f1da081a289b7f7d2289524c1263ef423c81056b6c8eac402c49ff

SHA512
a98d34e1177818c5c4b83909078abcc9bc6da81179c192e0b1667054ffa7fd45c9e16502598e1a2ccb714592ef8698a78efd6c812741917574b33866669278e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe

Filesize
184KB

MD5
073fee3c7a113c77e05f6eac05c84f71

SHA1
5a9387edb3db5707c315b4d9abe5b7a7e81bd05b

SHA256
bc1eee92ea8cfdf27bd3d11a1e6ccadebc0e9a005896a512ecef90606bd3ac59

SHA512
38eeb20d89962837b56b84c848d781ae8c795310dc4029aaccfee111f3a046c159be23aa42368fc15c15b60e8160cc249ff4c1e47d93234d117c06a2ac99508e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe

Filesize
184KB

MD5
6a1dc3ebe904ba0b5fcec96a82fa463e

SHA1
c125baf1e1b7206d968c100c8535ff78ac5cefd2

SHA256
9a60c1efde7840581e1eeae106614e2f5fd4f3a9a43cea873e242ff3302e6517

SHA512
6b6e4f5333418e8049ee12fa1d417ffaa30d167a4101f749d22515bd2ccbe65fd1d31c9e6c78ab3e1a906f204649b22e7f151d392de605250db5ff98d0ee22f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe

Filesize
184KB

MD5
0331e3532c5418aae6abdad3c6930ed6

SHA1
71c1694345c0e2207709819d6689a43a6fea4052

SHA256
6a8b83c0719fea3f5858887f1992cb182dd8965529818176ee43dfd7c77a4302

SHA512
f8fd5de8f15a3a9d5069a208cb3f8dfd37ffefd0243844a001efde4c62ea89fed02835145b8dee76ac30159f5f033aa4e581bfab2fa78691276eee78c8d8528b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads