3bb0b1581c26b93e003e892dcf764b699c14ce6620aa87a0af7a0882533daa59

Analysis

max time kernel
43s
max time network
125s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
Size

184KB
MD5

ede4eca1a141caec8f89452a0a74ed3b
SHA1

f57962050b2b7ac8f617cfd46708664602c3da48
SHA256

3bb0b1581c26b93e003e892dcf764b699c14ce6620aa87a0af7a0882533daa59
SHA512

5c8930a02b01a328378bcde5c7910fe5465b2ea5ec33df584fb11604f3b1accc59d912b3948248095fd0fea5fe11d84798eb1c3232c463c839071e85bbab61f8
SSDEEP

3072:p66Kom68N+wQnHjeMBoDDJSQHSPMiGIhk+xm+ETNxlv1pFq:p6roQ7QnKMCDDJebaZxlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 44 IoCs

pid	Process
1708	Unicorn-63099.exe
2996	Unicorn-41200.exe
2528	Unicorn-33586.exe
2544	Unicorn-4609.exe
2724	Unicorn-1272.exe
2444	Unicorn-29306.exe
2496	Unicorn-12318.exe
2592	Unicorn-4918.exe
1500	Unicorn-25531.exe
2644	Unicorn-5665.exe
1272	Unicorn-17917.exe
2752	Unicorn-4207.exe
2408	Unicorn-17206.exe
1296	Unicorn-37818.exe
1224	Unicorn-28904.exe
2944	Unicorn-8976.exe
2196	Unicorn-8099.exe
1984	Unicorn-50201.exe
2904	Unicorn-30335.exe
2140	Unicorn-12889.exe
400	Unicorn-57985.exe
944	Unicorn-28842.exe
1552	Unicorn-29994.exe
592	Unicorn-26464.exe
2108	Unicorn-1405.exe
676	Unicorn-33502.exe
3020	Unicorn-37586.exe
2760	Unicorn-34056.exe
1456	Unicorn-58198.exe
1948	Unicorn-50030.exe
1624	Unicorn-30164.exe
1792	Unicorn-46693.exe
2988	Unicorn-16839.exe
1776	Unicorn-16839.exe
2928	Unicorn-16839.exe
2992	Unicorn-62510.exe
1592	Unicorn-62510.exe
2380	Unicorn-37451.exe
2548	Unicorn-49682.exe
2684	Unicorn-20731.exe
2740	Unicorn-12562.exe
2244	Unicorn-11851.exe
2756	Unicorn-20766.exe
2416	Unicorn-58940.exe

Loads dropped DLL 64 IoCs

pid	Process
2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
1708	Unicorn-63099.exe
1708	Unicorn-63099.exe
2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
2996	Unicorn-41200.exe
2996	Unicorn-41200.exe
1708	Unicorn-63099.exe
1708	Unicorn-63099.exe
2528	Unicorn-33586.exe
2528	Unicorn-33586.exe
2724	Unicorn-1272.exe
2724	Unicorn-1272.exe
2544	Unicorn-4609.exe
2544	Unicorn-4609.exe
2444	Unicorn-29306.exe
2444	Unicorn-29306.exe
2996	Unicorn-41200.exe
2996	Unicorn-41200.exe
2528	Unicorn-33586.exe
2528	Unicorn-33586.exe
2724	Unicorn-1272.exe
2724	Unicorn-1272.exe
2496	Unicorn-12318.exe
2496	Unicorn-12318.exe
2544	Unicorn-4609.exe
2592	Unicorn-4918.exe
2544	Unicorn-4609.exe
2592	Unicorn-4918.exe
2644	Unicorn-5665.exe
2644	Unicorn-5665.exe
1500	Unicorn-25531.exe
1500	Unicorn-25531.exe
2444	Unicorn-29306.exe
1272	Unicorn-17917.exe
1272	Unicorn-17917.exe
2444	Unicorn-29306.exe
2752	Unicorn-4207.exe
2752	Unicorn-4207.exe
2496	Unicorn-12318.exe
2496	Unicorn-12318.exe
2408	Unicorn-17206.exe
2408	Unicorn-17206.exe
2196	Unicorn-8099.exe
2196	Unicorn-8099.exe
1500	Unicorn-25531.exe
1500	Unicorn-25531.exe
1296	Unicorn-37818.exe
1296	Unicorn-37818.exe
1984	Unicorn-50201.exe
1984	Unicorn-50201.exe
2904	Unicorn-30335.exe
2904	Unicorn-30335.exe
1272	Unicorn-17917.exe
1272	Unicorn-17917.exe
1224	Unicorn-28904.exe
1224	Unicorn-28904.exe
2944	Unicorn-8976.exe
2944	Unicorn-8976.exe
2592	Unicorn-4918.exe
2592	Unicorn-4918.exe
2644	Unicorn-5665.exe
2644	Unicorn-5665.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1620	1624	WerFault.exe	58

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
1708	Unicorn-63099.exe
2996	Unicorn-41200.exe
2528	Unicorn-33586.exe
2544	Unicorn-4609.exe
2724	Unicorn-1272.exe
2444	Unicorn-29306.exe
2496	Unicorn-12318.exe
2592	Unicorn-4918.exe
2644	Unicorn-5665.exe
1500	Unicorn-25531.exe
1272	Unicorn-17917.exe
2752	Unicorn-4207.exe
2408	Unicorn-17206.exe
1224	Unicorn-28904.exe
1296	Unicorn-37818.exe
2196	Unicorn-8099.exe
2944	Unicorn-8976.exe
1984	Unicorn-50201.exe
2904	Unicorn-30335.exe
2140	Unicorn-12889.exe
400	Unicorn-57985.exe
944	Unicorn-28842.exe
1552	Unicorn-29994.exe
592	Unicorn-26464.exe
2108	Unicorn-1405.exe
3020	Unicorn-37586.exe
676	Unicorn-33502.exe
1456	Unicorn-58198.exe
1624	Unicorn-30164.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 1708	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	28
PID 2324 wrote to memory of 1708	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	28
PID 2324 wrote to memory of 1708	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	28
PID 2324 wrote to memory of 1708	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2996	1708	Unicorn-63099.exe	29
PID 1708 wrote to memory of 2996	1708	Unicorn-63099.exe	29
PID 1708 wrote to memory of 2996	1708	Unicorn-63099.exe	29
PID 1708 wrote to memory of 2996	1708	Unicorn-63099.exe	29
PID 2324 wrote to memory of 2528	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	30
PID 2324 wrote to memory of 2528	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	30
PID 2324 wrote to memory of 2528	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	30
PID 2324 wrote to memory of 2528	2324	ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe	30
PID 2996 wrote to memory of 2544	2996	Unicorn-41200.exe	31
PID 2996 wrote to memory of 2544	2996	Unicorn-41200.exe	31
PID 2996 wrote to memory of 2544	2996	Unicorn-41200.exe	31
PID 2996 wrote to memory of 2544	2996	Unicorn-41200.exe	31
PID 1708 wrote to memory of 2724	1708	Unicorn-63099.exe	32
PID 1708 wrote to memory of 2724	1708	Unicorn-63099.exe	32
PID 1708 wrote to memory of 2724	1708	Unicorn-63099.exe	32
PID 1708 wrote to memory of 2724	1708	Unicorn-63099.exe	32
PID 2528 wrote to memory of 2444	2528	Unicorn-33586.exe	33
PID 2528 wrote to memory of 2444	2528	Unicorn-33586.exe	33
PID 2528 wrote to memory of 2444	2528	Unicorn-33586.exe	33
PID 2528 wrote to memory of 2444	2528	Unicorn-33586.exe	33
PID 2724 wrote to memory of 2496	2724	Unicorn-1272.exe	34
PID 2724 wrote to memory of 2496	2724	Unicorn-1272.exe	34
PID 2724 wrote to memory of 2496	2724	Unicorn-1272.exe	34
PID 2724 wrote to memory of 2496	2724	Unicorn-1272.exe	34
PID 2544 wrote to memory of 2592	2544	Unicorn-4609.exe	35
PID 2544 wrote to memory of 2592	2544	Unicorn-4609.exe	35
PID 2544 wrote to memory of 2592	2544	Unicorn-4609.exe	35
PID 2544 wrote to memory of 2592	2544	Unicorn-4609.exe	35
PID 2444 wrote to memory of 1500	2444	Unicorn-29306.exe	36
PID 2444 wrote to memory of 1500	2444	Unicorn-29306.exe	36
PID 2444 wrote to memory of 1500	2444	Unicorn-29306.exe	36
PID 2444 wrote to memory of 1500	2444	Unicorn-29306.exe	36
PID 2996 wrote to memory of 2644	2996	Unicorn-41200.exe	37
PID 2996 wrote to memory of 2644	2996	Unicorn-41200.exe	37
PID 2996 wrote to memory of 2644	2996	Unicorn-41200.exe	37
PID 2996 wrote to memory of 2644	2996	Unicorn-41200.exe	37
PID 2528 wrote to memory of 1272	2528	Unicorn-33586.exe	38
PID 2528 wrote to memory of 1272	2528	Unicorn-33586.exe	38
PID 2528 wrote to memory of 1272	2528	Unicorn-33586.exe	38
PID 2528 wrote to memory of 1272	2528	Unicorn-33586.exe	38
PID 2724 wrote to memory of 2408	2724	Unicorn-1272.exe	39
PID 2724 wrote to memory of 2408	2724	Unicorn-1272.exe	39
PID 2724 wrote to memory of 2408	2724	Unicorn-1272.exe	39
PID 2724 wrote to memory of 2408	2724	Unicorn-1272.exe	39
PID 2496 wrote to memory of 2752	2496	Unicorn-12318.exe	40
PID 2496 wrote to memory of 2752	2496	Unicorn-12318.exe	40
PID 2496 wrote to memory of 2752	2496	Unicorn-12318.exe	40
PID 2496 wrote to memory of 2752	2496	Unicorn-12318.exe	40
PID 2544 wrote to memory of 1296	2544	Unicorn-4609.exe	41
PID 2544 wrote to memory of 1296	2544	Unicorn-4609.exe	41
PID 2544 wrote to memory of 1296	2544	Unicorn-4609.exe	41
PID 2544 wrote to memory of 1296	2544	Unicorn-4609.exe	41
PID 2592 wrote to memory of 1224	2592	Unicorn-4918.exe	42
PID 2592 wrote to memory of 1224	2592	Unicorn-4918.exe	42
PID 2592 wrote to memory of 1224	2592	Unicorn-4918.exe	42
PID 2592 wrote to memory of 1224	2592	Unicorn-4918.exe	42
PID 2644 wrote to memory of 2944	2644	Unicorn-5665.exe	43
PID 2644 wrote to memory of 2944	2644	Unicorn-5665.exe	43
PID 2644 wrote to memory of 2944	2644	Unicorn-5665.exe	43
PID 2644 wrote to memory of 2944	2644	Unicorn-5665.exe	43

C:\Users\Admin\AppData\Local\Temp\ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ede4eca1a141caec8f89452a0a74ed3b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        8⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        7⤵
        Executes dropped EXE
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        7⤵
        Program crash
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        7⤵
        Executes dropped EXE
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
        8⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        6⤵
        Executes dropped EXE
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        6⤵
        Executes dropped EXE
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        5⤵
        Executes dropped EXE
        
        PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        7⤵
        Executes dropped EXE
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        8⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        6⤵
        Executes dropped EXE
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        6⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
        8⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        6⤵
        Executes dropped EXE
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        5⤵
        Executes dropped EXE
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        6⤵
        
        PID:332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        7⤵
        Executes dropped EXE
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        6⤵
        Executes dropped EXE
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        7⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
        6⤵
        Executes dropped EXE
        
        PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        6⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        7⤵
        
        PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
      4⤵
      Executes dropped EXE
      PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe

Filesize
184KB

MD5
53c3e7cd3dc4bc538fa98b86c7c36d3c

SHA1
bcabb039164998c718805dfd42ec37f27003e38c

SHA256
cd7e78523fd80224fd639bdb9df9383e6f29e4943e430261a0f5afc9b1fd0d36

SHA512
01bd65fb417403c5315ac1f38a3427df4d7a665b2d5c5adc1815798308dded7ff56f6ff072e13827b68bda9c633323f7dc4bdd9ac190b9e7afc8c599a0a20f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe

Filesize
184KB

MD5
799ad9b3f1dc5d3a29891032788e3126

SHA1
33805a8f41c99c349e35b55f2a9b6cc34ffaa90c

SHA256
9750f0c3e1cccb0d44cb1b4156281b409f6505e306d3f7eef259d019638d145c

SHA512
f9713b5330263f045479ccf2b38203be9c89f24f34361fce0a8a924ac412f0a35d5a6037b796f4fce1957151f9d1e0173fef2d5cf8fdaed438efa854a3e3328a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe

Filesize
184KB

MD5
d8af6c554a5933d61cea0f22d4073a19

SHA1
260dd4c2e323acf1b7ccbc9a84a40fa59496e583

SHA256
a6349f666fc0185442f288ae393ef12bb521728b5b0ea2992f36562d0ccf0c11

SHA512
59a6455988e9bc1c4d68a1d906edfba3237241e4ffa57c4e857c54fb446c421e148f70bed24e213baf8d1e6609aabeca01eaa4ba91f9e5e233819226d8b66a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe

Filesize
184KB

MD5
299cabf65e12f2ee58bb798396edd414

SHA1
8d2c2e440d84a11e49b4d844ce8f291e4109012d

SHA256
9b8eef059e222bae22b02244f35d0bb3244d7d8eecf717be515c0abe03d7ede3

SHA512
1626c4b68029af962b2bcaf6a8dce094dd5fc7c00189eb7cbf393eb972bbf716881191bd811c3e4c6526c332b8a9847f4d9923ef323bcfd6930ea211e3c38d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe

Filesize
184KB

MD5
f7ec2c3cd6490b3e03de96cc3ffb4f13

SHA1
d6e46fda5eb4c3d668b1bb558412b948f99a3fd3

SHA256
6b420743c470a7e9cc2f8e5cb5c70cb8a0243ab8bb75a670ba4f51f410f9f003

SHA512
36bca4c64e83cd5c84582cc594824b79447468e24b821316de134cc0ee22f9da680f96ae3c75a47f79445e0f7a1b0915a90ee5ed014ca4bbdc4d1693f1d21de2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe

Filesize
184KB

MD5
4ab8c7341b9ca68b00991fbdc5a48e46

SHA1
287b0fdb5350aa6f21229c89409fa6d0042179f1

SHA256
0b9a9d053c5f9f371ca8c396040c32b735cd8bada3cbaf95b77518d2a8acb6dc

SHA512
30b3093fda48a7b56485cf9b3f5562812645cc766ee76c3487fdb7592365652aeb1ac86589d6b92003583ce7a1f3d9a5b8f5986b0efdc2367bec0449530c6dad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe

Filesize
184KB

MD5
cbb98b9b8143aeea661c09dc25c9a7ba

SHA1
110b70927e2ba0a370175738faa5f7aa7062c389

SHA256
8fdec19b44d707600eeb706c06987811c507bc4847c4ac5769d3d67ec149a906

SHA512
d17da01d75abccb660bb172a4f03d5da977c9d24dd21f423d65e5f3dd5e4af12940f8ee5d05ec0b054d8c727fba6149ba25baea27e38c9089e2307d7801827ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe

Filesize
184KB

MD5
a1ecf56b0c6a4c5d85448a368d008845

SHA1
39bb3e8261dfe49d5f49f621a44cd88b3b07b565

SHA256
69824086d9333f7b0f71f49729329898d73ac40a51e205dfbdabb338348d9656

SHA512
54b3eb4446eeb4ebc898834d3f4ed9c29778589302064143da1a6044d72da38348deba86be3e33ceb03d0150c97b3f944869134fa72923ccdebf320ea32f4af1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe

Filesize
184KB

MD5
f4162975a453da2d43daae567fed5b5e

SHA1
66b6d178385677fb30fef8395625a678a492fad7

SHA256
9661ea6e0f30a0ca51cdd126bc653a6a1577a463551202f4b91545f60adbf485

SHA512
f5f9d1218e43c6745ef94a771f2caabee082613224dab145680e328b5ac8bd771ed9ee783a4fa64cb5058973daf54860533230b61bb9d8ed81cf66c03f0aa578

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe

Filesize
184KB

MD5
80bf7aed4bf957b8f3f99fda750cc840

SHA1
6a68f29eec3c3f4c28250036f0dd5374fb8c4c36

SHA256
956bd52c3daa531d44966593bbab7d7c91bcbfec3097d19d0f95ff4ad74d8fc8

SHA512
4fc31f62aa3d3b5eb204e7cfdc3980e217ec84bfd01fbdc1a7e1f7df1e7362234c9a642bb07f6fd7b6f0f6e227e2934bb1933a5ad742a43074d9d6bd5ea40a77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe

Filesize
184KB

MD5
979fc8256438f250d4d103aacc0a004f

SHA1
e4302ae94e336127b8d1b5e627aea61056b8c62a

SHA256
b0daa4bae57b8dbd0b4a2501b230c4028783093068525132ef8bfa03969cd619

SHA512
2102bd36ce1e55a00893075401cd5cc34e236e12ebf1ccb914f82a40e493111eeea3cd86b0d9630da9fac412c7f39c6fe431d81ea5d721965c1e72f26f7fea82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe

Filesize
184KB

MD5
091b0335be9acfafb507336ad726698a

SHA1
43e92f79579e27305ac28942151b5aab0e96f91c

SHA256
887742ce9e7efdd8144d26f5417c1d2acd599d6ac1af8003c030e74b9785137f

SHA512
483d723f65f8a9bd6f454fba7d5300cd75bcd4af2260ea0732b1d5a637f1dd6ca61c1937791d616cac785edcc4910db3a7ec3d09f41d5a44e6aebbcd2e83ee06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe

Filesize
184KB

MD5
15072e9b83689c9aa570d8eab9a5ecf0

SHA1
f3a61e11003297ea664480b1074418aae248f489

SHA256
feb58c347e2a5800545d87326daa959ec6d99c5c7f0f5c509a859a256509b4be

SHA512
e85a217f2457a66b79acd0d7d2157451d29d637afb1e4f6f1afb9c474bddac33661289c41c04e9363df9ca1899f08152ede0c468b366b109b747be98daeb5633

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe

Filesize
184KB

MD5
31f9c7c73ed7895f9060a54555796a11

SHA1
0a0ae685ad3d4328bba845b3fff97d2d23e759a7

SHA256
aa375f13e284e135cd746759777ef67a219c175d29e90302b832d5d343a63cb3

SHA512
0c94f6902e8a1669a4ac63d326f4d77ecc5bcb36cece201df87ea10abd87e1ee022d1e390ea799b0f4796cb40e19bb863d0bce9933f7a9ac4507e9567fa592a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe

Filesize
184KB

MD5
982a9f23a432fcb6b2ae2e3213100d46

SHA1
94a7b2475c6b3b2c112ebe97af0f62bc496f2b38

SHA256
8592068e297a2ba99012325116a960c2753ea7fa4ef3e6607d107f4661f3de94

SHA512
7eb3c158cb7081be1a8d682aad2df91fa293dd374a0491e4cf7f8b4ddbee383351fdfd111c4fd5e98cded7c7034a5946b8b1d79a1455512b0e501a1cb9cca1ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe

Filesize
184KB

MD5
37c821a1f7561333df609199f194bac8

SHA1
f81ddc763ed100a8aa5dca27edfe43e2a63679a0

SHA256
a57a2ae09bf9c8d2dc93910806388bfd6f67b0f850f7a55e43d225554f9f86be

SHA512
74473f3dab32821fc77fb58e791f74a8d925d6dc1742b1e76cf95df0268cfc086907e139a344f55356b1dd87c002dfc77d032980af4f351385e45cb4e2ccf834

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe

Filesize
184KB

MD5
d8786200e31d7008223d63036d9d6fb0

SHA1
fcf4798c7d95f338ff76ee97c3bdca6b709ff737

SHA256
76d6003d83067516487c390e1963483541a1e568159711255379c98299f79e15

SHA512
4d0837fbb1b202a45b2c8936cddbf93e371d3ece8b574fe528b3d7eb50716375d9a38802f7c015aea7a0c0f8fdf2f11051235f15bd35e16d0e5efe2448c2b162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe

Filesize
184KB

MD5
87a1243c47bf8caf2ac3c8c0c4b70062

SHA1
1f204c83aa1a75a464c44cde163d0993013ce793

SHA256
987df76f27c018b7a9641e0f8671e5fe3f454b135b25cc3aa88b42d3e8c67099

SHA512
db6f5f1e83e3470d3efad866741cc02438fa639c995de7d20de90f6d7a18a743168a33c58b42e3208284ae73310756fa0b4401c4d791c62b22a5a2240b9855c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe

Filesize
184KB

MD5
d8e08fbfa5c82e77ceb8375237fc3445

SHA1
6fa6d95e39470116666e52a752c7504f37682919

SHA256
b5b376be1175ca56161f8ebe2e4867dc84f2e06a162a5888ffd5432959aa56ba

SHA512
39d554c79cdae2332b246aa89d461105ffd1443c81a7ef235252beecc69885a18ceba661adc4edc72ca67a2c72ff000f71ace12746381d7b2a62a11c89faf582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe

Filesize
184KB

MD5
d5453dd2958e548a7859144dbeec2f31

SHA1
2e31f9d6b089bf53b564ae9bc7dcd2557a6d2437

SHA256
54b7f0598b3ee6762206e87b69c3299145935cde2edbff696647da7c2ff918c6

SHA512
03c83e6c16c7ee32e5d0b9989a62df766caadeacbde9d1664bae4f46865b83cb12ac8afefc28e8c3cdf28f4d023eee8dac7f2643ee4dde3588770eac8eb2c360

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads