c130b81750174fd690046d60ebc9440be7ed3e378869053a9760419f9b1f357f

Analysis

max time kernel
126s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
Size

184KB
MD5

f5040722c78ccf93d0a2945ef4aade82
SHA1

81becf66da806172b01aeb86c7eac4e651c03942
SHA256

c130b81750174fd690046d60ebc9440be7ed3e378869053a9760419f9b1f357f
SHA512

1c4d4d25570f2b90fdd8be36d27388d02c4bbfe55ee630482312dda15fbeb7ddb904d0d802f3e85e6d9fb721d0b7ebfa615f683cfb6c0cc1ab63f9b92d5ecee3
SSDEEP

3072:tzSJoze9fYAxH9AhdTnm+8NjbDw6tHIV4v5x8AUgg6lPvpFp:tzsoI5xHsdbm+8XofD6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 53 IoCs

pid	Process
2364	Unicorn-25791.exe
2820	Unicorn-16724.exe
2688	Unicorn-52926.exe
2988	Unicorn-32029.exe
2572	Unicorn-48557.exe
2452	Unicorn-28691.exe
2588	Unicorn-40811.exe
2780	Unicorn-11668.exe
2612	Unicorn-60677.exe
2376	Unicorn-57340.exe
1744	Unicorn-44533.exe
2876	Unicorn-44222.exe
576	Unicorn-53822.exe
1160	Unicorn-11165.exe
1184	Unicorn-5197.exe
1700	Unicorn-25063.exe
2936	Unicorn-54398.exe
2248	Unicorn-26708.exe
2072	Unicorn-9795.exe
2024	Unicorn-802.exe
2148	Unicorn-46474.exe
1712	Unicorn-51840.exe
1556	Unicorn-39033.exe
548	Unicorn-4860.exe
2260	Unicorn-6718.exe
2980	Unicorn-6396.exe
2008	Unicorn-9349.exe
1684	Unicorn-52006.exe
884	Unicorn-38165.exe
2852	Unicorn-8830.exe
1932	Unicorn-39199.exe
2340	Unicorn-25167.exe
1228	Unicorn-46101.exe
2508	Unicorn-29573.exe
864	Unicorn-10776.exe
2676	Unicorn-9515.exe
2724	Unicorn-64741.exe
2804	Unicorn-29381.exe
2776	Unicorn-44876.exe
2476	Unicorn-62987.exe
1180	Unicorn-36318.exe
2444	Unicorn-56184.exe
2364	Unicorn-19271.exe
2640	Unicorn-39137.exe
1648	Unicorn-43325.exe
2188	Unicorn-42855.exe
2880	Unicorn-6498.exe
320	Unicorn-13557.exe
3052	Unicorn-48747.exe
1200	Unicorn-9377.exe
2128	Unicorn-9699.exe
2684	Unicorn-6010.exe
2808	Unicorn-54635.exe

Loads dropped DLL 64 IoCs

pid	Process
2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
2364	Unicorn-25791.exe
2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
2364	Unicorn-25791.exe
2820	Unicorn-16724.exe
2820	Unicorn-16724.exe
2688	Unicorn-52926.exe
2688	Unicorn-52926.exe
2364	Unicorn-25791.exe
2364	Unicorn-25791.exe
2688	Unicorn-52926.exe
2688	Unicorn-52926.exe
2572	Unicorn-48557.exe
2572	Unicorn-48557.exe
2988	Unicorn-32029.exe
2988	Unicorn-32029.exe
2820	Unicorn-16724.exe
2820	Unicorn-16724.exe
2452	Unicorn-28691.exe
2452	Unicorn-28691.exe
2588	Unicorn-40811.exe
2588	Unicorn-40811.exe
2780	Unicorn-11668.exe
2988	Unicorn-32029.exe
2988	Unicorn-32029.exe
2780	Unicorn-11668.exe
2452	Unicorn-28691.exe
2612	Unicorn-60677.exe
2452	Unicorn-28691.exe
2612	Unicorn-60677.exe
2572	Unicorn-48557.exe
2572	Unicorn-48557.exe
1744	Unicorn-44533.exe
1744	Unicorn-44533.exe
2376	Unicorn-57340.exe
2376	Unicorn-57340.exe
2588	Unicorn-40811.exe
2876	Unicorn-44222.exe
2588	Unicorn-40811.exe
2876	Unicorn-44222.exe
576	Unicorn-53822.exe
576	Unicorn-53822.exe
1160	Unicorn-11165.exe
1160	Unicorn-11165.exe
2780	Unicorn-11668.exe
2780	Unicorn-11668.exe
1700	Unicorn-25063.exe
1700	Unicorn-25063.exe
2612	Unicorn-60677.exe
2612	Unicorn-60677.exe
2248	Unicorn-26708.exe
2248	Unicorn-26708.exe
1744	Unicorn-44533.exe
1744	Unicorn-44533.exe
2072	Unicorn-9795.exe
2072	Unicorn-9795.exe
2376	Unicorn-57340.exe
2376	Unicorn-57340.exe
2936	Unicorn-54398.exe
1184	Unicorn-5197.exe
1184	Unicorn-5197.exe
2936	Unicorn-54398.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
2364	Unicorn-25791.exe
2820	Unicorn-16724.exe
2688	Unicorn-52926.exe
2988	Unicorn-32029.exe
2572	Unicorn-48557.exe
2452	Unicorn-28691.exe
2588	Unicorn-40811.exe
2780	Unicorn-11668.exe
2612	Unicorn-60677.exe
1744	Unicorn-44533.exe
2376	Unicorn-57340.exe
2876	Unicorn-44222.exe
1160	Unicorn-11165.exe
576	Unicorn-53822.exe
2936	Unicorn-54398.exe
1700	Unicorn-25063.exe
1184	Unicorn-5197.exe
2072	Unicorn-9795.exe
2248	Unicorn-26708.exe
2024	Unicorn-802.exe
2148	Unicorn-46474.exe
1712	Unicorn-51840.exe
1556	Unicorn-39033.exe
548	Unicorn-4860.exe
2260	Unicorn-6718.exe
2008	Unicorn-9349.exe
2980	Unicorn-6396.exe
1684	Unicorn-52006.exe
2852	Unicorn-8830.exe
1932	Unicorn-39199.exe
2676	Unicorn-9515.exe
2340	Unicorn-25167.exe
884	Unicorn-38165.exe
1228	Unicorn-46101.exe
2476	Unicorn-62987.exe
2640	Unicorn-39137.exe
2724	Unicorn-64741.exe
2804	Unicorn-29381.exe
2508	Unicorn-29573.exe
2444	Unicorn-56184.exe
2364	Unicorn-19271.exe
1180	Unicorn-36318.exe
2880	Unicorn-6498.exe
1648	Unicorn-43325.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2364	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2364	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2364	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2364	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2820	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	30
PID 2180 wrote to memory of 2820	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	30
PID 2180 wrote to memory of 2820	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	30
PID 2180 wrote to memory of 2820	2180	f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2688	2364	Unicorn-25791.exe	29
PID 2364 wrote to memory of 2688	2364	Unicorn-25791.exe	29
PID 2364 wrote to memory of 2688	2364	Unicorn-25791.exe	29
PID 2364 wrote to memory of 2688	2364	Unicorn-25791.exe	29
PID 2820 wrote to memory of 2988	2820	Unicorn-16724.exe	31
PID 2820 wrote to memory of 2988	2820	Unicorn-16724.exe	31
PID 2820 wrote to memory of 2988	2820	Unicorn-16724.exe	31
PID 2820 wrote to memory of 2988	2820	Unicorn-16724.exe	31
PID 2688 wrote to memory of 2572	2688	Unicorn-52926.exe	32
PID 2688 wrote to memory of 2572	2688	Unicorn-52926.exe	32
PID 2688 wrote to memory of 2572	2688	Unicorn-52926.exe	32
PID 2688 wrote to memory of 2572	2688	Unicorn-52926.exe	32
PID 2364 wrote to memory of 2452	2364	Unicorn-25791.exe	33
PID 2364 wrote to memory of 2452	2364	Unicorn-25791.exe	33
PID 2364 wrote to memory of 2452	2364	Unicorn-25791.exe	33
PID 2364 wrote to memory of 2452	2364	Unicorn-25791.exe	33
PID 2688 wrote to memory of 2588	2688	Unicorn-52926.exe	34
PID 2688 wrote to memory of 2588	2688	Unicorn-52926.exe	34
PID 2688 wrote to memory of 2588	2688	Unicorn-52926.exe	34
PID 2688 wrote to memory of 2588	2688	Unicorn-52926.exe	34
PID 2572 wrote to memory of 2612	2572	Unicorn-48557.exe	35
PID 2572 wrote to memory of 2612	2572	Unicorn-48557.exe	35
PID 2572 wrote to memory of 2612	2572	Unicorn-48557.exe	35
PID 2572 wrote to memory of 2612	2572	Unicorn-48557.exe	35
PID 2988 wrote to memory of 2780	2988	Unicorn-32029.exe	36
PID 2988 wrote to memory of 2780	2988	Unicorn-32029.exe	36
PID 2988 wrote to memory of 2780	2988	Unicorn-32029.exe	36
PID 2988 wrote to memory of 2780	2988	Unicorn-32029.exe	36
PID 2820 wrote to memory of 2376	2820	Unicorn-16724.exe	37
PID 2820 wrote to memory of 2376	2820	Unicorn-16724.exe	37
PID 2820 wrote to memory of 2376	2820	Unicorn-16724.exe	37
PID 2820 wrote to memory of 2376	2820	Unicorn-16724.exe	37
PID 2452 wrote to memory of 1744	2452	Unicorn-28691.exe	38
PID 2452 wrote to memory of 1744	2452	Unicorn-28691.exe	38
PID 2452 wrote to memory of 1744	2452	Unicorn-28691.exe	38
PID 2452 wrote to memory of 1744	2452	Unicorn-28691.exe	38
PID 2588 wrote to memory of 2876	2588	Unicorn-40811.exe	39
PID 2588 wrote to memory of 2876	2588	Unicorn-40811.exe	39
PID 2588 wrote to memory of 2876	2588	Unicorn-40811.exe	39
PID 2588 wrote to memory of 2876	2588	Unicorn-40811.exe	39
PID 2988 wrote to memory of 576	2988	Unicorn-32029.exe	41
PID 2988 wrote to memory of 576	2988	Unicorn-32029.exe	41
PID 2988 wrote to memory of 576	2988	Unicorn-32029.exe	41
PID 2988 wrote to memory of 576	2988	Unicorn-32029.exe	41
PID 2780 wrote to memory of 1160	2780	Unicorn-11668.exe	40
PID 2780 wrote to memory of 1160	2780	Unicorn-11668.exe	40
PID 2780 wrote to memory of 1160	2780	Unicorn-11668.exe	40
PID 2780 wrote to memory of 1160	2780	Unicorn-11668.exe	40
PID 2452 wrote to memory of 1184	2452	Unicorn-28691.exe	42
PID 2452 wrote to memory of 1184	2452	Unicorn-28691.exe	42
PID 2452 wrote to memory of 1184	2452	Unicorn-28691.exe	42
PID 2452 wrote to memory of 1184	2452	Unicorn-28691.exe	42
PID 2612 wrote to memory of 1700	2612	Unicorn-60677.exe	43
PID 2612 wrote to memory of 1700	2612	Unicorn-60677.exe	43
PID 2612 wrote to memory of 1700	2612	Unicorn-60677.exe	43
PID 2612 wrote to memory of 1700	2612	Unicorn-60677.exe	43

C:\Users\Admin\AppData\Local\Temp\f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f5040722c78ccf93d0a2945ef4aade82_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9699.exe
        9⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        7⤵
        Executes dropped EXE
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        7⤵
        
        PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
        6⤵
        Executes dropped EXE
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        7⤵
        Executes dropped EXE
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        8⤵
        
        PID:1480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        8⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        7⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        6⤵
        Executes dropped EXE
        
        PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        8⤵
        Executes dropped EXE
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        6⤵
        Executes dropped EXE
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        7⤵
        Executes dropped EXE
        
        PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        6⤵
        Executes dropped EXE
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        7⤵
        
        PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        6⤵
        
        PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe

Filesize
184KB

MD5
f14a293554119f141d7395f337de8973

SHA1
f675b61d817a2b0e2106b37965fb59dbe171ae3c

SHA256
b3aee4be00d17c59f8b72a9f34d4b200071b5e89d3fbcae2120c8d4251fac6d4

SHA512
682c0391ca92a4e680c5dceb9505863b134abfb26371926ffdff26ceb99362fc1e0171e31ae0e3e1d9743aef5c4cc353c6568af5f9f5d651a5775cf8b550fc3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe

Filesize
184KB

MD5
5e96ae2de5802974611c74ac3649598d

SHA1
d530881b45831979e1568566e19fe647661d267c

SHA256
8ce6d888fceb61750fb54fbc5b21641181c0c4227b7753c4fabbc80acaa88804

SHA512
74585d8fa8106295db05a86a279aeff36543d7528c5202caec3094537c5e34eaa43be7510d2f6c98ee8d952cb5f65a821b2f40cb3c3e59de2e1c2414f9e40e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe

Filesize
184KB

MD5
a97afd359c6da77766a4904cf3f90330

SHA1
0b76bbdc320ce81847745286e896d0f21ae0de68

SHA256
64dcf937f9b1f7c5efa77b9e4ea261e925f2d80bd5a3b527dbd76ed0c1484d62

SHA512
94c51c7020a1bfa0c81f1f9064678096973aa9e919767cc87ff73f85dcf7e5a29695e0f5aef422bdd16189b3b55cdee72879d4357774661187e2832e7a933a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe

Filesize
184KB

MD5
3d819fff961a3c5ac7fb7db827259323

SHA1
ce6e2ac53e4aec37a540080f3703f887c59aac8b

SHA256
0c9fcd66be78f31eb0ff9784a6c97950a59e0704f2a975f3a364538f775d221a

SHA512
99f3923275edea1afc8e153786de0c3b3f7bcdd95fc46a2d8507a0f503ee345caf4d890ddbc290a9c77dbbb6ad7f9daadd502ecbaa103368da79f8f06baa699b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe

Filesize
184KB

MD5
7df6f1db12ea01a1ec2b205ed0345e56

SHA1
0f4c623e12b68a7fa57baa9c245277f5d4a8cf13

SHA256
efd29681bf3d81d88a432ea95101b547732693d27fb6195f0442bdee3c777d36

SHA512
5171d48281d83e9ac8e596191d8fa10724423066a82fc2ada050441a4d1a6e04b4ac56b2b9c65a34cfbca8c4ca63a0f371418a663b1b82579afc5d969403c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe

Filesize
184KB

MD5
c1f03cc706b8a3e76ba8b354493fe3ae

SHA1
a14bfce665213e1f61cccf4e5cc51fb5c855c670

SHA256
d38c11f2c414e9d0d41222fd0cbb1eaf77ead83fc0df87860cdb2445722790b4

SHA512
23da646e2e1f1f0410f87ef09d9a43c06bfeaf8159bbb852ac32f58dfcbf05165d46ca0e925726bf2a0f55efcd4319558e164f5abfd964264d4e273d01dfb94f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe

Filesize
184KB

MD5
9516b03c766ed92b753a75e9a4aa7881

SHA1
a38faa4da01e03ec60ff2f4d0a203d728da98f92

SHA256
8cf9829410fdb59b978746d1105023afbb5233e790777afe29b9bd46fd2217a1

SHA512
648e310767709725501198627c7d1976e8aee4c936065f2ea5aa4dcdb0b684c6e1d513c87544ee9f052ad7c153661ece99efc258bcaf8a41cafb50b1f526e888

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6718.exe

Filesize
184KB

MD5
aab7e70cae007b64ece7173c6e4b4360

SHA1
ce85337e78f02df1bb0db6cf0acbf99ee3df495d

SHA256
8530d173fe98370dd34b4ce9189d601a5095dbee0114ff6e0da01ee8db043587

SHA512
d48ed6fabfb7124780487f307e1845101d398ba7b4a46c611107437f51b6b4ef0bebc2a9a750df277c8ac1c90427fa0a501d792624fa127bd831ccd8f6983a7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe

Filesize
184KB

MD5
f04d615892fa32229190c8af6af6faa1

SHA1
0d161d51878417bd5ac5726792566ce3785a5b5c

SHA256
2d436051f74c5ca6fb35cfd997318794e9066e58f6717f123659c7bfd0bc44b6

SHA512
409b8101f734e9d28a5df45bb82eebdfe4767c626b52eb9a5573d7591fa0d136e6520ca8abcdb5bc89e7f0f5ec88e83cf329a274a2ff28b531a2a3cafdff43d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe

Filesize
184KB

MD5
73e18a4617d376890f843623dd466dcf

SHA1
a464b25a68c55cfedeb7c4e25692fc6aa43987be

SHA256
8f6f7a4d40b1112f7c7ede4ef7de5fa20792cd03e54b09d544dbb98c51230cb6

SHA512
ef70321f55daba97405effe59c3b31a88d22d3716c577a7eeb8f7b42799d6d38fe2fb682c59c90b558b3658b0c0f496a21d4bf2e400ad61d8ade97670101b5b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe

Filesize
184KB

MD5
48574018c438fb46422b3c34daed2f46

SHA1
a7bf3ab23186335e2e96169faf76724bdd5cdc6f

SHA256
e43d6971dddd3d1d68f76ed2d3671a50e92491e31bde426ce449e9271d618c4b

SHA512
3a58c2219b8832eac63164ff412ffb5a8c2e77c78b18692d8cbce0825cf93d25097f924358a9c9f19aad59a190a9e2a458da7ecb4718308c4aa53e26da7c5a5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe

Filesize
184KB

MD5
f98d04d7a2c1874d7b6147d601aa33da

SHA1
15de58a5c1f6c711f932977269af3645bf9a821e

SHA256
95b32831a9b70692b8b8087b588cca14f94f40f6715b8309eaecb84a3aa1a4bc

SHA512
f723b96d343d05e47698537e60f3a6c6fb6a070b5c679200024dfb73eaa8a6f74f48e32f5383ee55d078a74988fc7c1ffd8d302629c45baf1b905a2de7984ddf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe

Filesize
184KB

MD5
16366d60bb2473291ce87495e234df39

SHA1
3fa93a58bf9e0110f4da3f054d4e211bd5cd3331

SHA256
8e0846bfcb30776b32013f56726c0fddb531e96a606fd7c8e93ff194f089c557

SHA512
12fca08765c93aef7a551ea550548959926c89cc412fe80944554d21d011ef171414a2664da3614d33edcddfc5f17b49853d77f31aff7d652f992920cf928f76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe

Filesize
184KB

MD5
f338d207ae73a86ec794005e1da15b61

SHA1
723afd2afacb49c2e70476939faa0f20a7d6aaf6

SHA256
376ada51464a3e522260e9af088e20850236956417c4087b68d0bbc9e59bf4fc

SHA512
a919fac0137891bfe1a22c089ac3e9803206a86cedbd02f5293068f468c9fba44ac0e9fd29a653feed28721817386ac03c0c484ecd9a0badba6659c093944be2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe

Filesize
184KB

MD5
b66bb92735a50d5f37453e2d62ff3f94

SHA1
463b6bd79af079d674293f4ebe9bf5b13665fb47

SHA256
2e91100346a57a759838c3882ffc14c19c1c01f3174fdc6b880cb8f1fa3a7ff4

SHA512
9082698c883eecce42e207ffc24e4ac8d4dd21ea82bca160c9090edd5b123d87f3445f406a709bafa624e48f226766901e78c51b134c4eb90bd455022f306e1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe

Filesize
184KB

MD5
5884ff16a00d0392a482291f0556d495

SHA1
004976f7fe83472abe73d6c27c68484272f28f2e

SHA256
f3cb612ec641792f1afe38a35f9a3396cc7cdb9b8c4b2acfdc6866c6ea968e4c

SHA512
5c75266318944cb6ec914fb6296cf19a4ac4fa011e8b8993092c5c97b89c5d217c57be2be030fc347b454f8afce95bd49959a44ae2448b7ea20a4276434e6e0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe

Filesize
184KB

MD5
13cda6a26cf15f5494984efd5b5a662d

SHA1
2f4af8419ed2531c6be9a76743ba81f14e1e08a5

SHA256
6d20e73e7269976e569c55c9799ad9083beb553ed4c6e459145163fe15ed906c

SHA512
718bacdf0971ef31fcce7b034092510aaad58dc650caf7a4399a99c80455cdf5aaa7ee84f2effc8291609e2d09a56b1435e4e601583e36ab1863af19cbd2ed34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe

Filesize
184KB

MD5
93d33eff46e66767c21953375cbae8ea

SHA1
b58406ab67fa462b135841cc51ac01dc93a9a19c

SHA256
b15e9fd6ddcd28f5e22849debd43290150375a206e40245c89183be111a6b67e

SHA512
9dd3a5f62a5e37e9e0b725cb04bcee12e173a2539cb2c54d6ce0355bb622690c61f77a8dfbeb367a6a5178e939696fd43884d39ef7f3ff4014bbf46b025cf4fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe

Filesize
184KB

MD5
9ae3ddcbfa3879924969e5da9474864e

SHA1
6aa39a5074409960118cc908ef57c2c5f89940aa

SHA256
fa9d49286c7789ce1bef181780ed263969530a65b5a752260601ad82e63dc3cd

SHA512
507ca6740a0027dba53ed6164ac4a788a7150e08f93025fd603126598d1d828ff83e5024a54df966008f4985fefb85c6f65d1cfb6163c69a66e8d547fbab42ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe

Filesize
184KB

MD5
1adc3ecef579b7846013dc47fb1c9d1f

SHA1
b4edf4270632b83e374cdbe3cda9bfd2e5c9e346

SHA256
49a1f872095741dbb8cf92cbcd45bd90b356d19951f38812eb02e68cf3e2e6de

SHA512
96e52b84489cfd83a7305066e2cf7a2e1bf154b74c18190991519b984005cf3e4b74ac223f80579b6c30febbc58f2f3bfd5c076609868c6db5715f6035ca54bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe

Filesize
184KB

MD5
5170d20d92d71584a8350999be794163

SHA1
99b25c9c659a7f4bd8bdfe7a02c9f75d91ce2e9b

SHA256
ef6813eec4a47698f12f781c1c846978e369823dc95cbc6cd2019abe56d95908

SHA512
36403de96a26bc87d37dfa2a039f1f09ab5917dfeec2136669963e4e58cf67cd8a4a3add16092e5cecbb834120f41b2618125a46fa6941136b2364b65d1adcae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads