b0faa5c4bfae6182f004485f864087ca53306189d4e25fe13af2548b46827095

Analysis

max time kernel
66s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
Size

184KB
MD5

f9956bbf9cbba06c55c0aa0e6892d680
SHA1

26c82d04d4f0cf3e9d5b8a60f42a2f7d5e13ca58
SHA256

b0faa5c4bfae6182f004485f864087ca53306189d4e25fe13af2548b46827095
SHA512

02cc8e28ddbd29ee6a34f47d9b4e9186d92577fa59cc79c27070e23214cf342cecd81ecffc7f4046f8c1a1da961931a7471a1de37904d5fe44f07d3c28fd2d30
SSDEEP

3072:A9XdoJIToUA2yOjQdTC8CzFep/L6TfNkBDExzJddz7lPvpFa:A9toll2yDde8Cz3mON7lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 42 IoCs

pid	Process
1240	Unicorn-3352.exe
2076	Unicorn-64623.exe
2280	Unicorn-10783.exe
2636	Unicorn-32530.exe
2632	Unicorn-16002.exe
2480	Unicorn-61673.exe
2436	Unicorn-63827.exe
628	Unicorn-11097.exe
2696	Unicorn-52706.exe
2040	Unicorn-15202.exe
556	Unicorn-47875.exe
2920	Unicorn-21913.exe
2060	Unicorn-59224.exe
1280	Unicorn-29889.exe
324	Unicorn-62644.exe
1480	Unicorn-14211.exe
836	Unicorn-63220.exe
1508	Unicorn-43354.exe
3036	Unicorn-10490.exe
2336	Unicorn-2665.exe
1156	Unicorn-26210.exe
1544	Unicorn-6344.exe
2316	Unicorn-34378.exe
2216	Unicorn-47185.exe
876	Unicorn-57164.exe
1568	Unicorn-32467.exe
1624	Unicorn-44357.exe
1732	Unicorn-19661.exe
2128	Unicorn-3983.exe
860	Unicorn-53485.exe
1820	Unicorn-37533.exe
2444	Unicorn-41102.exe
1276	Unicorn-247.exe
2572	Unicorn-23491.exe
1236	Unicorn-53895.exe
848	Unicorn-15676.exe
2360	Unicorn-55831.exe
1808	Unicorn-37160.exe
2700	Unicorn-6459.exe
1444	Unicorn-45061.exe
824	Unicorn-47376.exe
1872	Unicorn-22073.exe

Loads dropped DLL 64 IoCs

pid	Process
2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
1240	Unicorn-3352.exe
2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
1240	Unicorn-3352.exe
2280	Unicorn-10783.exe
2280	Unicorn-10783.exe
2076	Unicorn-64623.exe
2076	Unicorn-64623.exe
1240	Unicorn-3352.exe
1240	Unicorn-3352.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2632	Unicorn-16002.exe
2632	Unicorn-16002.exe
2076	Unicorn-64623.exe
2076	Unicorn-64623.exe
2280	Unicorn-10783.exe
2280	Unicorn-10783.exe
2636	Unicorn-32530.exe
2480	Unicorn-61673.exe
2636	Unicorn-32530.exe
2480	Unicorn-61673.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2436	Unicorn-63827.exe
2436	Unicorn-63827.exe
2632	Unicorn-16002.exe
2632	Unicorn-16002.exe
628	Unicorn-11097.exe
628	Unicorn-11097.exe
2696	Unicorn-52706.exe
2696	Unicorn-52706.exe
2040	Unicorn-15202.exe
2040	Unicorn-15202.exe
556	Unicorn-47875.exe
556	Unicorn-47875.exe
2636	Unicorn-32530.exe
2636	Unicorn-32530.exe
2480	Unicorn-61673.exe
2480	Unicorn-61673.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
3044	WerFault.exe

Program crash 27 IoCs

pid	pid_target	Process	procid_target
1804	2176	WerFault.exe	27
2416	1240	WerFault.exe	28
2704	2280	WerFault.exe	29
2772	2076	WerFault.exe	30
688	2632	WerFault.exe	33
1316	2636	WerFault.exe	32
3044	2480	WerFault.exe	34
2448	1568	WerFault.exe	62
2688	1276	WerFault.exe	68
1128	2696	WerFault.exe	38
1140	628	WerFault.exe	37
1740	3036	WerFault.exe	50
3064	2436	WerFault.exe	36
1852	2060	WerFault.exe	44
2840	556	WerFault.exe	40
776	836	WerFault.exe	48
1616	1508	WerFault.exe	49
2184	324	WerFault.exe	46
2340	2336	WerFault.exe	54
1712	1544	WerFault.exe	56
1152	1280	WerFault.exe	45
2640	2040	WerFault.exe	39
2816	2920	WerFault.exe	43
2960	876	WerFault.exe	60
2892	2128	WerFault.exe	64
992	2572	WerFault.exe	70
1884	2316	WerFault.exe	57

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
1240	Unicorn-3352.exe
2280	Unicorn-10783.exe
2076	Unicorn-64623.exe
2632	Unicorn-16002.exe
2636	Unicorn-32530.exe
2480	Unicorn-61673.exe
2436	Unicorn-63827.exe
628	Unicorn-11097.exe
2696	Unicorn-52706.exe
2040	Unicorn-15202.exe
556	Unicorn-47875.exe
2920	Unicorn-21913.exe
2060	Unicorn-59224.exe
1280	Unicorn-29889.exe
324	Unicorn-62644.exe
1480	Unicorn-14211.exe
836	Unicorn-63220.exe
3036	Unicorn-10490.exe
1508	Unicorn-43354.exe
2336	Unicorn-2665.exe
1544	Unicorn-6344.exe
2216	Unicorn-47185.exe
2316	Unicorn-34378.exe
1568	Unicorn-32467.exe
876	Unicorn-57164.exe
2128	Unicorn-3983.exe
2444	Unicorn-41102.exe
2572	Unicorn-23491.exe
1276	Unicorn-247.exe
2360	Unicorn-55831.exe
2700	Unicorn-6459.exe
1872	Unicorn-22073.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1240	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	28
PID 2176 wrote to memory of 1240	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	28
PID 2176 wrote to memory of 1240	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	28
PID 2176 wrote to memory of 1240	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	28
PID 2176 wrote to memory of 2076	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2076	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2076	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2076	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	30
PID 1240 wrote to memory of 2280	1240	Unicorn-3352.exe	29
PID 1240 wrote to memory of 2280	1240	Unicorn-3352.exe	29
PID 1240 wrote to memory of 2280	1240	Unicorn-3352.exe	29
PID 1240 wrote to memory of 2280	1240	Unicorn-3352.exe	29
PID 2176 wrote to memory of 1804	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	31
PID 2176 wrote to memory of 1804	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	31
PID 2176 wrote to memory of 1804	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	31
PID 2176 wrote to memory of 1804	2176	f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe	31
PID 2280 wrote to memory of 2636	2280	Unicorn-10783.exe	32
PID 2280 wrote to memory of 2636	2280	Unicorn-10783.exe	32
PID 2280 wrote to memory of 2636	2280	Unicorn-10783.exe	32
PID 2280 wrote to memory of 2636	2280	Unicorn-10783.exe	32
PID 2076 wrote to memory of 2632	2076	Unicorn-64623.exe	33
PID 2076 wrote to memory of 2632	2076	Unicorn-64623.exe	33
PID 2076 wrote to memory of 2632	2076	Unicorn-64623.exe	33
PID 2076 wrote to memory of 2632	2076	Unicorn-64623.exe	33
PID 1240 wrote to memory of 2480	1240	Unicorn-3352.exe	34
PID 1240 wrote to memory of 2480	1240	Unicorn-3352.exe	34
PID 1240 wrote to memory of 2480	1240	Unicorn-3352.exe	34
PID 1240 wrote to memory of 2480	1240	Unicorn-3352.exe	34
PID 1240 wrote to memory of 2416	1240	Unicorn-3352.exe	35
PID 1240 wrote to memory of 2416	1240	Unicorn-3352.exe	35
PID 1240 wrote to memory of 2416	1240	Unicorn-3352.exe	35
PID 1240 wrote to memory of 2416	1240	Unicorn-3352.exe	35
PID 2632 wrote to memory of 2436	2632	Unicorn-16002.exe	36
PID 2632 wrote to memory of 2436	2632	Unicorn-16002.exe	36
PID 2632 wrote to memory of 2436	2632	Unicorn-16002.exe	36
PID 2632 wrote to memory of 2436	2632	Unicorn-16002.exe	36
PID 2076 wrote to memory of 628	2076	Unicorn-64623.exe	37
PID 2076 wrote to memory of 628	2076	Unicorn-64623.exe	37
PID 2076 wrote to memory of 628	2076	Unicorn-64623.exe	37
PID 2076 wrote to memory of 628	2076	Unicorn-64623.exe	37
PID 2280 wrote to memory of 2696	2280	Unicorn-10783.exe	38
PID 2280 wrote to memory of 2696	2280	Unicorn-10783.exe	38
PID 2280 wrote to memory of 2696	2280	Unicorn-10783.exe	38
PID 2280 wrote to memory of 2696	2280	Unicorn-10783.exe	38
PID 2636 wrote to memory of 2040	2636	Unicorn-32530.exe	39
PID 2636 wrote to memory of 2040	2636	Unicorn-32530.exe	39
PID 2636 wrote to memory of 2040	2636	Unicorn-32530.exe	39
PID 2636 wrote to memory of 2040	2636	Unicorn-32530.exe	39
PID 2480 wrote to memory of 556	2480	Unicorn-61673.exe	40
PID 2480 wrote to memory of 556	2480	Unicorn-61673.exe	40
PID 2480 wrote to memory of 556	2480	Unicorn-61673.exe	40
PID 2480 wrote to memory of 556	2480	Unicorn-61673.exe	40
PID 2280 wrote to memory of 2704	2280	Unicorn-10783.exe	41
PID 2280 wrote to memory of 2704	2280	Unicorn-10783.exe	41
PID 2280 wrote to memory of 2704	2280	Unicorn-10783.exe	41
PID 2280 wrote to memory of 2704	2280	Unicorn-10783.exe	41
PID 2076 wrote to memory of 2772	2076	Unicorn-64623.exe	42
PID 2076 wrote to memory of 2772	2076	Unicorn-64623.exe	42
PID 2076 wrote to memory of 2772	2076	Unicorn-64623.exe	42
PID 2076 wrote to memory of 2772	2076	Unicorn-64623.exe	42
PID 2436 wrote to memory of 2920	2436	Unicorn-63827.exe	43
PID 2436 wrote to memory of 2920	2436	Unicorn-63827.exe	43
PID 2436 wrote to memory of 2920	2436	Unicorn-63827.exe	43
PID 2436 wrote to memory of 2920	2436	Unicorn-63827.exe	43

C:\Users\Admin\AppData\Local\Temp\f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9956bbf9cbba06c55c0aa0e6892d680_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        7⤵
        Executes dropped EXE
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 188
        7⤵
        Program crash
        
        PID:2448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 372
        6⤵
        Program crash
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
        8⤵
        Executes dropped EXE
        
        PID:824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 380
        7⤵
        Program crash
        
        PID:2892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 380
        6⤵
        Program crash
        
        PID:1616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 376
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        6⤵
        Executes dropped EXE
        
        PID:1624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 372
        6⤵
        Program crash
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        6⤵
        Executes dropped EXE
        
        PID:848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 380
        6⤵
        Program crash
        
        PID:2960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 372
        5⤵
        Program crash
        
        PID:1128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        6⤵
        Executes dropped EXE
        
        PID:1820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 372
        6⤵
        Program crash
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        6⤵
        Executes dropped EXE
        
        PID:1444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 372
        5⤵
        Program crash
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        5⤵
        Executes dropped EXE
        
        PID:860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 372
        5⤵
        Program crash
        
        PID:1740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:3044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        8⤵
        Program crash
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 372
        7⤵
        Program crash
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
        6⤵
        Executes dropped EXE
        
        PID:1236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 372
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        9⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 380
        7⤵
        Program crash
        
        PID:992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 372
        6⤵
        Program crash
        
        PID:1712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 380
        5⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        5⤵
        Executes dropped EXE
        
        PID:1156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 372
        5⤵
        Program crash
        
        PID:1852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        6⤵
        Executes dropped EXE
        
        PID:1808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 380
        6⤵
        Program crash
        
        PID:1884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 380
        5⤵
        Program crash
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 372
      4⤵
      Program crash
      PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 372
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 376
  2⤵
  - Program crash
  PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16002.exe

Filesize
184KB

MD5
cc1395d75cf15cd4c57c9ffc771938d2

SHA1
2240e1b1613dc23e9e41067aafd5d8f63d00a2aa

SHA256
73b8092ac0e45176a71019ff66e3d3b87445c87037fa29e6bdfa3521910de19b

SHA512
24eda9b62f14757ede20c77a27469665aba1dd0891a86e3b02dddc488080f7d52508065921cac5070739019192f50ad1451291bb9ea66f5fe195d419ec75228b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe

Filesize
184KB

MD5
004df57ffff3d985dc474aaba2a8a47a

SHA1
eb19b94d8a535e83c25b0ed6054122c22690b7ce

SHA256
2751a64466acb826f3eb8c296bbb20e69ea70cb6f1855088113c1b8ec293b3b1

SHA512
25d8d3f8fcd3ce05c3ff340d88581b0dcbddf8bbfdfff5c00084cb09ef3e121197bbd5067f1a0ab0661341be348caffd57ba33361bae96ff481ef08ee79fa159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe

Filesize
184KB

MD5
98ef45e124fe0995589d3f15573c5c71

SHA1
fd8946a94ca9372732a6a7e9fafa8402971467ef

SHA256
c3a2f3a1de8560ea7a0d16843b199a5d817c00acb06bc501dadcd967b2c94355

SHA512
e9fc4706bd321505abfd0b0c8e96f426a1b5bcb80c434d7f703ea488744afe59c2f0d3b6b88cd954b5b134ba9dd46728e31cd2ba5348e704959f954e5fe08d1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe

Filesize
184KB

MD5
d19484be35bc81151230dc9485bb67f8

SHA1
7a55077250154d7cfb560e65385ee3cb3b4c2a6c

SHA256
2b7fd15260cec38927d3235925e5cb87bcefe3bfce0a822ca0b9310730dcd7df

SHA512
0b1f6871a652d9bdf2100f77490bb9a49611d5aebaab5eb7195d159a2c072c8fb7a8df7dae6c40611dc1df88c9c8e8eb5f0a0afa2cb96605af51af7ad429707b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe

Filesize
184KB

MD5
d0d862642d3d0c32396406581bb1de02

SHA1
da5de03b3b6bd70fe2cbb32603280ca500be8010

SHA256
573d946b1fbbd832fbcf81204d2e12af8128874674adc339d643b343b330dad9

SHA512
bdc9f4ef7c0a627001f0feed84c47aef908c8528a89cd1e98c19d5c72a21881235595e8e1496d47212163a0f86b88fa35e7f6e49cf6e03e4d7e397336159e6b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe

Filesize
184KB

MD5
44ec70e72df572a7bfdc75b1ddfb01e6

SHA1
ac592a312373342bbc116829b0b32bcfeebf92c5

SHA256
ec0873ca267dc18b39f2cdef30dfa93833ccd7541f242e4f052622f455a7dd43

SHA512
9e241612be2ed3b30b241699a96d6db626612ffa78f81e2ae310ea621cd76f939636989ce179dd6e99ee4b894f6efc65daf6ed8ad665a6d8ceb8d545592ef716

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe

Filesize
184KB

MD5
f917ca7ea99e7d849389571edb126bf4

SHA1
c5d56a0876f19fe9237b0c84fec64b878d8f6605

SHA256
85175975ea213a384d5bc58ad545d9838fde7c026b0d67892c2e721e66592516

SHA512
81dd71e2b48c388900bc7034111f0dfbc592edbc1b77762c6625456a1e26ea8cc1373b61c17ecbdb8b6681e0c520a347a2d02f7ab9eb27d92bf9bf7d495efbe7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe

Filesize
184KB

MD5
ef9f2055db638e47bc80a39c346e934d

SHA1
5a1a431923ae190c18aa56cad4b70754b4fc4bb8

SHA256
56488dd12723999f7409461b0fda695ed73a4e6b377450c7d621b0e9ea487594

SHA512
669f8c54e16b9ff5b1ef34241d8d54bd05c2da36976d40e7bb256f38af562da168d5a7a7e0a8f9f927b49ed2fe8c8d577a26df9acc9776f167cee8860bd91dcc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe

Filesize
184KB

MD5
7397c92b00eb0f7ab8b630a4111c776f

SHA1
957a015ed1eb46b147a2a0d084aca0bae5a4a76e

SHA256
56c5566e0b24e646605eb15cc94b4ae85adda0990af6e3600674898c4893c6e7

SHA512
7ebe1769729e9c5a716c66d1284d8f7174971d38e8024d4068dc45d98117c92c32c2ec4153a094c453a46d997378d896ef56839481a0c6b7f922566e16134fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe

Filesize
184KB

MD5
011cb6d8c28a2a33dcebe5887e157d32

SHA1
387e5df121278764ecfd93133ba89ec88a1978df

SHA256
dfb7f8ae14c1a549fe608378b42819764669c007278a5995c0fdffde15517f5c

SHA512
3fd44c08dde78df3a3f3cb63f1bed3f7fe28bd85d96871ca8fc5bacebf386deb2e3ecdf9b139d8d865e699e54aa756e78835a1aec57c9d2ca8729476bb631630

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe

Filesize
184KB

MD5
650b2f2690a3bedfce4a235cc0c804de

SHA1
ef4515b47ea80ad335ec597fea34defe460ae32c

SHA256
8c8213e75f0ba6f908ecbc64f3ee6e03847c12604017af33af4c811542da0b86

SHA512
664ce29058492bd18a147cad335987eff07fd2e5598413ac54b06898b6e8a131354887c99e193234720276f0f5df2512947b77550a97ac13e50c36904099de9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe

Filesize
184KB

MD5
26e32346ec0adf1e882043794592162d

SHA1
156c40280091bba5e8438d94b86780c67b0179ad

SHA256
bad84d8206118e382423a59d02af8d8596695f5aed3a1e1783c36f01f6bcb661

SHA512
e4311cd0f5c9194296f516e0c26f321aeec55557db6e438cf59ebdbef554d9352649cd3d6f5021ba50d05f058901beae4072f524c041ae11420453a0a0cc6de4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe

Filesize
184KB

MD5
e1479eec2894b753f4e5e4dbdb72afa4

SHA1
f2cc93b34eb1deee2223066a97fc2db85e7bfda9

SHA256
d3b876f82e44302195066a303f2f36b4c412d09e9d7350d6b132ae64b9a9cb4b

SHA512
117fe498a34ca658058b90d9381ba09eaf647a195d5445ba4e74161f7909a8be057d9f46d13037a3c96cb39548602b53441945efa48c03c47d74fcc61fbb45a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe

Filesize
184KB

MD5
7ac779e58e67a1ec54b4e0314753895f

SHA1
373f69633acc2fb2bf6e5b04415c64643272e284

SHA256
094a6035866fc7dd9279a838ef1bb96726fa21ada07ad4cfd301833d28ed289d

SHA512
a8bd7fb0d4530fc64b079131a812366397a69461e87865f909cccd5d521630036e7d52d94e14d01b7593f068c6c661369b9c61a2cae9d4bcf5c9fbbf31ce573b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe

Filesize
184KB

MD5
a6b98750c2518fa2f8afcda01691a779

SHA1
b6881f858e02aace44ba3cd3e59ea6516ae64885

SHA256
e97435e35068c8c00885f75092d6830350f853ffdf44cd7ae3c7cd66999e84e0

SHA512
1171e3f8c36ba0d8199d6efa923d57ab62d4931ebce775d8d142827d24db6e3bbeeecf04f1d1d42f5d5d82e8fcc3dc90f490ef9ad2815348e8eed362954cbc09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads