6128ef738e8c71418cea9a4975930ae7ea66303530b6692a35c2283320b2a3d1

Analysis

max time kernel
112s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
Size

184KB
MD5

f28a38d2a1a3c21f48120f3fb9145bbf
SHA1

ba21660edb08a3be7a6541f4fefd28d552a808aa
SHA256

6128ef738e8c71418cea9a4975930ae7ea66303530b6692a35c2283320b2a3d1
SHA512

e54e93c94172d787fd850fc3cc8e317fc7bdd3c69455f5120b446b2400f2062aa789d492b07dd7dd388fb52e1331fb5ae37ad34e3d746ad045d6c42e3bb599e3
SSDEEP

3072:wZnfoxAB4lfHnOjNM3+zvJ0LjIuMA6ln8KxvqPhZNlPvpFi:wZfozlHneMOzvJ4GNUNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1228	Unicorn-33079.exe
2116	Unicorn-41708.exe
3068	Unicorn-27833.exe
1712	Unicorn-47869.exe
2488	Unicorn-31341.exe
2724	Unicorn-10406.exe
2956	Unicorn-18996.exe
1820	Unicorn-31994.exe
308	Unicorn-1206.exe
2124	Unicorn-31610.exe
2844	Unicorn-51476.exe
2348	Unicorn-35083.exe
2804	Unicorn-8933.exe
640	Unicorn-28572.exe
2232	Unicorn-64774.exe
1872	Unicorn-44717.exe
2128	Unicorn-14696.exe
1008	Unicorn-45885.exe
1660	Unicorn-58884.exe
1112	Unicorn-48189.exe
328	Unicorn-11795.exe
1752	Unicorn-30016.exe
1360	Unicorn-42822.exe
1992	Unicorn-30701.exe
620	Unicorn-16176.exe
1804	Unicorn-49040.exe
968	Unicorn-12454.exe
320	Unicorn-50343.exe
1648	Unicorn-50343.exe
312	Unicorn-30477.exe
648	Unicorn-30477.exe
2192	Unicorn-65262.exe
1004	Unicorn-19591.exe
1528	Unicorn-19591.exe
1588	Unicorn-63996.exe
2920	Unicorn-18325.exe
3012	Unicorn-40892.exe
2592	Unicorn-31790.exe
1884	Unicorn-41992.exe
2520	Unicorn-41992.exe
1444	Unicorn-41992.exe
2996	Unicorn-41992.exe
2864	Unicorn-16009.exe
908	Unicorn-5998.exe
1736	Unicorn-22662.exe
3060	Unicorn-39299.exe
2488	Unicorn-6735.exe
588	Unicorn-59143.exe
824	Unicorn-13471.exe
1792	Unicorn-62480.exe
832	Unicorn-28656.exe
972	Unicorn-28006.exe
1600	Unicorn-47872.exe
1032	Unicorn-36689.exe
1828	Unicorn-36689.exe
3028	Unicorn-52449.exe
1256	Unicorn-32775.exe
1780	Unicorn-32391.exe
2928	Unicorn-35729.exe
912	Unicorn-35729.exe
1296	Unicorn-55438.exe
2564	Unicorn-5853.exe
2840	Unicorn-33709.exe
2784	Unicorn-52802.exe

Loads dropped DLL 64 IoCs

pid	Process
2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
1228	Unicorn-33079.exe
1228	Unicorn-33079.exe
2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
2116	Unicorn-41708.exe
2116	Unicorn-41708.exe
3068	Unicorn-27833.exe
3068	Unicorn-27833.exe
1228	Unicorn-33079.exe
1228	Unicorn-33079.exe
1712	Unicorn-47869.exe
1712	Unicorn-47869.exe
2116	Unicorn-41708.exe
2116	Unicorn-41708.exe
2488	Unicorn-31341.exe
2488	Unicorn-31341.exe
3068	Unicorn-27833.exe
3068	Unicorn-27833.exe
2724	Unicorn-10406.exe
2724	Unicorn-10406.exe
1820	Unicorn-31994.exe
1820	Unicorn-31994.exe
308	Unicorn-1206.exe
308	Unicorn-1206.exe
2488	Unicorn-31341.exe
2488	Unicorn-31341.exe
2124	Unicorn-31610.exe
2124	Unicorn-31610.exe
2724	Unicorn-10406.exe
2724	Unicorn-10406.exe
2844	Unicorn-51476.exe
2844	Unicorn-51476.exe
2348	Unicorn-35083.exe
2348	Unicorn-35083.exe
1820	Unicorn-31994.exe
1820	Unicorn-31994.exe
2804	Unicorn-8933.exe
2804	Unicorn-8933.exe
308	Unicorn-1206.exe
308	Unicorn-1206.exe
2128	Unicorn-14696.exe
2128	Unicorn-14696.exe
2844	Unicorn-51476.exe
2844	Unicorn-51476.exe
1872	Unicorn-44717.exe
1872	Unicorn-44717.exe
640	Unicorn-28572.exe
640	Unicorn-28572.exe
2232	Unicorn-64774.exe
2232	Unicorn-64774.exe
2124	Unicorn-31610.exe
2124	Unicorn-31610.exe
1112	Unicorn-48189.exe
1660	Unicorn-58884.exe
1660	Unicorn-58884.exe
1112	Unicorn-48189.exe
2348	Unicorn-35083.exe
2804	Unicorn-8933.exe
2348	Unicorn-35083.exe
2804	Unicorn-8933.exe
1872	Unicorn-44717.exe
1992	Unicorn-30701.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2184	1256	WerFault.exe	85

Suspicious use of SetWindowsHookEx 62 IoCs

pid	Process
2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
1228	Unicorn-33079.exe
3068	Unicorn-27833.exe
2116	Unicorn-41708.exe
1712	Unicorn-47869.exe
2488	Unicorn-31341.exe
2724	Unicorn-10406.exe
2956	Unicorn-18996.exe
1820	Unicorn-31994.exe
308	Unicorn-1206.exe
2124	Unicorn-31610.exe
2844	Unicorn-51476.exe
2348	Unicorn-35083.exe
2804	Unicorn-8933.exe
640	Unicorn-28572.exe
1872	Unicorn-44717.exe
2128	Unicorn-14696.exe
2232	Unicorn-64774.exe
1008	Unicorn-45885.exe
1660	Unicorn-58884.exe
1112	Unicorn-48189.exe
328	Unicorn-11795.exe
1752	Unicorn-30016.exe
1992	Unicorn-30701.exe
1804	Unicorn-49040.exe
1360	Unicorn-42822.exe
320	Unicorn-50343.exe
968	Unicorn-12454.exe
2192	Unicorn-65262.exe
1528	Unicorn-19591.exe
312	Unicorn-30477.exe
1648	Unicorn-50343.exe
648	Unicorn-30477.exe
1588	Unicorn-63996.exe
1004	Unicorn-19591.exe
2920	Unicorn-18325.exe
3012	Unicorn-40892.exe
2592	Unicorn-31790.exe
2864	Unicorn-16009.exe
1884	Unicorn-41992.exe
2520	Unicorn-41992.exe
2996	Unicorn-41992.exe
1444	Unicorn-41992.exe
908	Unicorn-5998.exe
1736	Unicorn-22662.exe
3060	Unicorn-39299.exe
2488	Unicorn-6735.exe
588	Unicorn-59143.exe
824	Unicorn-13471.exe
1792	Unicorn-62480.exe
832	Unicorn-28656.exe
972	Unicorn-28006.exe
1256	Unicorn-32775.exe
1828	Unicorn-36689.exe
1780	Unicorn-32391.exe
1032	Unicorn-36689.exe
1600	Unicorn-47872.exe
912	Unicorn-35729.exe
3028	Unicorn-52449.exe
2564	Unicorn-5853.exe
2928	Unicorn-35729.exe
1296	Unicorn-55438.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1228	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1228	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1228	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1228	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	28
PID 2276 wrote to memory of 2116	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2116	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2116	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	30
PID 2276 wrote to memory of 2116	2276	f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe	30
PID 1228 wrote to memory of 3068	1228	Unicorn-33079.exe	29
PID 1228 wrote to memory of 3068	1228	Unicorn-33079.exe	29
PID 1228 wrote to memory of 3068	1228	Unicorn-33079.exe	29
PID 1228 wrote to memory of 3068	1228	Unicorn-33079.exe	29
PID 2116 wrote to memory of 1712	2116	Unicorn-41708.exe	31
PID 2116 wrote to memory of 1712	2116	Unicorn-41708.exe	31
PID 2116 wrote to memory of 1712	2116	Unicorn-41708.exe	31
PID 2116 wrote to memory of 1712	2116	Unicorn-41708.exe	31
PID 3068 wrote to memory of 2488	3068	Unicorn-27833.exe	32
PID 3068 wrote to memory of 2488	3068	Unicorn-27833.exe	32
PID 3068 wrote to memory of 2488	3068	Unicorn-27833.exe	32
PID 3068 wrote to memory of 2488	3068	Unicorn-27833.exe	32
PID 1228 wrote to memory of 2724	1228	Unicorn-33079.exe	33
PID 1228 wrote to memory of 2724	1228	Unicorn-33079.exe	33
PID 1228 wrote to memory of 2724	1228	Unicorn-33079.exe	33
PID 1228 wrote to memory of 2724	1228	Unicorn-33079.exe	33
PID 1712 wrote to memory of 2956	1712	Unicorn-47869.exe	34
PID 1712 wrote to memory of 2956	1712	Unicorn-47869.exe	34
PID 1712 wrote to memory of 2956	1712	Unicorn-47869.exe	34
PID 1712 wrote to memory of 2956	1712	Unicorn-47869.exe	34
PID 2116 wrote to memory of 1820	2116	Unicorn-41708.exe	35
PID 2116 wrote to memory of 1820	2116	Unicorn-41708.exe	35
PID 2116 wrote to memory of 1820	2116	Unicorn-41708.exe	35
PID 2116 wrote to memory of 1820	2116	Unicorn-41708.exe	35
PID 2488 wrote to memory of 308	2488	Unicorn-31341.exe	36
PID 2488 wrote to memory of 308	2488	Unicorn-31341.exe	36
PID 2488 wrote to memory of 308	2488	Unicorn-31341.exe	36
PID 2488 wrote to memory of 308	2488	Unicorn-31341.exe	36
PID 3068 wrote to memory of 2124	3068	Unicorn-27833.exe	37
PID 3068 wrote to memory of 2124	3068	Unicorn-27833.exe	37
PID 3068 wrote to memory of 2124	3068	Unicorn-27833.exe	37
PID 3068 wrote to memory of 2124	3068	Unicorn-27833.exe	37
PID 2724 wrote to memory of 2844	2724	Unicorn-10406.exe	38
PID 2724 wrote to memory of 2844	2724	Unicorn-10406.exe	38
PID 2724 wrote to memory of 2844	2724	Unicorn-10406.exe	38
PID 2724 wrote to memory of 2844	2724	Unicorn-10406.exe	38
PID 1820 wrote to memory of 2348	1820	Unicorn-31994.exe	39
PID 1820 wrote to memory of 2348	1820	Unicorn-31994.exe	39
PID 1820 wrote to memory of 2348	1820	Unicorn-31994.exe	39
PID 1820 wrote to memory of 2348	1820	Unicorn-31994.exe	39
PID 308 wrote to memory of 2804	308	Unicorn-1206.exe	40
PID 308 wrote to memory of 2804	308	Unicorn-1206.exe	40
PID 308 wrote to memory of 2804	308	Unicorn-1206.exe	40
PID 308 wrote to memory of 2804	308	Unicorn-1206.exe	40
PID 2488 wrote to memory of 640	2488	Unicorn-31341.exe	41
PID 2488 wrote to memory of 640	2488	Unicorn-31341.exe	41
PID 2488 wrote to memory of 640	2488	Unicorn-31341.exe	41
PID 2488 wrote to memory of 640	2488	Unicorn-31341.exe	41
PID 2124 wrote to memory of 2232	2124	Unicorn-31610.exe	42
PID 2124 wrote to memory of 2232	2124	Unicorn-31610.exe	42
PID 2124 wrote to memory of 2232	2124	Unicorn-31610.exe	42
PID 2124 wrote to memory of 2232	2124	Unicorn-31610.exe	42
PID 2724 wrote to memory of 1872	2724	Unicorn-10406.exe	43
PID 2724 wrote to memory of 1872	2724	Unicorn-10406.exe	43
PID 2724 wrote to memory of 1872	2724	Unicorn-10406.exe	43
PID 2724 wrote to memory of 1872	2724	Unicorn-10406.exe	43

C:\Users\Admin\AppData\Local\Temp\f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f28a38d2a1a3c21f48120f3fb9145bbf_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        8⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
        6⤵
        Executes dropped EXE
        
        PID:620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        9⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        8⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 188
        8⤵
        Program crash
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        7⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        7⤵
        
        PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
        8⤵
        Executes dropped EXE
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        7⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        7⤵
        
        PID:1264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        7⤵
        
        PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe

Filesize
184KB

MD5
2473d2c461b807402d8dd63334620291

SHA1
1ce37702fc484ddcba7a55d0be142b69583a1379

SHA256
df6278c3b48cc8c83ef04d7cf66c3abc1d9cc96895a0a0a3f9c54aaa9f5cfc23

SHA512
3acaeb9b1c7e76df0809fa2f0fa685b36cf98a36dcc7511ef1ab2ff4bdfd4990d55548539dfc4c411ad87071909720889ee728a07c0e865a85a36675feb14ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe

Filesize
184KB

MD5
3f3d0f306b05fbfaa269d1e8b2737147

SHA1
1bb8cf3e359fb7622acbb531e23c2c56f2ad0e4b

SHA256
b26dbaa2455f78ed6c2dbf74f847445777cacdecc8a7878962843b8adcf88bd2

SHA512
6969aee81c7c52cf4678e5010607ba1b785e44e0f2b527a59e563a7f7c2b0597067151f7986f15f6964980ac722e3f109d8da5a58248a7941ef02a11566eb401

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe

Filesize
184KB

MD5
6013e9203ef2a06bba29b5f051f5a97d

SHA1
ef0890eb192af6595a29f84fa9ab7d24747917ae

SHA256
daffb58c98409129ac5a774a5d81b7c10410349ba25896707d5fd2a4aee29284

SHA512
17e2b8015999fc8153ea7f0eb226affca9bbe3cb20a0f6346e367c107b03c95bd940c7bcfcf472da7d2951e4819d44a42ade4a0ba4bdc910a8e5c07502c81d97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe

Filesize
184KB

MD5
7db96a6d842a7bce80096004ea0b2a5a

SHA1
29733d9e3982580021e2739315699a7e46117cb1

SHA256
3c1e8255545153831ccc6b3e00c88c57f76604140100e982727db57cef38187d

SHA512
9edcd0936a2db830eeec58fcba2ff4415d3cc8090ecb8c443ba317cacf3809cd20e919b49c805046ed2635a5cd923ac1b7b2de3a482509ca5a47de29727dabdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe

Filesize
184KB

MD5
ba838edbeabdb4e635035d2d16a30a6c

SHA1
acf388ffddeb4c4d612c9eaed6095114d6fa3074

SHA256
01e2bf8b45e9c480ffeb91a28b2bfdafc9daece37634439bb175f3e99d0af30b

SHA512
b1734c0252f72b824d56516a2377dfb51f47b070c6a258f9d218a452df6328b95807d2a203ca7494dcccac2579174b7dde3696901507ef067d1bef645f26319e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe

Filesize
184KB

MD5
ce8c1c5bb6d03c8256611782d52de7e5

SHA1
511dccc85c1ad838b9759b7a85b1441cc5d78545

SHA256
c71f80e62da420dad80421695897a6ef9c9e65e1ea7ff0fd0691f754f0035429

SHA512
f5e28f003ddfc2c4ac53ee761dbf3d0ed39bbcce263964c4819b3fdeb7bdb6cbde53f6b202be3da002f33e3e924498424cfc3e3b87d8cc0dd7a86f6797454852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe

Filesize
184KB

MD5
046f3c669da144dd92c48887c48e5a58

SHA1
4309e883ede0c234981d5db14d273acb273b3246

SHA256
177a85ec8a4574b1df2ac2a092378087d2a75832fbfced6bcd41c7c6a7ba1394

SHA512
246f39147d42950724ef2460780faf22d3d8cae17e09a517021c1f79c1e911d31037868b56eead2288387e58694997208ecb8111d964d4a840093bf14b7f9103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe

Filesize
184KB

MD5
be4971d32a56d40cc9e7373bd952c866

SHA1
de0e166849f250ceb88916ed7d79db6d0d0df31b

SHA256
ab11f6cc645949f778f861399339cc2ff929f3e9650b141c166466b25c69b1dc

SHA512
6fbcdb46e4a71bec21dbd9d3669efec2e377bb08465085bb15d96fbf99b9ce24e20e822f1940ecd9ca97a94be74053272036b1a04ca86b73068ef3a45120e106

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe

Filesize
184KB

MD5
608c87a2d41893ff94414714ff649f9c

SHA1
e00d3807404ce0353080c23766b57d5240bf4a27

SHA256
4d88d71c351c02d382eb279b24b051d2b850f507cbd3ed70ebe2ed68114aaf57

SHA512
66810ad5d65c2e53a75434ed01133d98c22bae63614eb052bf41ad33b890a2e20c1b0e7667078c666ab531d15d27abff499ce6d03c8d111daa678addc3e26ec6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe

Filesize
184KB

MD5
f14bf3d6ead77dc4b9c6584bed0b7e0c

SHA1
0f15315919feaac10e6b91f0999811cd77dedb8d

SHA256
58f9b972ed03c77726904bce7d1d3682653af1abeedb619b03ce9c96f513aeb9

SHA512
f255a50a280a16d5f5d36110485a7418ca7c35cca98919fb8278d80a2353546217095c24b44a91de401e254e4f3dc32c41dc8087141eeb67cce23912ac08ef19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe

Filesize
184KB

MD5
663b1c45090846139fbb6881c6539a71

SHA1
05ceb97ba3674f803fe3cfe203d56717de1d13c8

SHA256
50f81dc1c822544d0da0c2e8324342d8768e788ac7d4217dd9cfe825e6ef44f4

SHA512
4075d639e994d0fa3baeba61b921a20ce37138904d250965bc76a9e79d2edb2e58ecc60844c9507a2b538d2f2225a9b3791a19babdc458f7c8b8a317ff73223d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe

Filesize
184KB

MD5
8a136a7752d8beaa0ccdbaefae82079b

SHA1
dcb69c4b9f72bd4e0640967ab5af9eb7c92900de

SHA256
aadf6195f4500a573854bef1c3a5b09b0a8cb79a4a4e6f0ae2c392967f573ffc

SHA512
7517fbf6ef91c9c2efd3475fe1ac54eafdc031aa69bfec4cc4cc8d24ba3055638232781e072c85ee62c31e0fde6c8b67abb7e9fe080c5cf66011cc870e8d614e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe

Filesize
184KB

MD5
5f939a4dcdae2ac31b694a8f73482acc

SHA1
42269f715fed7d57b2a3a0294c918c879e981da9

SHA256
c7572db4ee70b56a13c00066d2fd84926290c96e341baccfe10f65727df3bbbc

SHA512
24141aba04c5f2311612f45312e70c14f79094e3815f5818269740a3147ae9ae02c15343943ee470977f8b0fe3fd95d01773a3f51ad456ab0f250f45b7c7eea5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe

Filesize
184KB

MD5
7be67f06f32e079e71a1fc6fc91b32fc

SHA1
e7263aaa642ffbb1f149370646cd220cef89dc13

SHA256
ea5622d506c72650c1a1f7adec4778c3c69ae75390c095c94de7fb133cf6c8e6

SHA512
8077b2c1bb77ee3671a642d699a90f76f1888eefbab2096c64a8758777f4a6452af3fcc00751e57f5f37b6f56ba0c8c285ae60ed7b638f410df9ad8ab7c0829a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe

Filesize
184KB

MD5
e2e703da4bc0ad21f3354b2a9cb29727

SHA1
ff16d485458af2dd9cee64f43585dd591421690c

SHA256
47a89a6e5fd9ed0ec3b9d01e77345a4e3b4d2d0ad6938d2dee306c32b8aa7fc2

SHA512
14e5a1d2f7ba8d2d652937571947987510b24b3db744f343783f98843af7cd83eb2667ae427f55bb8c702e6e07fb9cf6c196c9e2fb2855176753db6fd829dbc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe

Filesize
184KB

MD5
66464b7b9f7b5fbf77b7d626b87fa9a7

SHA1
59f6d31defa13ed65b411fc79341b3f83a690fb3

SHA256
7c6bd0ec9a5dd8a1eeb5f036b6c471a4c5b689dae31a335ad2ca8f0ef5fb5123

SHA512
02f3ac1e2cf50f1c0d37dfb782b1702a909358154826adaad7b94d8d60b42cc3d2131168e7f9858dd8761772343fc251aa9f315871d27b3b56dd8221be0b5a5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe

Filesize
184KB

MD5
fe6172bccd151a0af5a88ed25fa726a5

SHA1
7cb63891d8e7bc6034000f780b31dbbefc523c73

SHA256
36aa25715461e71126c36b5382164d4a44729d5605a7fdac8ff6e130504f942f

SHA512
51aa02b1333c7f4249b6cfa192420b425b17f4a4efb3289d4fb452876dac1802287e1c359d630e92ca2fae7b54fd60777b909ab62a20755496f15f7bbd27ea9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe

Filesize
184KB

MD5
51262b93bb0392e9297e9bd5eda5d870

SHA1
d71eab2f096af104154edd58f07604b8070b221d

SHA256
0ffd0eee88f94c36f028db4c6f7e104499677bf13e139d33cd7fca74753ad6df

SHA512
e627da197ba3403f5a3547556577012ade6869743ba6b0e265196597f9d49108596d58af3d1cbdc60db97501924c66aca6bc019b8b64a8a91a0732c91fcad619

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe

Filesize
184KB

MD5
a24f991c52390916475daf5e5f28f91c

SHA1
d1b52d8045c867318f76e3a9c6c710bdfe72f0cc

SHA256
d87b9f3bf7958922f1d93daba8eac980c32ac7be285713cee2247f5b0f77ba79

SHA512
5f2367ffc96d003b3ea34f8504c9e119bc7173b9d2bc34fec3ae7e16d1a41cad6b35fdadad96260bbaa4d9d126c70744fbfb495bf1ac054c67356e1ea0641017

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe

Filesize
184KB

MD5
e27ce02b7c18e236b9ac7589d111e866

SHA1
e3596ae2bc76666fb8aabedd38e121e946a9950f

SHA256
adf07577bdb4fd6bad50d85750313ab968971d8fd05b4b8cfdeae739bb534844

SHA512
69048c0ba8eb4636f95471b2d04ab816065b71045b965cad5e97fb0dd2ca15bac90d22efd028eb52e9a6e1209a635d63f56521c1dd245fd4f0813bea0844b219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe

Filesize
184KB

MD5
d773e7ba74ff517921b0669b88f177d8

SHA1
48283a6034cdfa5237899540b3bff7963e050aa0

SHA256
77b0f130712c4f9dd75b721fbfa029da9c50fd28aeb0af5497b3387361dbfda2

SHA512
18e83328b7e5a5d249f6ff836541cc3fbdebc12d21552ffb178598d86df8ae106a976d5b123951de3ba2fefcaae67f5940a9e43d98e9c939e791b41d54d2a152

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads