7b14d2eb1b241fb685da3aa9acb2bc23c41a87a06466d68474b547c2233481f6

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 00:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
Size

184KB
MD5

efed2cbd55677e3693b972d0fc9ddc71
SHA1

8b852a81bf416b88b01b134857f9bc1282a53561
SHA256

7b14d2eb1b241fb685da3aa9acb2bc23c41a87a06466d68474b547c2233481f6
SHA512

295b51e75852419625e0b7add78270da87de07e3769ca9050a229f4a73668f3f5c69972547dcf091a7dbc62b9031eac5b3d7b72d4b02e5c4f6d05aafc594e281
SSDEEP

3072:CisN0omknb/wZTHNXNqtDlgSQLZZMGTIgklxmOZTgAlv1pFO:CisioHIZTVNaDlgl0a9Alv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 41 IoCs

pid	Process
2416	Unicorn-5024.exe
2916	Unicorn-191.exe
2904	Unicorn-46943.exe
2512	Unicorn-13459.exe
2712	Unicorn-41533.exe
2468	Unicorn-48026.exe
2996	Unicorn-41237.exe
1300	Unicorn-60598.exe
1284	Unicorn-62866.exe
636	Unicorn-40504.exe
2792	Unicorn-30412.exe
1948	Unicorn-1609.exe
1952	Unicorn-4541.exe
1644	Unicorn-50213.exe
2624	Unicorn-55781.exe
1772	Unicorn-5432.exe
2276	Unicorn-30259.exe
584	Unicorn-13289.exe
436	Unicorn-7185.exe
964	Unicorn-27051.exe
1484	Unicorn-16180.exe
1464	Unicorn-18763.exe
2164	Unicorn-7608.exe
1388	Unicorn-17543.exe
2536	Unicorn-39646.exe
2472	Unicorn-13635.exe
2340	Unicorn-38009.exe
2640	Unicorn-40159.exe
2356	Unicorn-57267.exe
2796	Unicorn-52606.exe
1332	Unicorn-57420.exe
564	Unicorn-18934.exe
1908	Unicorn-26755.exe
2636	Unicorn-46509.exe
1144	Unicorn-36011.exe
860	Unicorn-42654.exe
768	Unicorn-34157.exe
1192	Unicorn-7001.exe
3056	Unicorn-48619.exe
1532	Unicorn-47578.exe
2060	Unicorn-24780.exe

Loads dropped DLL 64 IoCs

pid	Process
1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
2416	Unicorn-5024.exe
1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
2416	Unicorn-5024.exe
2904	Unicorn-46943.exe
2416	Unicorn-5024.exe
2904	Unicorn-46943.exe
2416	Unicorn-5024.exe
2916	Unicorn-191.exe
2916	Unicorn-191.exe
2512	Unicorn-13459.exe
2512	Unicorn-13459.exe
2904	Unicorn-46943.exe
2904	Unicorn-46943.exe
2468	Unicorn-48026.exe
2468	Unicorn-48026.exe
2916	Unicorn-191.exe
2916	Unicorn-191.exe
2712	Unicorn-41533.exe
2712	Unicorn-41533.exe
1284	Unicorn-62866.exe
1284	Unicorn-62866.exe
2468	Unicorn-48026.exe
2792	Unicorn-30412.exe
2792	Unicorn-30412.exe
2468	Unicorn-48026.exe
2712	Unicorn-41533.exe
2712	Unicorn-41533.exe
1644	Unicorn-50213.exe
1644	Unicorn-50213.exe
2624	Unicorn-55781.exe
2624	Unicorn-55781.exe
1952	Unicorn-4541.exe
1952	Unicorn-4541.exe
2624	Unicorn-55781.exe
2624	Unicorn-55781.exe
2276	Unicorn-30259.exe
2276	Unicorn-30259.exe
964	Unicorn-27051.exe
964	Unicorn-27051.exe
584	Unicorn-13289.exe
584	Unicorn-13289.exe
1484	Unicorn-16180.exe
1484	Unicorn-16180.exe
2164	Unicorn-7608.exe
2164	Unicorn-7608.exe
436	Unicorn-7185.exe
436	Unicorn-7185.exe
2536	Unicorn-39646.exe
436	Unicorn-7185.exe
2536	Unicorn-39646.exe
436	Unicorn-7185.exe
1388	Unicorn-17543.exe
1388	Unicorn-17543.exe
1464	Unicorn-18763.exe
1464	Unicorn-18763.exe
2340	Unicorn-38009.exe
2340	Unicorn-38009.exe
1948	Unicorn-1609.exe
1948	Unicorn-1609.exe
2356	Unicorn-57267.exe
2356	Unicorn-57267.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
2416	Unicorn-5024.exe
2904	Unicorn-46943.exe
2916	Unicorn-191.exe
2512	Unicorn-13459.exe
2712	Unicorn-41533.exe
2468	Unicorn-48026.exe
2996	Unicorn-41237.exe
1284	Unicorn-62866.exe
2792	Unicorn-30412.exe
636	Unicorn-40504.exe
1948	Unicorn-1609.exe
1644	Unicorn-50213.exe
2624	Unicorn-55781.exe
1952	Unicorn-4541.exe
2276	Unicorn-30259.exe
584	Unicorn-13289.exe
964	Unicorn-27051.exe
436	Unicorn-7185.exe
1484	Unicorn-16180.exe
2164	Unicorn-7608.exe
1464	Unicorn-18763.exe
1388	Unicorn-17543.exe
2536	Unicorn-39646.exe
2340	Unicorn-38009.exe
2356	Unicorn-57267.exe
1772	Unicorn-5432.exe
2472	Unicorn-13635.exe
2640	Unicorn-40159.exe
1332	Unicorn-57420.exe
1908	Unicorn-26755.exe
2796	Unicorn-52606.exe
564	Unicorn-18934.exe
2636	Unicorn-46509.exe
1144	Unicorn-36011.exe
768	Unicorn-34157.exe
3056	Unicorn-48619.exe
2060	Unicorn-24780.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2416	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2416	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2416	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2416	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	28
PID 1692 wrote to memory of 2916	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	30
PID 1692 wrote to memory of 2916	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	30
PID 1692 wrote to memory of 2916	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	30
PID 1692 wrote to memory of 2916	1692	efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe	30
PID 2416 wrote to memory of 2904	2416	Unicorn-5024.exe	29
PID 2416 wrote to memory of 2904	2416	Unicorn-5024.exe	29
PID 2416 wrote to memory of 2904	2416	Unicorn-5024.exe	29
PID 2416 wrote to memory of 2904	2416	Unicorn-5024.exe	29
PID 2904 wrote to memory of 2512	2904	Unicorn-46943.exe	31
PID 2904 wrote to memory of 2512	2904	Unicorn-46943.exe	31
PID 2904 wrote to memory of 2512	2904	Unicorn-46943.exe	31
PID 2904 wrote to memory of 2512	2904	Unicorn-46943.exe	31
PID 2416 wrote to memory of 2712	2416	Unicorn-5024.exe	32
PID 2416 wrote to memory of 2712	2416	Unicorn-5024.exe	32
PID 2416 wrote to memory of 2712	2416	Unicorn-5024.exe	32
PID 2416 wrote to memory of 2712	2416	Unicorn-5024.exe	32
PID 2916 wrote to memory of 2468	2916	Unicorn-191.exe	33
PID 2916 wrote to memory of 2468	2916	Unicorn-191.exe	33
PID 2916 wrote to memory of 2468	2916	Unicorn-191.exe	33
PID 2916 wrote to memory of 2468	2916	Unicorn-191.exe	33
PID 2512 wrote to memory of 2996	2512	Unicorn-13459.exe	34
PID 2512 wrote to memory of 2996	2512	Unicorn-13459.exe	34
PID 2512 wrote to memory of 2996	2512	Unicorn-13459.exe	34
PID 2512 wrote to memory of 2996	2512	Unicorn-13459.exe	34
PID 2904 wrote to memory of 1300	2904	Unicorn-46943.exe	35
PID 2904 wrote to memory of 1300	2904	Unicorn-46943.exe	35
PID 2904 wrote to memory of 1300	2904	Unicorn-46943.exe	35
PID 2904 wrote to memory of 1300	2904	Unicorn-46943.exe	35
PID 2468 wrote to memory of 1284	2468	Unicorn-48026.exe	36
PID 2468 wrote to memory of 1284	2468	Unicorn-48026.exe	36
PID 2468 wrote to memory of 1284	2468	Unicorn-48026.exe	36
PID 2468 wrote to memory of 1284	2468	Unicorn-48026.exe	36
PID 2916 wrote to memory of 636	2916	Unicorn-191.exe	37
PID 2916 wrote to memory of 636	2916	Unicorn-191.exe	37
PID 2916 wrote to memory of 636	2916	Unicorn-191.exe	37
PID 2916 wrote to memory of 636	2916	Unicorn-191.exe	37
PID 2712 wrote to memory of 2792	2712	Unicorn-41533.exe	38
PID 2712 wrote to memory of 2792	2712	Unicorn-41533.exe	38
PID 2712 wrote to memory of 2792	2712	Unicorn-41533.exe	38
PID 2712 wrote to memory of 2792	2712	Unicorn-41533.exe	38
PID 1284 wrote to memory of 1948	1284	Unicorn-62866.exe	39
PID 1284 wrote to memory of 1948	1284	Unicorn-62866.exe	39
PID 1284 wrote to memory of 1948	1284	Unicorn-62866.exe	39
PID 1284 wrote to memory of 1948	1284	Unicorn-62866.exe	39
PID 2792 wrote to memory of 1952	2792	Unicorn-30412.exe	41
PID 2792 wrote to memory of 1952	2792	Unicorn-30412.exe	41
PID 2792 wrote to memory of 1952	2792	Unicorn-30412.exe	41
PID 2792 wrote to memory of 1952	2792	Unicorn-30412.exe	41
PID 2468 wrote to memory of 1644	2468	Unicorn-48026.exe	40
PID 2468 wrote to memory of 1644	2468	Unicorn-48026.exe	40
PID 2468 wrote to memory of 1644	2468	Unicorn-48026.exe	40
PID 2468 wrote to memory of 1644	2468	Unicorn-48026.exe	40
PID 2712 wrote to memory of 2624	2712	Unicorn-41533.exe	42
PID 2712 wrote to memory of 2624	2712	Unicorn-41533.exe	42
PID 2712 wrote to memory of 2624	2712	Unicorn-41533.exe	42
PID 2712 wrote to memory of 2624	2712	Unicorn-41533.exe	42
PID 1644 wrote to memory of 1772	1644	Unicorn-50213.exe	43
PID 1644 wrote to memory of 1772	1644	Unicorn-50213.exe	43
PID 1644 wrote to memory of 1772	1644	Unicorn-50213.exe	43
PID 1644 wrote to memory of 1772	1644	Unicorn-50213.exe	43

C:\Users\Admin\AppData\Local\Temp\efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\efed2cbd55677e3693b972d0fc9ddc71_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
      4⤵
      Executes dropped EXE
      PID:1300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        11⤵
        Executes dropped EXE
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        8⤵
        Executes dropped EXE
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        8⤵
        Executes dropped EXE
        
        PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe

Filesize
184KB

MD5
b11563f2136eac7083c4c5b4366bc17c

SHA1
f7266b357e92ae72307bdc1649053444f726cdbc

SHA256
87c989d054b21aa48f53b138166223540e9a255107b6c43dc06869d0850d38b7

SHA512
2e8b1b734351e7dddb9d0c802460635885c6bc28755b276d4808ea98264a36347ecc1bb2a646283a3f032b8875b570658d6fe8019f5d164b040c7d4b5502dbc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe

Filesize
184KB

MD5
03448516dd20509045b2db5be17e6aa2

SHA1
9ae784bbbfc0e020736f9012e4a1008243d2b96a

SHA256
a443d64772a98739775afc08ea738d11d2ebff5479c09264e2ec4f1725452eaf

SHA512
425d2a384e03dae924d90523069ff87514b8d8a9e5db815e3caf9242608ba639ee9eedf776ba38f4d622d655f51ede90c5893172959cea9bbfe5f42aa0539aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe

Filesize
184KB

MD5
3b2a4865f3ba264447794417bc5d6819

SHA1
2dd67e300147819d1edf8332db0c8afb97e1e96d

SHA256
989abde5c1f96395bf8a0c304b869db49136c548f11160b8d78c6464b001249f

SHA512
db204ca07b7ed5a6bb44157a7eb445faf859d7fd81dff4c409a895ec2074cc56d23d955e87b946c2968f993b7e86978a003e734c66c138b5aab9ddec437f9927

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe

Filesize
184KB

MD5
0d382f7112913daf2272f2fa23a51816

SHA1
4bf1c09b0e7f637673b77e806f564b621c374200

SHA256
54da0e59a7b6e2b20053c9b4b2bcd81dc7905d92bb581258d4e5f1cad07079e8

SHA512
ff21e6e34c16f71f253224cbcdb038b5783d8cad7550c2f3a2f34311ce47504570d1ca7708c0579131aa0613a181e7b1ccdfc5b179f9a3445133a49e6c7eb065

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe

Filesize
184KB

MD5
a4fe7327cc76ec62ad291ce70fee8fd8

SHA1
4e3a24f61a036b3833af29dce2f9b82b36420a7a

SHA256
549e6195e13d299f6e964a6e6302b2f5e3446824d71ac2ccba2df768dc365bb3

SHA512
60b5b54629d3c0cd4df03628bff6ac351013b50540a97d6e62c457d0566e889b0d3fdd87c460ff7c6c7e8ba7cd1b7585b2b3ff4da139c63b545cac9781741291

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe

Filesize
184KB

MD5
48b945badb385fe6ef5a887e25ffe3de

SHA1
f53a2600844fbc89265bc42ffbb46f4c0f433045

SHA256
167ce436e4750ffff2d9727e5e221831f55693550fcf01384f613a84007955ef

SHA512
a1b4022f2e9372af830b65451d002932e4fc8764efd137aa8e6bc445dad6afabc95e8329e1d6b83b3e666eb1bd105906da32a6ab47bd70e8cf02780cdfac8927

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe

Filesize
184KB

MD5
de59b71e5671da453b5974d94342ad3a

SHA1
34c922b94c425cc0629f686c6b2d93d3d9cc3f47

SHA256
d11947436db032346d9f096737b183a52da25ae342566d08f4efd2343f8995e5

SHA512
59734744e26c5ab0b76a4d7f0c56b7c9fa60e760062e9670af0bfd24bcc2b0fab4f4c435038786d3cb6e681389ca0e6f2a740908f3eac485c7d023679bc815e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-191.exe

Filesize
184KB

MD5
ad5dc9c0ebdc9128e45498b071df0ba9

SHA1
86f57caaf9183ea60ae0c80a25079c0cbc535f61

SHA256
3385ebbb5ade2b6d1168bc6b81898bfc3be7858df655b57514a0bd856c40e71e

SHA512
5c6ed3630bc37baa7f8f57537f0f940636dc6d56e0537ae2e306a9bf4371f74b31ab186397a57bec165e4d39a7e3ef9e8b6bcf04f76983b1df09ebdc4f8c7821

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe

Filesize
184KB

MD5
b9278c728c2083eebc7e6e57f6c4d639

SHA1
b84506dd43aba4229827955b276e82d903e274b7

SHA256
cd7faf91d797635092d2ed8f79174b2be909f91366be27c6ed361a30a61a1ec7

SHA512
9acd7e625369db4bfdb67da73a8ffae6d8d476331341099c8bb313d39b447322de651e1ec3b3856c687c36e33071a2414e83a414286fc9379e37eafb9a7ec574

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe

Filesize
184KB

MD5
c4561599fe063e7b8a4ace38422b3065

SHA1
251424f2058d15bcaebdefad4b64c3bdfa92cb0f

SHA256
e1e277a44152e55f0cf34007fcd94d023f74f57b413c88e0bd8b17398bb1fc91

SHA512
231dda209a04fa98e06944446df3d73b4a2f91f96ef1e30cc97a7acdd2ef6b84606bcf2981690df319ea3687f9da08474d79699bbf505b9074c6837d1276b224

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe

Filesize
184KB

MD5
5321c1023ccb958f6bc8af3f290e8064

SHA1
047c94a9e4a603ba353b49ab0a27b707046f960d

SHA256
f48acede6763d6dc9a8d43c7438d9a823d30d92bdae13b27d553fb5be86c1517

SHA512
884ed78fe39a019a7b486b5e30c270d335c4d51f014d626800f0995e01ec3a4919f915a01497ba27b61fd8536faf18d32063564a00e7ad438c3aafff36299203

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe

Filesize
184KB

MD5
d18446b63ee44d48527ba263d0e9d547

SHA1
7c4ecfadd449200e4fa464024dcb7bd0b4a81eea

SHA256
b646d4a21b3b530f2bc15520ba745fd5ece84b945e6e06f1e25486133ddd7b53

SHA512
0637896485fd20bbac8662678118256190c6cf098234fea8e8cc84d76eb94ed8dc29a39e6cda858ad327cf070616d27c4f7b55a41b8a5a0c8e0b3ecb72df8373

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe

Filesize
184KB

MD5
30fd86bbb74a1fbe76a672a4b70056d8

SHA1
82a36740dcdcdad3fb28f5d9c219b40c1687ac45

SHA256
cd096eaa9093b8f6e38008cf46f4726b54cfe265f5bb3af42a1f0d62431afdd6

SHA512
7f2a41a0304e4469a09e17cd26280c0819fab492655161c5b26ecf691ce5468d51fe32fc7cb1be99c9a1eec564d2e880f92b0fc0776e766c131703971635ec81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe

Filesize
184KB

MD5
8f365a2c02aee702eb19a6d4e22115d5

SHA1
ed62cc775e018a5a8f097372043b0a357fcebf26

SHA256
611c51c64df719c7d025ce09ce4fddc3903b0726d7f4ab8616aafb7ba1425aa0

SHA512
95d2687b227fa390d6810a669be015658cf3b3d20c8bdb18ffba227f5bb9efdb9b916df2875b185f65f11e9ed3a780b62b3e25985f5baf8d18f7cc9a21525186

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe

Filesize
184KB

MD5
e52e6025e818b39396565cdc07859c2c

SHA1
697a08563a6251f49798b72cbc11feca8b0b0e4a

SHA256
88d6b0ae3d9a9e7c6c1571d9f0fda7f8b1d5e3eddec94c0114665b01fdc1ffd2

SHA512
4b84a771c2bbd67afda0220cab59106cba1f33009fc216a9a6c56006d6ccbb349cd354bd3c3c8fb8d436ad279f0802d7142b07c2d2ed5cdc15e7f8c3215c4548

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe

Filesize
184KB

MD5
10d27b5eb33f21b1c917ec23bbe3d547

SHA1
834f2268ee7b9fb4b3c380d38e355ad7bd8d7448

SHA256
d9c863dd7a63231c8db163e5791e993447779c6c10e1026e0e06ba803b41b16a

SHA512
ac724d46b5ec672dad695579c479f06c12569bb89366d776b2f4ae4d19b793f51e53fffff302524a4c20753576454f042b1f236b93ca4aece8578cfdedd87619

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe

Filesize
184KB

MD5
7b94950dee92a0366dd3617c7f1a5de2

SHA1
8a1722408c743f0429f12e5303371ad8f2a45c60

SHA256
88b9814731c8e179eca3973d4ae4ba55ec0fb21c0a8a6d93ddac899f92cb1181

SHA512
94ba724b925516e8b32d976230132b321071d2c8bc5b173589ba4b7d47ef732e46960d9a970a5b1bf47b589c0544a08cfc13f1dd2d1c478a761f5d35e2c70135

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe

Filesize
184KB

MD5
dc50cd465904f197b71c0a33b89c9318

SHA1
c3e83f6752d59617fe142f1621b14a8bc12a30e2

SHA256
2d49a717262670d3ab21ae33abb4edb213a6f69ac761e7d37849ebb161fad58e

SHA512
2bfcf5f3dada5b26cb36f67b1c04bdca137b6870480fe24d2d80b5d32e5e3dde07a86f1da7b1d2c895fd9ed0e9011bff09feda4f247d5ce97fd09584badb98d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads