d668f1f83b4617e9bc03792144967d7e303ebf86901b78a736c22c25a4d32d6c

Analysis

max time kernel
27s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
Size

192KB
MD5

ec9bbdb3c6b6eecb3e0c633e00e70861
SHA1

63fe48caf42602196598c7efa755415cbfd45d7d
SHA256

d668f1f83b4617e9bc03792144967d7e303ebf86901b78a736c22c25a4d32d6c
SHA512

c40791cbc8e087bd1d74aaa2008e359ff4c210eb90a53f3338d5b578a12c0659a5de4019bb3ed1463c0e801ecef09a0fa75c575e0b1cbcbf70312bb9155dd479
SSDEEP

3072:fLnJoJTCfjAgb9NFdpbDN898FGZ6rTfVe6Zxef+OM6luXpFT:fLJokcgb1dNDN8A9qK6luXpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 63 IoCs

pid	Process
2880	Unicorn-9259.exe
2612	Unicorn-64781.exe
2752	Unicorn-44916.exe
2580	Unicorn-53022.exe
2592	Unicorn-16244.exe
2284	Unicorn-36110.exe
3024	Unicorn-25519.exe
1552	Unicorn-5845.exe
2300	Unicorn-25711.exe
328	Unicorn-9374.exe
1748	Unicorn-55046.exe
1644	Unicorn-27792.exe
1524	Unicorn-7926.exe
2040	Unicorn-1375.exe
2708	Unicorn-17712.exe
2360	Unicorn-63876.exe
2024	Unicorn-31587.exe
1124	Unicorn-18205.exe
296	Unicorn-17105.exe
1412	Unicorn-29911.exe
1252	Unicorn-33441.exe
776	Unicorn-65464.exe
2004	Unicorn-35854.exe
1684	Unicorn-65189.exe
1004	Unicorn-4058.exe
1292	Unicorn-19710.exe
1556	Unicorn-32516.exe
544	Unicorn-48853.exe
2076	Unicorn-3181.exe
1680	Unicorn-6933.exe
2088	Unicorn-26799.exe
2288	Unicorn-10654.exe
1740	Unicorn-26415.exe
1936	Unicorn-39221.exe
2036	Unicorn-59087.exe
2528	Unicorn-56051.exe
1672	Unicorn-11998.exe
2740	Unicorn-40757.exe
2560	Unicorn-60623.exe
2652	Unicorn-12683.exe
2520	Unicorn-11230.exe
2428	Unicorn-57779.exe
2460	Unicorn-12107.exe
2492	Unicorn-8962.exe
2432	Unicorn-27759.exe
2816	Unicorn-8962.exe
1568	Unicorn-28688.exe
1660	Unicorn-24582.exe
1692	Unicorn-60784.exe
2392	Unicorn-12159.exe
1180	Unicorn-60784.exe
2156	Unicorn-24582.exe
1572	Unicorn-7369.exe
2776	Unicorn-8438.exe
2204	Unicorn-28304.exe
1160	Unicorn-20157.exe
3048	Unicorn-20157.exe
2044	Unicorn-20157.exe
2704	Unicorn-20157.exe
2028	Unicorn-20157.exe
2168	Unicorn-3820.exe
1120	Unicorn-20157.exe
2132	Unicorn-291.exe

Loads dropped DLL 64 IoCs

pid	Process
2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
2880	Unicorn-9259.exe
2880	Unicorn-9259.exe
2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
2752	Unicorn-44916.exe
2752	Unicorn-44916.exe
2880	Unicorn-9259.exe
2612	Unicorn-64781.exe
2880	Unicorn-9259.exe
2612	Unicorn-64781.exe
2592	Unicorn-16244.exe
2592	Unicorn-16244.exe
2612	Unicorn-64781.exe
2284	Unicorn-36110.exe
2612	Unicorn-64781.exe
2284	Unicorn-36110.exe
2580	Unicorn-53022.exe
2580	Unicorn-53022.exe
2752	Unicorn-44916.exe
2752	Unicorn-44916.exe
3024	Unicorn-25519.exe
2592	Unicorn-16244.exe
3024	Unicorn-25519.exe
2592	Unicorn-16244.exe
2300	Unicorn-25711.exe
2300	Unicorn-25711.exe
2284	Unicorn-36110.exe
2284	Unicorn-36110.exe
328	Unicorn-9374.exe
328	Unicorn-9374.exe
1552	Unicorn-5845.exe
2580	Unicorn-53022.exe
1552	Unicorn-5845.exe
2580	Unicorn-53022.exe
1644	Unicorn-27792.exe
1644	Unicorn-27792.exe
3024	Unicorn-25519.exe
3024	Unicorn-25519.exe
1524	Unicorn-7926.exe
1524	Unicorn-7926.exe
1748	Unicorn-55046.exe
1748	Unicorn-55046.exe
2708	Unicorn-17712.exe
328	Unicorn-9374.exe
2708	Unicorn-17712.exe
328	Unicorn-9374.exe
2024	Unicorn-31587.exe
2024	Unicorn-31587.exe
2040	Unicorn-1375.exe
2040	Unicorn-1375.exe
1552	Unicorn-5845.exe
1552	Unicorn-5845.exe
1124	Unicorn-18205.exe
2300	Unicorn-25711.exe
1124	Unicorn-18205.exe
2300	Unicorn-25711.exe
1644	Unicorn-27792.exe
296	Unicorn-17105.exe
1644	Unicorn-27792.exe
296	Unicorn-17105.exe
1412	Unicorn-29911.exe
1412	Unicorn-29911.exe

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
2880	Unicorn-9259.exe
2752	Unicorn-44916.exe
2612	Unicorn-64781.exe
2592	Unicorn-16244.exe
2284	Unicorn-36110.exe
2580	Unicorn-53022.exe
3024	Unicorn-25519.exe
2300	Unicorn-25711.exe
1748	Unicorn-55046.exe
1552	Unicorn-5845.exe
328	Unicorn-9374.exe
1644	Unicorn-27792.exe
1524	Unicorn-7926.exe
2040	Unicorn-1375.exe
2708	Unicorn-17712.exe
2024	Unicorn-31587.exe
2360	Unicorn-63876.exe
1124	Unicorn-18205.exe
296	Unicorn-17105.exe
1412	Unicorn-29911.exe
1252	Unicorn-33441.exe
776	Unicorn-65464.exe
2004	Unicorn-35854.exe
1684	Unicorn-65189.exe
1292	Unicorn-19710.exe
1004	Unicorn-4058.exe
1556	Unicorn-32516.exe
544	Unicorn-48853.exe
2076	Unicorn-3181.exe
1680	Unicorn-6933.exe
2088	Unicorn-26799.exe
2288	Unicorn-10654.exe
1740	Unicorn-26415.exe
1936	Unicorn-39221.exe
2036	Unicorn-59087.exe
2528	Unicorn-56051.exe
1672	Unicorn-11998.exe
2740	Unicorn-40757.exe
2560	Unicorn-60623.exe
2652	Unicorn-12683.exe
2428	Unicorn-57779.exe
2816	Unicorn-8962.exe
2520	Unicorn-11230.exe
2432	Unicorn-27759.exe
2492	Unicorn-8962.exe
1568	Unicorn-28688.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2880	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	28
PID 2856 wrote to memory of 2880	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	28
PID 2856 wrote to memory of 2880	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	28
PID 2856 wrote to memory of 2880	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	28
PID 2880 wrote to memory of 2612	2880	Unicorn-9259.exe	29
PID 2880 wrote to memory of 2612	2880	Unicorn-9259.exe	29
PID 2880 wrote to memory of 2612	2880	Unicorn-9259.exe	29
PID 2880 wrote to memory of 2612	2880	Unicorn-9259.exe	29
PID 2856 wrote to memory of 2752	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2752	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2752	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2752	2856	ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe	30
PID 2752 wrote to memory of 2580	2752	Unicorn-44916.exe	31
PID 2752 wrote to memory of 2580	2752	Unicorn-44916.exe	31
PID 2752 wrote to memory of 2580	2752	Unicorn-44916.exe	31
PID 2752 wrote to memory of 2580	2752	Unicorn-44916.exe	31
PID 2880 wrote to memory of 2592	2880	Unicorn-9259.exe	32
PID 2880 wrote to memory of 2592	2880	Unicorn-9259.exe	32
PID 2880 wrote to memory of 2592	2880	Unicorn-9259.exe	32
PID 2880 wrote to memory of 2592	2880	Unicorn-9259.exe	32
PID 2612 wrote to memory of 2284	2612	Unicorn-64781.exe	33
PID 2612 wrote to memory of 2284	2612	Unicorn-64781.exe	33
PID 2612 wrote to memory of 2284	2612	Unicorn-64781.exe	33
PID 2612 wrote to memory of 2284	2612	Unicorn-64781.exe	33
PID 2592 wrote to memory of 3024	2592	Unicorn-16244.exe	34
PID 2592 wrote to memory of 3024	2592	Unicorn-16244.exe	34
PID 2592 wrote to memory of 3024	2592	Unicorn-16244.exe	34
PID 2592 wrote to memory of 3024	2592	Unicorn-16244.exe	34
PID 2612 wrote to memory of 1552	2612	Unicorn-64781.exe	35
PID 2612 wrote to memory of 1552	2612	Unicorn-64781.exe	35
PID 2612 wrote to memory of 1552	2612	Unicorn-64781.exe	35
PID 2612 wrote to memory of 1552	2612	Unicorn-64781.exe	35
PID 2284 wrote to memory of 2300	2284	Unicorn-36110.exe	36
PID 2284 wrote to memory of 2300	2284	Unicorn-36110.exe	36
PID 2284 wrote to memory of 2300	2284	Unicorn-36110.exe	36
PID 2284 wrote to memory of 2300	2284	Unicorn-36110.exe	36
PID 2580 wrote to memory of 328	2580	Unicorn-53022.exe	37
PID 2580 wrote to memory of 328	2580	Unicorn-53022.exe	37
PID 2580 wrote to memory of 328	2580	Unicorn-53022.exe	37
PID 2580 wrote to memory of 328	2580	Unicorn-53022.exe	37
PID 2752 wrote to memory of 1748	2752	Unicorn-44916.exe	38
PID 2752 wrote to memory of 1748	2752	Unicorn-44916.exe	38
PID 2752 wrote to memory of 1748	2752	Unicorn-44916.exe	38
PID 2752 wrote to memory of 1748	2752	Unicorn-44916.exe	38
PID 3024 wrote to memory of 1644	3024	Unicorn-25519.exe	39
PID 3024 wrote to memory of 1644	3024	Unicorn-25519.exe	39
PID 3024 wrote to memory of 1644	3024	Unicorn-25519.exe	39
PID 3024 wrote to memory of 1644	3024	Unicorn-25519.exe	39
PID 2592 wrote to memory of 1524	2592	Unicorn-16244.exe	40
PID 2592 wrote to memory of 1524	2592	Unicorn-16244.exe	40
PID 2592 wrote to memory of 1524	2592	Unicorn-16244.exe	40
PID 2592 wrote to memory of 1524	2592	Unicorn-16244.exe	40
PID 2300 wrote to memory of 2040	2300	Unicorn-25711.exe	41
PID 2300 wrote to memory of 2040	2300	Unicorn-25711.exe	41
PID 2300 wrote to memory of 2040	2300	Unicorn-25711.exe	41
PID 2300 wrote to memory of 2040	2300	Unicorn-25711.exe	41
PID 2284 wrote to memory of 2024	2284	Unicorn-36110.exe	42
PID 2284 wrote to memory of 2024	2284	Unicorn-36110.exe	42
PID 2284 wrote to memory of 2024	2284	Unicorn-36110.exe	42
PID 2284 wrote to memory of 2024	2284	Unicorn-36110.exe	42
PID 328 wrote to memory of 2708	328	Unicorn-9374.exe	43
PID 328 wrote to memory of 2708	328	Unicorn-9374.exe	43
PID 328 wrote to memory of 2708	328	Unicorn-9374.exe	43
PID 328 wrote to memory of 2708	328	Unicorn-9374.exe	43

C:\Users\Admin\AppData\Local\Temp\ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec9bbdb3c6b6eecb3e0c633e00e70861_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        8⤵
        Executes dropped EXE
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        8⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        9⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        7⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        7⤵
        Executes dropped EXE
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        7⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        8⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        6⤵
        Executes dropped EXE
        
        PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        8⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        7⤵
        Executes dropped EXE
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        7⤵
        Executes dropped EXE
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        9⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        7⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        6⤵
        Executes dropped EXE
        
        PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        7⤵
        Executes dropped EXE
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        6⤵
        Executes dropped EXE
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        6⤵
        Executes dropped EXE
        
        PID:1180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        8⤵
        Executes dropped EXE
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        8⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        7⤵
        Executes dropped EXE
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        7⤵
        Executes dropped EXE
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        6⤵
        Executes dropped EXE
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
        7⤵
        
        PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        6⤵
        Executes dropped EXE
        
        PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        6⤵
        Executes dropped EXE
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        5⤵
        Executes dropped EXE
        
        PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe

Filesize
192KB

MD5
a8fc623806ae6bbfca1c42ead613ea4d

SHA1
f61aa0696e5d4abb832188ee948b3e72346856a6

SHA256
277f37bce0e5f9fd7f667b95a9e7e8f5c17cb01fde3f51bf3ade3962025b197b

SHA512
99a4892ee31e735f561a1778ae1299c15afcacaae7d9caac5f05dde46e621e70f9e7c99076a2bab878b021d245ab3fe7760f99ae2d7f29dfc6914f9c9c7df5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe

Filesize
192KB

MD5
e22b14d079f394857a9bd00990e616e5

SHA1
17c1d58482b6565acf54be6e926acf4724f614d3

SHA256
4797b64cdc48bcd5a31fc256e932feef8cbca5c5a83b2ebc72cc237a7b545c90

SHA512
0f2e3723f5380b058d48cb966c18ab60de07acaa0fd038a0e02990963f1c2965cd7a8a5f83aee84ca23f4b7370b86480c559028284b3f96760589d97d70416b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe

Filesize
192KB

MD5
cfa95a5b213dbaeb2b099d6180455e6b

SHA1
1f0f11e1b320afa13ae5e9656de58309a8823a2b

SHA256
8d58401354da00098b56b11e8cad050b0a4f9dfe09246245d680a3212093c8a9

SHA512
34ad645dcc8d95a16439bc839bdcdc1f162e76a9e3093851adb70a14ab2a5f7083469cb743ca7b869bd278dd8ebbff3513e3b04317106f7eacaaac721943218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe

Filesize
192KB

MD5
00b1aebfe176c4b941d50a2735360720

SHA1
88da2a331e5c3d8842dd97d7161a3473f41fd646

SHA256
e77d92a8eb08b57d468b7fcd7cae86f450721ac9f5d98013c7a970fd128fe90f

SHA512
448d6777ca9899fb765cdad1b9e7b281734c596cfe9cf675daf79bf31441fbc85812a385a3901b895253f85095bbb88ee39c778c01f99c37d2725a4b359249d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe

Filesize
192KB

MD5
1bfcfc95fad74e08a0f4c24a93597db8

SHA1
0fd08c6c00db65c1640aa0e8ed90ca4481818985

SHA256
813cb78189291a2cc9b90a4e8c809635ebc181b01e3753228c815c044614b034

SHA512
112bfa5068cef7a8c55130c830ad1db050a77ebde700ae2ae07bddc9154d2bd8bc7797a5196ed0fb79c9eaa7b1111f4f722dfa083c9aababc43f06728347bf9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe

Filesize
192KB

MD5
c89f3735013a7d7a51a8bdada2ee2320

SHA1
cef754c6417275bc8b60c6d81654b153f5054855

SHA256
7e367c446f0e39f17fdec73837544de78b12b793f324093cbec3844921c0359c

SHA512
334debf58c7b836e777994e9fbc70cfcbab140fbef249b76bbb0625c780bfe144d6f6e311a85c0c390f7375ea555d48bd01a7e38df33e982fe18e1e4bf472500

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe

Filesize
192KB

MD5
200f053cfa22bef9f59b3080c9ca3687

SHA1
8f90235ce650bf8ac451b8a1130eaa67172bf375

SHA256
a78d6d05ed7108e0bf875ead9be34138b877652b241c4636ce5714e5da0bbe99

SHA512
4f625d5f9f502697b3369f1db0ebfb7af0ffb05f7e0aefbaf32b48a1832213dfe46a164fe9ced38df71022093f7d44ac33101b2be8af25016cb256038d318f38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe

Filesize
192KB

MD5
5bc9d30c477bef5311d6a5dfa357e143

SHA1
ef3d6ab5586390e6c5f45fb87b79a257e157132b

SHA256
47e23b61681750502e8f4ccab278158aa5b2756dce797f018c30eac267e02a05

SHA512
00c179ca8d59e814c76978debc5ae439af97333d8a190afe4a073ee129edc4c37af9ffaaf779685e32b10b678b2158f3cbbbdc14c5a1fe2c4029e54ca6fa9b79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe

Filesize
192KB

MD5
3adb0edae7bad8424c26774e03e26221

SHA1
f51ca4aa3a4f502ac1ad826c39cc3f47602c00b3

SHA256
80f49a1aacc3e87d5e71d1ee2ff211ee27eb65c2a0be15e670a497aa3826decb

SHA512
879d77058b236822d3d5fd5a785079cd9b4c7d403e8f08abfc02e0084e9f312492d6e88929e2254876ab09f8d4f72694feaac68389c9c70c1efc840642487e9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe

Filesize
192KB

MD5
0932837403af3da51df940fda05e359f

SHA1
0627d3cad301bb7270009e6ca5bd3c29e75d35bc

SHA256
b35b01b4fb954a1c7aa2424e25c8c7c5862b3fc06c8cfd35afc27ce6750ad187

SHA512
cf20659c0ebb53140581706f209838772e7ef74224b930dd7df9004595d369528a0cf6f725b2456ff031a5aa888464380bcfcfd26dd0fdc984a56b6f7c2e166c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe

Filesize
192KB

MD5
33d16db744fe8cb4bca1111ba8e010aa

SHA1
24d5495e770faa6e7dc043112e67577f6a9107e3

SHA256
6256df70024c28d8f0e670d3df5737eb8c715b53b73e26245965194d4d8005e8

SHA512
3c6048f3bf29283fe05b39ae2c0d1b4d7d0efaddff0264a6a26f95771eeb8d2e33bc5bbc9882f6134eff08bccc7a5f773c4807c4b605efe7173101f7759c8a81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe

Filesize
192KB

MD5
5cea736593bf673e07da64a4ef9c184c

SHA1
c698960aadf2c01660f7e4c868f0ee420c7b2ccf

SHA256
1a5b32f26f6652eb7ad55306934204d0e23d887625e5ae7d90e63f86e4c06de7

SHA512
0bdcf0956739cf85b2364579fcc425b1a034968eb397e93457e11dc88ddee9f53e2aae4c76e4fc5f5f5498a619fee2267c2c01c0ff23d68515f40e39ca28f80e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe

Filesize
192KB

MD5
18c198e258c5ec26d07a07f507ab38aa

SHA1
e7a3ba5eb6e66da5f8e813bf0d939e2dfb2c0b26

SHA256
ae1a91b695cf60152da613506f0c60476dda02215da5cc47fbacfe07a24367ea

SHA512
45e2cd01f7a6a4a8e074b627c18556bcdd9c847fe0a9c1dba11dd26a29b8ec84857933ef7f62679b1cc47d90cdb4137f46b6fa1b42fb9966b64d5a412a882f3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe

Filesize
192KB

MD5
71536434a2443cb94e50333199bdfac3

SHA1
f3352fc8f7777253b876c257d68a24a14700bb5b

SHA256
017e8ff56a1cd4b613f2fc371b383bcd675a0cf57a3b9d0ab2e50a7b2eb40612

SHA512
d796dfb46ee615db8ef732b7e692a263fd72f789b9651611659eff75ac1a3401bf1ece9f2966a6dd1948e5c66c1765acaea309d5071c318636ee6a22a5dc0a82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe

Filesize
192KB

MD5
50399adaf50a7f37eaffbf1d1cd4e1ce

SHA1
1953276b059731b9e56bba7bfe0b235ce7da9426

SHA256
5dc8bd26c70110f5d8209818022d00556e28ab8cdc69214ab0bea665774833d3

SHA512
f491eab7a1317854d2e8948ed175844a832af623841d5f9eb812f83df5689db457ccc1d7a5c4e6abc518517c03f5b9a6958f72464fe7763f580a688bf631ff7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe

Filesize
192KB

MD5
f2ede3e50bd2512fcc3ac41be957aee3

SHA1
19b8d34de509495276901a92bd1dcb7e16babffe

SHA256
4a319fe0a289552a1d5cd6d6a7415f374cde5303be95aa20e98dcd66bfb24b42

SHA512
adc41e3b3fd334fa6b42f0cbe532519407269ee0e9b32941b220bbd10abd6627742961e3017d4571bfbcd0360be028a0fceb2004c2dc937b46d0063bfc03d824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe

Filesize
192KB

MD5
15da49c3787516f35ce48434e44f0245

SHA1
c51842b8ce870c9f4f215e9ef07afb97f8d96afa

SHA256
4a63389c540a79d15b06dbd1a60ef7d5004fd5c74ae4b9007b425a1af716c08e

SHA512
4efa6e754a2759e2ceda036673cc749e26d4bde32b32eca2313b5b3d84092611a765eef89c3e285f853d251ff8368a45b98c6f66bba832ada3e1f30d2fa3013e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe

Filesize
192KB

MD5
fb53b53a55470946f48ffb21c48478da

SHA1
b53816d6254a05ce3fc1aabb95eaf7afbb58bc26

SHA256
ca005ef87b29fddbe1ffbe29c13fccae51d6b039ff66bb478eaa61d1a37d63a4

SHA512
9f3453ed74083180ee76a1e8d7acf9a2f8064154b8fa29051cd94689ce68f92b34f64cac578a0ea1990850d0bc490e550de99375bc76361f5f32286a4fc1f26a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe

Filesize
192KB

MD5
e99692741b4a7ffc630e3aef8842ac96

SHA1
4c65cf6d79c8bcc3cbb8823e5b4e83391cce0877

SHA256
9bfb6b53f2f3e68a8215d6747e4c6b1959b28fb161f67a964789d90a1094709c

SHA512
ff4170959e30f7eae21b925a2d542d20920a02239759f9dd273e699117f69ae92ed64f816515030c0d53151e880cb282d0107d780bb2e63f0cb02f17c9b55de8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads