a8c71410b0dd1e954f30ba52bed014973bcca10e23a1a3e08a3ffa1dce173c7f

Analysis

max time kernel
29s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
Size

184KB
MD5

f1c1a814980a782643866a900cc7809d
SHA1

22d45f71efac99c8454d6f546d5408470887fdbf
SHA256

a8c71410b0dd1e954f30ba52bed014973bcca10e23a1a3e08a3ffa1dce173c7f
SHA512

26e4acc71eddfad704b1f69d6d62898926a54a79534d1d851b4e71f6493a841a8fefa5e977645375b231ff76c66358e91339a8cc1bef13d3a86e894edeb7849e
SSDEEP

3072:6e3GlombyOYwQoOjiol75kJqekzXMlSftA+xvvEDuNNHvpFg:6e+oMtQo1oh5kJ5AblNNHvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
1788	Unicorn-50786.exe
2536	Unicorn-26365.exe
2596	Unicorn-57646.exe
2508	Unicorn-20226.exe
2172	Unicorn-38700.exe
2408	Unicorn-22918.exe
1584	Unicorn-64356.exe
2736	Unicorn-36322.exe
2884	Unicorn-29546.exe
1660	Unicorn-60827.exe
1672	Unicorn-19240.exe
2444	Unicorn-41941.exe
1492	Unicorn-44634.exe
1724	Unicorn-54193.exe
2028	Unicorn-5760.exe
2752	Unicorn-43263.exe
2012	Unicorn-32403.exe
992	Unicorn-56907.exe
1836	Unicorn-24789.exe
2964	Unicorn-20535.exe
2352	Unicorn-22158.exe
1712	Unicorn-64582.exe
1792	Unicorn-59128.exe
784	Unicorn-24872.exe
1780	Unicorn-7789.exe
1468	Unicorn-3705.exe
1020	Unicorn-20042.exe
328	Unicorn-176.exe
2084	Unicorn-9735.exe
1560	Unicorn-20596.exe
1376	Unicorn-17302.exe
1752	Unicorn-37722.exe
2516	Unicorn-15718.exe
2772	Unicorn-47836.exe
2768	Unicorn-21748.exe
2420	Unicorn-33446.exe
2680	Unicorn-46274.exe
2564	Unicorn-15547.exe
2096	Unicorn-17171.exe
2876	Unicorn-14478.exe
2716	Unicorn-46082.exe
2828	Unicorn-51790.exe
1716	Unicorn-6118.exe
2896	Unicorn-42552.exe
1628	Unicorn-16979.exe
2200	Unicorn-37805.exe
1636	Unicorn-17939.exe
1600	Unicorn-56087.exe
2632	Unicorn-36221.exe
640	Unicorn-58609.exe
2232	Unicorn-61302.exe
1216	Unicorn-30575.exe
2056	Unicorn-65386.exe
2272	Unicorn-15631.exe
752	Unicorn-37997.exe
964	Unicorn-18131.exe
2792	Unicorn-37997.exe
1124	Unicorn-59548.exe
1188	Unicorn-59548.exe
2036	Unicorn-48578.exe
2984	Unicorn-40772.exe

Loads dropped DLL 64 IoCs

pid	Process
2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
1788	Unicorn-50786.exe
2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
1788	Unicorn-50786.exe
2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
2596	Unicorn-57646.exe
2596	Unicorn-57646.exe
2536	Unicorn-26365.exe
2536	Unicorn-26365.exe
1788	Unicorn-50786.exe
1788	Unicorn-50786.exe
2508	Unicorn-20226.exe
2508	Unicorn-20226.exe
2596	Unicorn-57646.exe
2596	Unicorn-57646.exe
2172	Unicorn-38700.exe
2172	Unicorn-38700.exe
2536	Unicorn-26365.exe
2536	Unicorn-26365.exe
2408	Unicorn-22918.exe
2408	Unicorn-22918.exe
1584	Unicorn-64356.exe
1584	Unicorn-64356.exe
2508	Unicorn-20226.exe
2508	Unicorn-20226.exe
2736	Unicorn-36322.exe
2736	Unicorn-36322.exe
2884	Unicorn-29546.exe
2884	Unicorn-29546.exe
2172	Unicorn-38700.exe
1660	Unicorn-60827.exe
2172	Unicorn-38700.exe
1660	Unicorn-60827.exe
1672	Unicorn-19240.exe
1672	Unicorn-19240.exe
2408	Unicorn-22918.exe
2408	Unicorn-22918.exe
2444	Unicorn-41941.exe
2444	Unicorn-41941.exe
1584	Unicorn-64356.exe
1584	Unicorn-64356.exe
1492	Unicorn-44634.exe
1492	Unicorn-44634.exe
1724	Unicorn-54193.exe
1724	Unicorn-54193.exe
2736	Unicorn-36322.exe
2736	Unicorn-36322.exe
2752	Unicorn-43263.exe
2752	Unicorn-43263.exe
992	Unicorn-56907.exe
992	Unicorn-56907.exe
1672	Unicorn-19240.exe
2028	Unicorn-5760.exe
1672	Unicorn-19240.exe
2028	Unicorn-5760.exe
2884	Unicorn-29546.exe
2884	Unicorn-29546.exe
1836	Unicorn-24789.exe
1836	Unicorn-24789.exe
2352	Unicorn-22158.exe
2352	Unicorn-22158.exe
2964	Unicorn-20535.exe
2964	Unicorn-20535.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2020	2772	WerFault.exe	61
1608	540	WerFault.exe	95

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
1788	Unicorn-50786.exe
2596	Unicorn-57646.exe
2536	Unicorn-26365.exe
2508	Unicorn-20226.exe
2172	Unicorn-38700.exe
2408	Unicorn-22918.exe
1584	Unicorn-64356.exe
2736	Unicorn-36322.exe
2884	Unicorn-29546.exe
1660	Unicorn-60827.exe
1672	Unicorn-19240.exe
2444	Unicorn-41941.exe
1492	Unicorn-44634.exe
1724	Unicorn-54193.exe
2028	Unicorn-5760.exe
2752	Unicorn-43263.exe
992	Unicorn-56907.exe
1836	Unicorn-24789.exe
2352	Unicorn-22158.exe
2964	Unicorn-20535.exe
1792	Unicorn-59128.exe
1712	Unicorn-64582.exe
784	Unicorn-24872.exe
1780	Unicorn-7789.exe
1020	Unicorn-20042.exe
1468	Unicorn-3705.exe
2084	Unicorn-9735.exe
1560	Unicorn-20596.exe
328	Unicorn-176.exe
1376	Unicorn-17302.exe
1752	Unicorn-37722.exe
2772	Unicorn-47836.exe
2516	Unicorn-15718.exe
2768	Unicorn-21748.exe
2420	Unicorn-33446.exe
2680	Unicorn-46274.exe
2564	Unicorn-15547.exe
2096	Unicorn-17171.exe
2828	Unicorn-51790.exe
2896	Unicorn-42552.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 1788	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	28
PID 2952 wrote to memory of 1788	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	28
PID 2952 wrote to memory of 1788	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	28
PID 2952 wrote to memory of 1788	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	28
PID 1788 wrote to memory of 2536	1788	Unicorn-50786.exe	29
PID 1788 wrote to memory of 2536	1788	Unicorn-50786.exe	29
PID 1788 wrote to memory of 2536	1788	Unicorn-50786.exe	29
PID 1788 wrote to memory of 2536	1788	Unicorn-50786.exe	29
PID 2952 wrote to memory of 2596	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2596	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2596	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2596	2952	f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe	30
PID 2596 wrote to memory of 2508	2596	Unicorn-57646.exe	31
PID 2596 wrote to memory of 2508	2596	Unicorn-57646.exe	31
PID 2596 wrote to memory of 2508	2596	Unicorn-57646.exe	31
PID 2596 wrote to memory of 2508	2596	Unicorn-57646.exe	31
PID 2536 wrote to memory of 2172	2536	Unicorn-26365.exe	32
PID 2536 wrote to memory of 2172	2536	Unicorn-26365.exe	32
PID 2536 wrote to memory of 2172	2536	Unicorn-26365.exe	32
PID 2536 wrote to memory of 2172	2536	Unicorn-26365.exe	32
PID 1788 wrote to memory of 2408	1788	Unicorn-50786.exe	33
PID 1788 wrote to memory of 2408	1788	Unicorn-50786.exe	33
PID 1788 wrote to memory of 2408	1788	Unicorn-50786.exe	33
PID 1788 wrote to memory of 2408	1788	Unicorn-50786.exe	33
PID 2508 wrote to memory of 1584	2508	Unicorn-20226.exe	34
PID 2508 wrote to memory of 1584	2508	Unicorn-20226.exe	34
PID 2508 wrote to memory of 1584	2508	Unicorn-20226.exe	34
PID 2508 wrote to memory of 1584	2508	Unicorn-20226.exe	34
PID 2596 wrote to memory of 2736	2596	Unicorn-57646.exe	35
PID 2596 wrote to memory of 2736	2596	Unicorn-57646.exe	35
PID 2596 wrote to memory of 2736	2596	Unicorn-57646.exe	35
PID 2596 wrote to memory of 2736	2596	Unicorn-57646.exe	35
PID 2172 wrote to memory of 2884	2172	Unicorn-38700.exe	36
PID 2172 wrote to memory of 2884	2172	Unicorn-38700.exe	36
PID 2172 wrote to memory of 2884	2172	Unicorn-38700.exe	36
PID 2172 wrote to memory of 2884	2172	Unicorn-38700.exe	36
PID 2536 wrote to memory of 1660	2536	Unicorn-26365.exe	37
PID 2536 wrote to memory of 1660	2536	Unicorn-26365.exe	37
PID 2536 wrote to memory of 1660	2536	Unicorn-26365.exe	37
PID 2536 wrote to memory of 1660	2536	Unicorn-26365.exe	37
PID 2408 wrote to memory of 1672	2408	Unicorn-22918.exe	38
PID 2408 wrote to memory of 1672	2408	Unicorn-22918.exe	38
PID 2408 wrote to memory of 1672	2408	Unicorn-22918.exe	38
PID 2408 wrote to memory of 1672	2408	Unicorn-22918.exe	38
PID 1584 wrote to memory of 2444	1584	Unicorn-64356.exe	39
PID 1584 wrote to memory of 2444	1584	Unicorn-64356.exe	39
PID 1584 wrote to memory of 2444	1584	Unicorn-64356.exe	39
PID 1584 wrote to memory of 2444	1584	Unicorn-64356.exe	39
PID 2508 wrote to memory of 1492	2508	Unicorn-20226.exe	40
PID 2508 wrote to memory of 1492	2508	Unicorn-20226.exe	40
PID 2508 wrote to memory of 1492	2508	Unicorn-20226.exe	40
PID 2508 wrote to memory of 1492	2508	Unicorn-20226.exe	40
PID 2736 wrote to memory of 1724	2736	Unicorn-36322.exe	41
PID 2736 wrote to memory of 1724	2736	Unicorn-36322.exe	41
PID 2736 wrote to memory of 1724	2736	Unicorn-36322.exe	41
PID 2736 wrote to memory of 1724	2736	Unicorn-36322.exe	41
PID 2884 wrote to memory of 2028	2884	Unicorn-29546.exe	42
PID 2884 wrote to memory of 2028	2884	Unicorn-29546.exe	42
PID 2884 wrote to memory of 2028	2884	Unicorn-29546.exe	42
PID 2884 wrote to memory of 2028	2884	Unicorn-29546.exe	42
PID 2172 wrote to memory of 2752	2172	Unicorn-38700.exe	43
PID 2172 wrote to memory of 2752	2172	Unicorn-38700.exe	43
PID 2172 wrote to memory of 2752	2172	Unicorn-38700.exe	43
PID 2172 wrote to memory of 2752	2172	Unicorn-38700.exe	43

C:\Users\Admin\AppData\Local\Temp\f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f1c1a814980a782643866a900cc7809d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        9⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        8⤵
        Executes dropped EXE
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        7⤵
        Executes dropped EXE
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        7⤵
        Executes dropped EXE
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        5⤵
        Executes dropped EXE
        
        PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        7⤵
        Executes dropped EXE
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        6⤵
        Executes dropped EXE
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
        7⤵
        
        PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        7⤵
        Executes dropped EXE
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
        8⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        6⤵
        Executes dropped EXE
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        7⤵
        
        PID:2268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        8⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        7⤵
        Executes dropped EXE
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        8⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        7⤵
        Executes dropped EXE
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        7⤵
        Executes dropped EXE
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        6⤵
        Executes dropped EXE
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        7⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        8⤵
        
        PID:540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        9⤵
        Program crash
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        7⤵
        Program crash
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        6⤵
        Executes dropped EXE
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58609.exe
        6⤵
        Executes dropped EXE
        
        PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        6⤵
        Executes dropped EXE
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        7⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        5⤵
        Executes dropped EXE
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
        6⤵
        Executes dropped EXE
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        5⤵
        Executes dropped EXE
        
        PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe

Filesize
184KB

MD5
bca703c5e7ee99c6044be87187e303c3

SHA1
7bd953d598bf4b604ff096cf131b9244b5be58c4

SHA256
33a5955b2698b4f3301a4fce82606c88be8fa837624728f8b2e18b4e3448d226

SHA512
70eca0ba6b49133d602fa2f3235e1a677c3ea5e3a2aa13eed6d4e812475b8f6f379ed433ebf0b64fecaa4e22bcfe03fe3bd2367506acb271468bf6075e5b5692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe

Filesize
184KB

MD5
aae28432d1f0b0e651a960620bd01a68

SHA1
01dbf6011351311d70b384ff71e62a70c9c88a03

SHA256
057635bc4d1917297a6be877938295a4f4586b4561177f2efbd33b2cb5d1df80

SHA512
360f04c8fb892c9e88fb60ced3f17b671dea0d837a6c26641f5dd657ba7c88451edc31f522e924c22b876a16aef523ad6629628471b24fa995e80dcbd34464b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe

Filesize
184KB

MD5
17d731f1d03ae7fcbae0bf5bf6e2f1dd

SHA1
06873ab86010c1053a5d5ec5283f0b993715a230

SHA256
78c656483ad4ac7aaf7785e6e285dc9cf48b2902164b6d804dac54c6c5cdc79b

SHA512
08de1b2eaeafacd7b6b5af81900f887c3c30032fdba30ee9a37b85a6536260a68e59c7672fcc795f1f8cbb884199e8e43fa513f32b089369597411aec7e81888

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe

Filesize
184KB

MD5
6131ac923ff333465d403152725a1f6e

SHA1
744f1890003370e8d383e43c5e2d1c805c085be5

SHA256
d12bddfb3541873fab079440176db5ee49ca9ccafb334bedbdace9de8246279d

SHA512
e38f59d65cfc1f6ae154ad5c2155b46dd97a2ef36fbc0d55530ea00b2e56be02c93249611a60d395bee27d608d1426e63c155636d80882c93fdb5b846e636bb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe

Filesize
184KB

MD5
9f2b28959e90dfa0e46c4c81aa7a1934

SHA1
23b7e3b877ec41f6330bcbd313ceaef11e8ae0a5

SHA256
658d57b9210e18729c7a8fe2e8614ddc415e76b99e9ab6dfa1f91a377d9575a2

SHA512
fbeaf4c3d569ae33401688eef318b98b8df892b2b4f567ad2028a719089de672ad8b14a84033b507f48a07cd3230e10811cddd2b6bfad1c87903db4174a8f447

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe

Filesize
184KB

MD5
a27a29820c9a926fd830ba9d2bbb0701

SHA1
4239cf234c657ed4a97c705a04b0ec42801b18fe

SHA256
1ea8f1b5a4cf542aa7a320605f1575760f89f6aebe20f4c50bda07bcc2323fde

SHA512
23db5c606d48607718977f2de7bbfeb173f7d76b5f156597559de2feff9be4a45f6055985d79cea92f583bc5f2345a438fefb7b819ad2d5c308d1419e01cd519

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe

Filesize
184KB

MD5
ba9911d866f7cc509c24ae985b2dd0bd

SHA1
b80cf7b6f0333f62686e13bb0d27e4bdfca719f5

SHA256
2afc58c79277500b8fc09a217a487bfc799b11961ec8a26ce9278b39c9154266

SHA512
a16a446e74c89c238798482d2eac6cc55ed829f4f0ebf3c0313d1c82c4053a64f3e23ec97303d1b5e837114a52f3192d92fb2f498cbcb251865a4f0642243afb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe

Filesize
184KB

MD5
2e211b89f5109cf695a65473a8cd0f8c

SHA1
bd05c4a966452081f0647c3d6efb80289d7aa766

SHA256
fda27ab753a15e1e628275eba7a0467ef653d1d8d70c1762392cb87011493df9

SHA512
6f98da06158c44115882af4895d1e0085caa17bc1da8f93ac2d7675d1aa6da4d56312aef5034032893ce364aa342028d012fd877710ad14fe2f7fd50b13e4be6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe

Filesize
184KB

MD5
16a98c64909ade4de2aef621b3b87e24

SHA1
5211b2f6f0916d72f29110321ed054fddc178256

SHA256
49d68727fa698d3921ed9884c7854f5b4afc8dc309cafb6b13c364eaa51d4919

SHA512
ed93741a57181b36ecd5be5a5b130c9c1c9f446257a0c0ac47b475c1b25ac8a73bfa31b08635b81865165622ad3f53bd6342b5f5626c1e4ea215fbd9b7b7c380

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe

Filesize
184KB

MD5
7eb37873a5099a7a27aca150c7970199

SHA1
c6886a3ba27f3fb8b8b368dceb408fe90709809f

SHA256
709d96d1b2457d8d8cce9cab41e13e56e810a4aa7d55ea4d61648cbb64c5a845

SHA512
451fa4a9cbb74cb8790f3200f324681c79a87207deea8169ff439c7d36eb2c8586e110bb735ec2797e2c15934fcadef6135c6f696cb61daa2904a0b814f1390b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe

Filesize
184KB

MD5
82e9616a7f03721667ce3d003301f753

SHA1
285c47b695eef7cd68b094d733e6d51b41e9631d

SHA256
d37759f0ff8319df9462206f5f330ce34bccff2ae24882148b16054880dc0463

SHA512
71e6b315cdc07fec06544de6d201dc1c471ed99ff068032593725d34d0c605939a3c1101b8f1c85bb8b059030e0c6b4bccfcf665e5760898a9aac18143c5c8c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe

Filesize
184KB

MD5
b81ad8899b2cdd3ef2f7a22c7f0cedec

SHA1
b389c1af2241dc0b27254dba09866691c38bc040

SHA256
eb4599f50fa6c9b5570d98fcc6d4b223768304f743e15fb9635451d2bdcddd87

SHA512
210f8e22dd855106da3a1d212e14f20986b65bdf6b73a1afb5bf40e13fbbb888b57fd4f290e212746acebeb39c06dc8e5f7b368145f2c41ba3ca42bfbc57372e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe

Filesize
184KB

MD5
9d5e1d4754bc726c587d4f2dc13fc890

SHA1
69b5add4236d5b20833eb59e98a1dd6c9f57e10e

SHA256
217750e141038ef8355d5295691658f76d396c9803036120f60d365fbb0204e6

SHA512
e195e1499195f633dc84072ae63f98d114336a9c9ae07487b7343175e47b42bc8dda17049c086427fd23bde326abe640cc7bdd9e60d0ad27b5288afadfda9541

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe

Filesize
184KB

MD5
67b81ab4072cfcfd132acadbf41cf458

SHA1
2e51976f304b746e425608d851f4ed1d6e4c4f60

SHA256
2f9ad2e36e52857343a88ba26cf4d3122ee29fa5d8fe729d821d8ed3524a85a7

SHA512
6a9e515c9c2b1d4df67590767050649335c5ea700670e45f77de7711fc4e578be0de48db7050d0a0bfc43f698369ea64e2b6a32e673dc417c05c610bf98baf74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe

Filesize
184KB

MD5
53068b0e3bb5a46e5e2795270d888b81

SHA1
175c6fad13b97b5eca7e47be26c3dd7b2fc333cd

SHA256
c5bb787b5d69f60fa2a030c759654de28dea6292f2468263ec1e85c7dd0afe6a

SHA512
944ee878cfe50b482f35f51fd58d8bde80da7fef6f552ab6ef4d059920cba86235853911c7dcc1719bf9c20ab42ed005a0a47671174beba4525a3fe3dbbc5ecf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe

Filesize
184KB

MD5
3896ad292a122b6dd1d066588cd1fb7e

SHA1
5bb9cf2c8a1aa4100ec0aeb6d486f9b4593a82d7

SHA256
4ca44c096642201aa875304fd4a322900d0d9cbfc53fc96a27ffed93b0220962

SHA512
c77c8e46ff84ec8cc8957c9f66071dbc8910738320b3e538609ed43d79a6671fcfe64c772eaae2a5d0deffde57658b00e71b818b5f795e4cb95f59554c3a8c42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe

Filesize
184KB

MD5
c690ceb860cee10f5444868fca04c396

SHA1
4e7f5a9806cad4e3cd82d4900dc155fb17f0e274

SHA256
dd469df2155cad6e7dc0241c5e40e9a36a8fa03b3ded90a555b3d55b257b52ea

SHA512
7cc2362ffec5ba40bc90fde4b54cae7fda2ae56a90413b2d97216b446b9ba38e52050e759651b861bb1774cec83b48024cfe5283dee10e59ddd4815c41d75764

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe

Filesize
184KB

MD5
68179c09bdfbb42a14ae546aaeddc0f0

SHA1
2c0a764d8c33ff828c56ee8287ffeacea6837297

SHA256
0556131fd63c669d6e98dea059d3a9acfec1a0a83dd3f48fb680ab293d7cf9bc

SHA512
dad606a0975cc5ad1c4053df19188801cc4d46c8bdf01b6661d52e09a13706e39bb5beb458c2130f42c4be98c682e49ee23f7a9a1e514f5aa8ca7c39ca1e636f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe

Filesize
184KB

MD5
bc67d7b5862630e59382ee9233b9ee2f

SHA1
a7c41af53d1ddb58fbc9f9c1851679f5c621da81

SHA256
31a83ae42cc4f74ffe443a91b41cab6cb63c4cb755c26d4a0bec25d32fddf153

SHA512
55d9e6e354fe1b0470142e3ed43c561b173ef21fefecfd51e1f7b37c546c806b1ced3244668a926daf124a89221502dc8a72dc36bddb72567b6d818f8415989e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads