5c9d48363b5c399904e9112c8bdf17b63f4ea54ce6abd6dcda921f7d424559af

Analysis

max time kernel
142s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe
Size

184KB
MD5

f45f5e78a81fafce6d0eacc5e9217d8a
SHA1

32517d24d1e7db385218b2a8d4ad704cd20054d8
SHA256

5c9d48363b5c399904e9112c8bdf17b63f4ea54ce6abd6dcda921f7d424559af
SHA512

7875fc21bae5961f00232b2c870b1a79542b3237d28a5d378bfa349ddba9646469e167e86c20251be29a6efa296f3689d679290cd619a15c5a805752d793aeec
SSDEEP

3072:OuhEou9xo7XsE5/YwwF0y8d2uUv6V+zhLv3xwhd4iNlOFpFh:OuCozTsEOw40y8c1qrNlOFpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 42 IoCs

pid	Process
2992	Unicorn-31661.exe
1288	Unicorn-58386.exe
2576	Unicorn-56487.exe
2508	Unicorn-32943.exe
2100	Unicorn-59668.exe
760	Unicorn-17842.exe
1332	Unicorn-28231.exe
1924	Unicorn-3617.exe
2244	Unicorn-33514.exe
328	Unicorn-13176.exe
356	Unicorn-22497.exe
1628	Unicorn-51936.exe
2036	Unicorn-31599.exe
1672	Unicorn-63441.exe
2004	Unicorn-57494.exe
2156	Unicorn-53493.exe
1596	Unicorn-29949.exe
1196	Unicorn-9611.exe
1692	Unicorn-41454.exe
2720	Unicorn-4780.exe
2472	Unicorn-31506.exe
1912	Unicorn-7961.exe
1952	Unicorn-18351.exe
2808	Unicorn-2061.exe
1660	Unicorn-13519.exe
1452	Unicorn-58719.exe
2800	Unicorn-37313.exe
2840	Unicorn-447.exe
2848	Unicorn-45647.exe
2836	Unicorn-11952.exe
2668	Unicorn-2004.exe
2680	Unicorn-44765.exe
1932	Unicorn-24428.exe
1304	Unicorn-23502.exe
2364	Unicorn-52365.exe
1080	Unicorn-13553.exe
2212	Unicorn-55546.exe
2832	Unicorn-398.exe
1940	Unicorn-14835.exe
1544	Unicorn-57020.exe
2112	Unicorn-53019.exe
2056	Unicorn-64285.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe
2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe
2992	Unicorn-31661.exe
2992	Unicorn-31661.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
1288	Unicorn-58386.exe
1288	Unicorn-58386.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2612	WerFault.exe
2576	Unicorn-56487.exe
2576	Unicorn-56487.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2508	Unicorn-32943.exe
2508	Unicorn-32943.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
2100	Unicorn-59668.exe
2100	Unicorn-59668.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
760	Unicorn-17842.exe
760	Unicorn-17842.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
1332	Unicorn-28231.exe
1332	Unicorn-28231.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1924	Unicorn-3617.exe
1924	Unicorn-3617.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
2244	Unicorn-33514.exe
2244	Unicorn-33514.exe
768	WerFault.exe
768	WerFault.exe
768	WerFault.exe
768	WerFault.exe

Program crash 44 IoCs

pid	pid_target	Process	procid_target
940	2380	WerFault.exe	27
2656	2992	WerFault.exe	28
2612	1288	WerFault.exe	30
2484	2576	WerFault.exe	32
1528	2508	WerFault.exe	34
1308	2100	WerFault.exe	36
2776	760	WerFault.exe	38
1500	1332	WerFault.exe	40
1876	1924	WerFault.exe	42
768	2244	WerFault.exe	44
556	328	WerFault.exe	46
684	356	WerFault.exe	48
1756	1628	WerFault.exe	50
1160	2036	WerFault.exe	52
1648	1672	WerFault.exe	54
1752	2004	WerFault.exe	56
2884	2156	WerFault.exe	60
1916	1596	WerFault.exe	62
2604	1196	WerFault.exe	64
2812	1692	WerFault.exe	66
2496	2720	WerFault.exe	68
2500	2472	WerFault.exe	70
2744	1912	WerFault.exe	72
2792	1952	WerFault.exe	74
2964	2808	WerFault.exe	76
3064	1660	WerFault.exe	78
1356	1452	WerFault.exe	80
1796	2800	WerFault.exe	82
1428	2840	WerFault.exe	84
1712	2848	WerFault.exe	86
2864	2836	WerFault.exe	88
2640	2632	WerFault.exe	90
2152	2668	WerFault.exe	92
1048	2680	WerFault.exe	94
1664	1932	WerFault.exe	96
956	1304	WerFault.exe	98
1152	2364	WerFault.exe	100
2076	1080	WerFault.exe	102
2572	2212	WerFault.exe	104
2016	2832	WerFault.exe	106
1016	1940	WerFault.exe	108
1084	1544	WerFault.exe	110
2700	2112	WerFault.exe	112
2032	2056	WerFault.exe	114

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe
2992	Unicorn-31661.exe
1288	Unicorn-58386.exe
2576	Unicorn-56487.exe
2508	Unicorn-32943.exe
2100	Unicorn-59668.exe
760	Unicorn-17842.exe
1332	Unicorn-28231.exe
1924	Unicorn-3617.exe
2244	Unicorn-33514.exe
328	Unicorn-13176.exe
356	Unicorn-22497.exe
1628	Unicorn-51936.exe
2036	Unicorn-31599.exe
1672	Unicorn-63441.exe
2004	Unicorn-57494.exe
2156	Unicorn-53493.exe
1596	Unicorn-29949.exe
1196	Unicorn-9611.exe
1692	Unicorn-41454.exe
2720	Unicorn-4780.exe
2472	Unicorn-31506.exe
1912	Unicorn-7961.exe
1952	Unicorn-18351.exe
2808	Unicorn-2061.exe
1660	Unicorn-13519.exe
1452	Unicorn-58719.exe
2800	Unicorn-37313.exe
2840	Unicorn-447.exe
2848	Unicorn-45647.exe
2632	Unicorn-40816.exe
2668	Unicorn-2004.exe
2680	Unicorn-44765.exe
1932	Unicorn-24428.exe
1304	Unicorn-23502.exe
2364	Unicorn-52365.exe
1080	Unicorn-13553.exe
2212	Unicorn-55546.exe
2832	Unicorn-398.exe
1940	Unicorn-14835.exe
1544	Unicorn-57020.exe
2112	Unicorn-53019.exe
2056	Unicorn-64285.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2992	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2992	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2992	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2992	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	28
PID 2380 wrote to memory of 940	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	29
PID 2380 wrote to memory of 940	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	29
PID 2380 wrote to memory of 940	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	29
PID 2380 wrote to memory of 940	2380	f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe	29
PID 2992 wrote to memory of 1288	2992	Unicorn-31661.exe	30
PID 2992 wrote to memory of 1288	2992	Unicorn-31661.exe	30
PID 2992 wrote to memory of 1288	2992	Unicorn-31661.exe	30
PID 2992 wrote to memory of 1288	2992	Unicorn-31661.exe	30
PID 2992 wrote to memory of 2656	2992	Unicorn-31661.exe	31
PID 2992 wrote to memory of 2656	2992	Unicorn-31661.exe	31
PID 2992 wrote to memory of 2656	2992	Unicorn-31661.exe	31
PID 2992 wrote to memory of 2656	2992	Unicorn-31661.exe	31
PID 1288 wrote to memory of 2576	1288	Unicorn-58386.exe	32
PID 1288 wrote to memory of 2576	1288	Unicorn-58386.exe	32
PID 1288 wrote to memory of 2576	1288	Unicorn-58386.exe	32
PID 1288 wrote to memory of 2576	1288	Unicorn-58386.exe	32
PID 1288 wrote to memory of 2612	1288	Unicorn-58386.exe	33
PID 1288 wrote to memory of 2612	1288	Unicorn-58386.exe	33
PID 1288 wrote to memory of 2612	1288	Unicorn-58386.exe	33
PID 1288 wrote to memory of 2612	1288	Unicorn-58386.exe	33
PID 2576 wrote to memory of 2508	2576	Unicorn-56487.exe	34
PID 2576 wrote to memory of 2508	2576	Unicorn-56487.exe	34
PID 2576 wrote to memory of 2508	2576	Unicorn-56487.exe	34
PID 2576 wrote to memory of 2508	2576	Unicorn-56487.exe	34
PID 2576 wrote to memory of 2484	2576	Unicorn-56487.exe	35
PID 2576 wrote to memory of 2484	2576	Unicorn-56487.exe	35
PID 2576 wrote to memory of 2484	2576	Unicorn-56487.exe	35
PID 2576 wrote to memory of 2484	2576	Unicorn-56487.exe	35
PID 2508 wrote to memory of 2100	2508	Unicorn-32943.exe	36
PID 2508 wrote to memory of 2100	2508	Unicorn-32943.exe	36
PID 2508 wrote to memory of 2100	2508	Unicorn-32943.exe	36
PID 2508 wrote to memory of 2100	2508	Unicorn-32943.exe	36
PID 2508 wrote to memory of 1528	2508	Unicorn-32943.exe	37
PID 2508 wrote to memory of 1528	2508	Unicorn-32943.exe	37
PID 2508 wrote to memory of 1528	2508	Unicorn-32943.exe	37
PID 2508 wrote to memory of 1528	2508	Unicorn-32943.exe	37
PID 2100 wrote to memory of 760	2100	Unicorn-59668.exe	38
PID 2100 wrote to memory of 760	2100	Unicorn-59668.exe	38
PID 2100 wrote to memory of 760	2100	Unicorn-59668.exe	38
PID 2100 wrote to memory of 760	2100	Unicorn-59668.exe	38
PID 2100 wrote to memory of 1308	2100	Unicorn-59668.exe	39
PID 2100 wrote to memory of 1308	2100	Unicorn-59668.exe	39
PID 2100 wrote to memory of 1308	2100	Unicorn-59668.exe	39
PID 2100 wrote to memory of 1308	2100	Unicorn-59668.exe	39
PID 760 wrote to memory of 1332	760	Unicorn-17842.exe	40
PID 760 wrote to memory of 1332	760	Unicorn-17842.exe	40
PID 760 wrote to memory of 1332	760	Unicorn-17842.exe	40
PID 760 wrote to memory of 1332	760	Unicorn-17842.exe	40
PID 760 wrote to memory of 2776	760	Unicorn-17842.exe	41
PID 760 wrote to memory of 2776	760	Unicorn-17842.exe	41
PID 760 wrote to memory of 2776	760	Unicorn-17842.exe	41
PID 760 wrote to memory of 2776	760	Unicorn-17842.exe	41
PID 1332 wrote to memory of 1924	1332	Unicorn-28231.exe	42
PID 1332 wrote to memory of 1924	1332	Unicorn-28231.exe	42
PID 1332 wrote to memory of 1924	1332	Unicorn-28231.exe	42
PID 1332 wrote to memory of 1924	1332	Unicorn-28231.exe	42
PID 1332 wrote to memory of 1500	1332	Unicorn-28231.exe	43
PID 1332 wrote to memory of 1500	1332	Unicorn-28231.exe	43
PID 1332 wrote to memory of 1500	1332	Unicorn-28231.exe	43
PID 1332 wrote to memory of 1500	1332	Unicorn-28231.exe	43

C:\Users\Admin\AppData\Local\Temp\f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f45f5e78a81fafce6d0eacc5e9217d8a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37313.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        31⤵
        Executes dropped EXE
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        32⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        45⤵
        Program crash
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        44⤵
        Program crash
        
        PID:2700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        43⤵
        Program crash
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        42⤵
        Program crash
        
        PID:1016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        41⤵
        Program crash
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        40⤵
        Program crash
        
        PID:2572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        39⤵
        Program crash
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        38⤵
        Program crash
        
        PID:1152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        37⤵
        Program crash
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        36⤵
        Program crash
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        35⤵
        Program crash
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        34⤵
        Program crash
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        33⤵
        Program crash
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        32⤵
        Program crash
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        31⤵
        Program crash
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        30⤵
        Program crash
        
        PID:1428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        29⤵
        Program crash
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
        28⤵
        Program crash
        
        PID:1356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        27⤵
        Program crash
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        26⤵
        Program crash
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        25⤵
        Program crash
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        24⤵
        Program crash
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        23⤵
        Program crash
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        22⤵
        Program crash
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        21⤵
        Program crash
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        20⤵
        Program crash
        
        PID:2604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        19⤵
        Program crash
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        18⤵
        Program crash
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        17⤵
        Program crash
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        16⤵
        Program crash
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        15⤵
        Program crash
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        14⤵
        Program crash
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        13⤵
        Program crash
        
        PID:684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
        12⤵
        Program crash
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:1500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2484
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2612
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
  2⤵
  - Program crash
  PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe

Filesize
184KB

MD5
e13e52cdad0bc1f1d7d715e5c41e9548

SHA1
d7b25964066f777c9405fcd1e19b7b2b744edf65

SHA256
d37c12366c65562fb141eedaea1a9c374de77535ea49ea77d723fa582c94e26e

SHA512
87ba417fe6b19288db0c891e7ae4c721c7b03daccdb574e78390dfd387328f31613848cab467fe1323bd0c9295e2982e7d3e27a440f7f939a800475eeb4d43bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe

Filesize
184KB

MD5
6a19284cf467f47027e5a9038f1e8d57

SHA1
5030d13f06edd0765d07697e3a467ba7ec8a3379

SHA256
b89d1c9255d7ba8a8788fb23cb6a2eee2fc534cddbed1747b919015cc286df76

SHA512
abfb80fa700927874c273191b6c6f6ff8a98c579ccb85046e062723a99499cd3006a88f2c3472c18e5cf0c75fef98689276f93b14741414d7ab853177ff83eb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe

Filesize
184KB

MD5
0d8bc3adbdfccc7231e74643089b4bce

SHA1
01a482f9237c73fa0441c4c0f630c0617a63886f

SHA256
763d80d9c0bd8318d493e1843748e7fde2346ce23a54e9977ce343efccfe7919

SHA512
b27d58d06c6b023c9897b2df55299d64421397cf58ab7c94f25b3ef1299ad97f5866297ade1dff1cc4afdd70dfa1f6a5998297a157d7b26fc9e78333dcbe4f8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe

Filesize
184KB

MD5
9fc692d6dafe6805383fb529f23da233

SHA1
93f9b5b1ed1ba71f2fd57606cce964ffa70767c9

SHA256
5d62abdba776229e0f1e68e5db1e4fb60b89dd43cd02cac8ff59f06d4d0bf61d

SHA512
d62a954b4eafdebd8636fd40e3c8f36ffacd77b3bebf3f80f4705c2b3e9ae1bd95f9c103c819f99c7aaf28440b2793e594ecc3b85c1a43404ae28ff4fce831c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe

Filesize
184KB

MD5
62216f1d9e374cbba8d60ec0f3145bac

SHA1
f8dac60c287140459887a49e2ade81204e5c986d

SHA256
6abb200b07f84b2c4893f4614576e9ebab5bd5632bf3ef092033ccbc07004244

SHA512
2ce5db94b6a9c4de0b920f3280cac95958b2f7aa5f36409bc93eaf1a838bfb8eac9d8eed53a5fe05b39ca40e98f627bf32f1b929e0f90db3d9c9a226821bf80c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe

Filesize
184KB

MD5
82be5757b6d09b0dfbd1a19bc264e11a

SHA1
4fd27a3495b8abed1752d095e61cec7204902b5e

SHA256
d1c61b0396ac7a0bed1bd041d8ed43d15e2b46a3ca0acb28ea9121cf4ebc7449

SHA512
d8214ba9353f08cbef790fa6c1534e0054b40153d544da9202525bcf3b10813f721e1fb6204b8e3f94f207d3873acbdcf06acb1ad065f05411e61614cd6c5037

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe

Filesize
184KB

MD5
45224727337f8affd6cdd13987bf3ba2

SHA1
96ccdce0a922b22f4e43ee04fb67f25dbf26530c

SHA256
d1359bcb77248396c96e59352e48058065cdd6c054de22356251352bbb207e99

SHA512
53751562bc943f17169f1ce6e128691208449973c88f38424ba57030c9d05f03a43570b0671bf63d5ee9b2a11829ef960eb3509ac4c8ce3c64a02395475fc3ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe

Filesize
184KB

MD5
a90d644c5af9e02190a13bdf9ff063c5

SHA1
0beacff95c05d3c4f53021458e6c5e248d9225e2

SHA256
8c3ede6651f7b0697340e74b724ff74b135131897d6ed6db870f705c5465695f

SHA512
881c61470a09a226cf668b11e0c997aa21b47633003cd9553a0ae9f9115f6c04b81de9dfe730aea8f5f2fa6dd75d52e630bdbdd10a379bf1e3c2f989aefffd64

Download Submit
memory/2836-292-0x0000000002830000-0x000000000298C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads