4822699db2a2015dbf84004b283c66843e2b883160d15d4dafc305a612e0d35a

Analysis

max time kernel
107s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 23:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
Size

184KB
MD5

f8f6a374f3f9457da49850e3eac8a09c
SHA1

931631ab88e0e539a9e89fa700385d778de29291
SHA256

4822699db2a2015dbf84004b283c66843e2b883160d15d4dafc305a612e0d35a
SHA512

f50d3f594a9e7f72604f2d2624fe4ed9bdcc07723e2eed6c408a77b000a41675eceed972eee6b348e4a4bfe7a3844cb206615e2cccf2c77a4af293993ffd358b
SSDEEP

3072:BeHHoceAKAkbOj/dTIcozFbObO6NiZIjRYx8kPlO7lPdpFx:BenoU/kbEdMcozjOtt7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 56 IoCs

pid	Process
1640	Unicorn-43375.exe
2172	Unicorn-26053.exe
2196	Unicorn-54319.exe
2668	Unicorn-34112.exe
2652	Unicorn-38196.exe
2440	Unicorn-57225.exe
2424	Unicorn-60837.exe
2672	Unicorn-45248.exe
2068	Unicorn-38471.exe
2728	Unicorn-15913.exe
960	Unicorn-131.exe
1624	Unicorn-8896.exe
2208	Unicorn-23841.exe
632	Unicorn-21149.exe
2492	Unicorn-56499.exe
2072	Unicorn-58123.exe
1988	Unicorn-16536.exe
1104	Unicorn-59514.exe
656	Unicorn-39648.exe
1424	Unicorn-23334.exe
2124	Unicorn-15720.exe
1772	Unicorn-40246.exe
1520	Unicorn-9519.exe
1868	Unicorn-36716.exe
1316	Unicorn-32078.exe
300	Unicorn-40054.exe
2328	Unicorn-18242.exe
2904	Unicorn-38108.exe
2388	Unicorn-9327.exe
2924	Unicorn-50443.exe
888	Unicorn-50443.exe
2792	Unicorn-50443.exe
940	Unicorn-30577.exe
2892	Unicorn-30577.exe
2484	Unicorn-58907.exe
2660	Unicorn-30210.exe
2368	Unicorn-62218.exe
1452	Unicorn-2602.exe
852	Unicorn-2602.exe
1408	Unicorn-16259.exe
1992	Unicorn-306.exe
580	Unicorn-43451.exe
448	Unicorn-48132.exe
1860	Unicorn-7566.exe
552	Unicorn-34401.exe
3012	Unicorn-7457.exe
1752	Unicorn-30400.exe
948	Unicorn-51012.exe
2636	Unicorn-63264.exe
2756	Unicorn-45366.exe
2308	Unicorn-49450.exe
2720	Unicorn-249.exe
1512	Unicorn-8417.exe
980	Unicorn-37198.exe
1808	Unicorn-37198.exe
2688	Unicorn-51588.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
1640	Unicorn-43375.exe
1640	Unicorn-43375.exe
2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
2196	Unicorn-54319.exe
2196	Unicorn-54319.exe
2172	Unicorn-26053.exe
2172	Unicorn-26053.exe
1640	Unicorn-43375.exe
1640	Unicorn-43375.exe
2668	Unicorn-34112.exe
2668	Unicorn-34112.exe
2196	Unicorn-54319.exe
2196	Unicorn-54319.exe
2440	Unicorn-57225.exe
2440	Unicorn-57225.exe
2652	Unicorn-38196.exe
2652	Unicorn-38196.exe
2172	Unicorn-26053.exe
2172	Unicorn-26053.exe
2424	Unicorn-60837.exe
2424	Unicorn-60837.exe
2668	Unicorn-34112.exe
2668	Unicorn-34112.exe
2672	Unicorn-45248.exe
2672	Unicorn-45248.exe
2728	Unicorn-15913.exe
2728	Unicorn-15913.exe
2652	Unicorn-38196.exe
2652	Unicorn-38196.exe
2068	Unicorn-38471.exe
2068	Unicorn-38471.exe
960	Unicorn-131.exe
960	Unicorn-131.exe
2440	Unicorn-57225.exe
2440	Unicorn-57225.exe
1624	Unicorn-8896.exe
1624	Unicorn-8896.exe
2424	Unicorn-60837.exe
2424	Unicorn-60837.exe
2208	Unicorn-23841.exe
2208	Unicorn-23841.exe
632	Unicorn-21149.exe
632	Unicorn-21149.exe
2672	Unicorn-45248.exe
2672	Unicorn-45248.exe
1988	Unicorn-16536.exe
1988	Unicorn-16536.exe
1104	Unicorn-59514.exe
1104	Unicorn-59514.exe
2068	Unicorn-38471.exe
2068	Unicorn-38471.exe
656	Unicorn-39648.exe
656	Unicorn-39648.exe
2072	Unicorn-58123.exe
2072	Unicorn-58123.exe
1868	Unicorn-36716.exe
2208	Unicorn-23841.exe
1772	Unicorn-40246.exe
1624	Unicorn-8896.exe
1868	Unicorn-36716.exe
2208	Unicorn-23841.exe

Suspicious use of SetWindowsHookEx 52 IoCs

pid	Process
2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
1640	Unicorn-43375.exe
2172	Unicorn-26053.exe
2196	Unicorn-54319.exe
2668	Unicorn-34112.exe
2440	Unicorn-57225.exe
2652	Unicorn-38196.exe
2424	Unicorn-60837.exe
2672	Unicorn-45248.exe
2068	Unicorn-38471.exe
2728	Unicorn-15913.exe
960	Unicorn-131.exe
1624	Unicorn-8896.exe
2208	Unicorn-23841.exe
632	Unicorn-21149.exe
2492	Unicorn-56499.exe
1988	Unicorn-16536.exe
2072	Unicorn-58123.exe
1104	Unicorn-59514.exe
656	Unicorn-39648.exe
1424	Unicorn-23334.exe
2124	Unicorn-15720.exe
1772	Unicorn-40246.exe
1520	Unicorn-9519.exe
1868	Unicorn-36716.exe
300	Unicorn-40054.exe
2904	Unicorn-38108.exe
2924	Unicorn-50443.exe
888	Unicorn-50443.exe
2388	Unicorn-9327.exe
2328	Unicorn-18242.exe
940	Unicorn-30577.exe
2892	Unicorn-30577.exe
2660	Unicorn-30210.exe
2484	Unicorn-58907.exe
2368	Unicorn-62218.exe
2908	Unicorn-14340.exe
1452	Unicorn-2602.exe
1992	Unicorn-306.exe
448	Unicorn-48132.exe
852	Unicorn-2602.exe
1408	Unicorn-16259.exe
580	Unicorn-43451.exe
1316	Unicorn-32078.exe
1860	Unicorn-7566.exe
552	Unicorn-34401.exe
3012	Unicorn-7457.exe
1752	Unicorn-30400.exe
948	Unicorn-51012.exe
2636	Unicorn-63264.exe
2756	Unicorn-45366.exe
2308	Unicorn-49450.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1640	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	28
PID 2076 wrote to memory of 1640	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	28
PID 2076 wrote to memory of 1640	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	28
PID 2076 wrote to memory of 1640	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	28
PID 1640 wrote to memory of 2172	1640	Unicorn-43375.exe	29
PID 1640 wrote to memory of 2172	1640	Unicorn-43375.exe	29
PID 1640 wrote to memory of 2172	1640	Unicorn-43375.exe	29
PID 1640 wrote to memory of 2172	1640	Unicorn-43375.exe	29
PID 2076 wrote to memory of 2196	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	30
PID 2076 wrote to memory of 2196	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	30
PID 2076 wrote to memory of 2196	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	30
PID 2076 wrote to memory of 2196	2076	f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2668	2196	Unicorn-54319.exe	31
PID 2196 wrote to memory of 2668	2196	Unicorn-54319.exe	31
PID 2196 wrote to memory of 2668	2196	Unicorn-54319.exe	31
PID 2196 wrote to memory of 2668	2196	Unicorn-54319.exe	31
PID 2172 wrote to memory of 2652	2172	Unicorn-26053.exe	32
PID 2172 wrote to memory of 2652	2172	Unicorn-26053.exe	32
PID 2172 wrote to memory of 2652	2172	Unicorn-26053.exe	32
PID 2172 wrote to memory of 2652	2172	Unicorn-26053.exe	32
PID 1640 wrote to memory of 2440	1640	Unicorn-43375.exe	33
PID 1640 wrote to memory of 2440	1640	Unicorn-43375.exe	33
PID 1640 wrote to memory of 2440	1640	Unicorn-43375.exe	33
PID 1640 wrote to memory of 2440	1640	Unicorn-43375.exe	33
PID 2668 wrote to memory of 2424	2668	Unicorn-34112.exe	34
PID 2668 wrote to memory of 2424	2668	Unicorn-34112.exe	34
PID 2668 wrote to memory of 2424	2668	Unicorn-34112.exe	34
PID 2668 wrote to memory of 2424	2668	Unicorn-34112.exe	34
PID 2196 wrote to memory of 2672	2196	Unicorn-54319.exe	35
PID 2196 wrote to memory of 2672	2196	Unicorn-54319.exe	35
PID 2196 wrote to memory of 2672	2196	Unicorn-54319.exe	35
PID 2196 wrote to memory of 2672	2196	Unicorn-54319.exe	35
PID 2440 wrote to memory of 2068	2440	Unicorn-57225.exe	36
PID 2440 wrote to memory of 2068	2440	Unicorn-57225.exe	36
PID 2440 wrote to memory of 2068	2440	Unicorn-57225.exe	36
PID 2440 wrote to memory of 2068	2440	Unicorn-57225.exe	36
PID 2652 wrote to memory of 2728	2652	Unicorn-38196.exe	37
PID 2652 wrote to memory of 2728	2652	Unicorn-38196.exe	37
PID 2652 wrote to memory of 2728	2652	Unicorn-38196.exe	37
PID 2652 wrote to memory of 2728	2652	Unicorn-38196.exe	37
PID 2172 wrote to memory of 960	2172	Unicorn-26053.exe	38
PID 2172 wrote to memory of 960	2172	Unicorn-26053.exe	38
PID 2172 wrote to memory of 960	2172	Unicorn-26053.exe	38
PID 2172 wrote to memory of 960	2172	Unicorn-26053.exe	38
PID 2424 wrote to memory of 1624	2424	Unicorn-60837.exe	39
PID 2424 wrote to memory of 1624	2424	Unicorn-60837.exe	39
PID 2424 wrote to memory of 1624	2424	Unicorn-60837.exe	39
PID 2424 wrote to memory of 1624	2424	Unicorn-60837.exe	39
PID 2668 wrote to memory of 2208	2668	Unicorn-34112.exe	40
PID 2668 wrote to memory of 2208	2668	Unicorn-34112.exe	40
PID 2668 wrote to memory of 2208	2668	Unicorn-34112.exe	40
PID 2668 wrote to memory of 2208	2668	Unicorn-34112.exe	40
PID 2672 wrote to memory of 632	2672	Unicorn-45248.exe	41
PID 2672 wrote to memory of 632	2672	Unicorn-45248.exe	41
PID 2672 wrote to memory of 632	2672	Unicorn-45248.exe	41
PID 2672 wrote to memory of 632	2672	Unicorn-45248.exe	41
PID 2728 wrote to memory of 2492	2728	Unicorn-15913.exe	42
PID 2728 wrote to memory of 2492	2728	Unicorn-15913.exe	42
PID 2728 wrote to memory of 2492	2728	Unicorn-15913.exe	42
PID 2728 wrote to memory of 2492	2728	Unicorn-15913.exe	42
PID 2652 wrote to memory of 2072	2652	Unicorn-38196.exe	43
PID 2652 wrote to memory of 2072	2652	Unicorn-38196.exe	43
PID 2652 wrote to memory of 2072	2652	Unicorn-38196.exe	43
PID 2652 wrote to memory of 2072	2652	Unicorn-38196.exe	43

C:\Users\Admin\AppData\Local\Temp\f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f8f6a374f3f9457da49850e3eac8a09c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43375.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        7⤵
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        8⤵
        Executes dropped EXE
        
        PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        8⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        7⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        6⤵
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        7⤵
        
        PID:2728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        7⤵
        Executes dropped EXE
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        9⤵
        Executes dropped EXE
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        7⤵
        Executes dropped EXE
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
        7⤵
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        9⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        7⤵
        Executes dropped EXE
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        6⤵
        
        PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        9⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        9⤵
        
        PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58879.exe
        8⤵
        
        PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe

Filesize
184KB

MD5
d3c6d7b85b0a0d17a364eddccfbf1c40

SHA1
dceaa0495e548c7d25e064a1282d6ae8423bcc87

SHA256
bf2ad6159960ef31cd197f6280360a0f10245d56ee9f0e5a0d3643b5cdb855c1

SHA512
8298d2f13148fe9706dae0941dde2734d9144f0555a5c067eec4280073e6926f13a8427e0d38c22ebc2159d8bf8ca970ed57f1e29eaaa0373bdab48d883f575f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe

Filesize
184KB

MD5
26c889e8eb0b08ff1c4f5b3846864fa9

SHA1
12df0c6f9bc44bd9dd2d38a11962185137da5d12

SHA256
edc85ab934506aaa4c01e07325f63b6c3a3dc97b5e89ac36f706fc8b8e6f747e

SHA512
5f5d8fc710685687a29cd92ffa1d6472bbad05baf655b0fe2e31039980f9b1c1692cf8e3079a3c4a11e780511e19387f49957e0072a6a9c571f469f158c8c528

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe

Filesize
184KB

MD5
9f2176f4cd5a47d3a83b83aff6e380e7

SHA1
4aeb4a40e02c92362bcf7d1bcf9243c2e42b706a

SHA256
aec59f52b0ca21b630f7b05f1e4f3f5c2909229f4516e9ddca9ef2b464adddff

SHA512
a912545652d22802ee8c82b42987f0ef05cabbef05aea28a2d12451748af2fb3b3cf4bcd562d821095518a946e6432a65dca338202a5aedc936e116872172c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39648.exe

Filesize
184KB

MD5
3c31e2557cd44089694a04ff5ac030ab

SHA1
5af4c21cb7a256c7c422f053bd2e8d1f8b224efa

SHA256
54493219306c856cabde52b198f87c47d239a073825dd685f6080cee348ffd6a

SHA512
e38bc1f69dd7f514411e1fdc5507d4d5fa5c9c95d0135b092d275870eb3e44715e81e38729c453c55e753c1212c09c5fef814438395da464df8a2fc194487d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe

Filesize
184KB

MD5
32f92e201344a8d49debaffa8adac64c

SHA1
21916d3a6204bce42d9d0a61e0854834a974e9ed

SHA256
9cee8401563966252aa614d46cd6743768e2ea7bd61e9ee75b7bc0da660c0ddc

SHA512
4752a1bafde4e755cfd7ca8e5be385fff2add6ade1f372d6c121a440dacaf43e8ecd7e3062fe7520a622034d710b5af4505020377c0afab16c325a1e4159992a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe

Filesize
184KB

MD5
ec8ea1ec0eab482685375611ab3b764e

SHA1
f602c414b686db504622a2fa6f9486e1a6d5f6c9

SHA256
366f52ace6c9661a6858d8f39e5e45b4beb8187607951d2bf0ed6f8b16cc4510

SHA512
d6f3b8070c1ce037fda161d9a174d9a25d772a5930555847038500c3953d0efac953cb59e785a94e9437d2382794d58c97391a194f0a6a4dffe1e1a3f1a179b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-131.exe

Filesize
184KB

MD5
c6d9e9d7104dbda0e6825da955c8a79c

SHA1
af57be0c4596c85e4da01a7aa337aa2521549e70

SHA256
64076d6b3498de2f149a089a12009a2bd7b541ffe69789fba8bd2896efb910de

SHA512
d0a516e49d6a9b3e5bbc89a6119ab5b62f8a05d5da43296e562c6e7f173063ad91bcdc7fedc896fd367e70fb975317ca12d46e665772821dea5272c7d8259516

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe

Filesize
184KB

MD5
f73b0fd56cbb6abef7985a89253fa48c

SHA1
e2a741f0a28845e775411bdf9f827ed3fe8c49b2

SHA256
41dc3ecbd5e64f03b81ef9e6e597f26bacd23f28301fc65353b6c5ca31f524f2

SHA512
e8ecbe25bd588fcd1f40528f168c5be2bc46755117d7791dfe4f7de6881f95d9519fbf8f54446b2224e0a9da5951664ba25c1d1928723235271ddfe00afa78e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe

Filesize
184KB

MD5
5bb963821ef1d6d6d756c126b8b55b1a

SHA1
21147d99e86415d244d155f3d84ab33ea03e8813

SHA256
d57417bb6be5477a6479533585f5dfb71620f791f852395a057d8f6e64f77f44

SHA512
37e56f9536d1d4b09c2843f9adb0f4c6ca2d199d1fdcb67f853320a18483442db192c63fc3bcfdaf113b589332572bcdbc07ab47a550063f26bd495650cff3ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe

Filesize
184KB

MD5
c34b8e662cac0b782be3b5641d347fdf

SHA1
96e7dd20bc3f8f3ce82bad1d0b5954f597891abe

SHA256
55eb96ec55bb7462a573e2c9f7dd36b092b593d01378b086574736cba42a1ec4

SHA512
5ab35ea8766c38faf0083835ad4967c0b1837c6f6a924152f87f7b5c26625b1225ea87c73f670e3170f9b2247204da1889ce4ae6690a995eb0eff105fc7a23f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe

Filesize
184KB

MD5
f444adf2dce23a8a60d0b16f4e69f817

SHA1
dcef1d553ef8fb5142c608f8620ecabe90a4707e

SHA256
3a57f05181f2b39fbbead2cef7a25ea312e26f4fdf5021fad81041655e27b533

SHA512
5bf75e25bcedbca09defdc7a17115e68bdb4ea61e424391398433997c09f260cb6bdca86a2038230e86383eb2fd2736e5343d5042be085d695d56d7efc4da2ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe

Filesize
184KB

MD5
29b1919d6f0f593de39c05c2455539b3

SHA1
bfd04727e932125dbeef95df1d293568ca540e06

SHA256
74fcce0a7ab39b34944d2e61b0d6ea0b1f23475d588d067b9d6fbbd3487efac8

SHA512
b69a3f83f4d5b5410b3caf8109ec1e13195d1b330d1d8820de37c184c70d6daabd36015f2c787b666e4f28932008aa4d9ef7a6e57337baf2bb6af054716f394f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43375.exe

Filesize
184KB

MD5
082317b5832f82c521003e7e2d2f87cb

SHA1
031adc9c634ee271c39196e1bd77a700004bcb47

SHA256
3691a67cefc9e675eff6c8cdedef9d445c4e146ab35ffbf86f2931d91f738677

SHA512
b2f34c1da4d27824fe4b99f97f89a0ffbc5089755721ccb6cde6f5b82945cf6df469666c05e1160f2809e4d92203e841e1a596ccbeeb29742adab4e96836bd8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe

Filesize
184KB

MD5
ba8fbab7c2969dc6dcd5781212390e10

SHA1
c429f6dad63fc50b1bd8b2f3ff4b5b07c9fcf83c

SHA256
f335aaaf281a74e882cf4977537c1101ed558af152fee87780e5529697ba3d0c

SHA512
0ac2358df75b74c7e8e3f2df8a9d480dfec49c4f6d41a0173bc4f00f50bcdddbbcbe00cf88a5925fbec51dd331f5fe6bf5fb6532796618a97a5ab9cdcd50e829

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe

Filesize
184KB

MD5
3caa897f8e4c4e2941acfa056aaeb4dd

SHA1
72fc3069e813d9b23ffbfa6e0d87728be0aa5567

SHA256
10b9797a6b612444f750f29fc3e624f4b4fb7b2448bde272eaa19718ea5f6e87

SHA512
1a2bf1ff52d40854f90a6dee90df657298de951a1ab048d3bdfd92de015eaa955d0a1d7464798112720425d0a944a587b6394923583d472c23373f4217d3ed1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe

Filesize
184KB

MD5
0bb68eec569d1312b7210fb6584c5973

SHA1
8d26f110d8110116dbf022f8b9cd26c90cf449c4

SHA256
05d652d4cc3eba4f1fd967a10a0547ec9274fab361f58b33dbf403e2dc7a1922

SHA512
81e5b32676f1ae0de08ed1a3167f94a5dbee2a0a7a6b5608d29eeed048051cfa68f7b8ba986af7caa80fbf80804e11a3e4e804cf207f8e1643624711aa237c0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe

Filesize
184KB

MD5
9dfff48e85854bd7d6449c6a6f9aea15

SHA1
d09176977c5bd61e6f491bd4b56f505c9a927035

SHA256
d5d9a8db770e5959bed73e8f1113e07534c9b0e417b40fd9f7f9966642f58b01

SHA512
0bdc8385546e650cbf44d3575ac110442e4d24466bfdb58cbf687bbd13e2cb2fdee8705cc086dfa0f921b36fee06d526aca8d9253408371ce1e2d6db15305efd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe

Filesize
184KB

MD5
b50f83176da17f52344acef6c885508b

SHA1
a80a8b1e371c780ad098f6dbf705db958b0bd8f1

SHA256
850d8d4c40309c46d6906b9408a4b5e0476b6b9ce350062042af540a1706ee29

SHA512
d2fc034ce4cf6df6f8232e17d2b2c35159ed997de3a8f1e79609c8df43891ecc542449fd211b5d028420acbf4abf64fbc473919b24292992b7f6d3e5734658f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe

Filesize
184KB

MD5
eae5f2462004a77e41dd86508b15f421

SHA1
62f3bceea8fa4514a4aba0ec4314cd7a4839868d

SHA256
72ee18d546838b3e2169e9a3a205e05cfc946de1f24fd8caacb3ce69c4dab8f4

SHA512
85c58890295dfd855e1dc6a55c21b6550ddba3615bb8e51e629c42a0c9dff20051006919197e8fe2fb3a75c5fbf9ffa69615972f84e04de9cb81642baea4357d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads