aaa45dfcc1baf50804364984b68c38e307664be8fae2ea6e277a949886534e8e

Analysis

max time kernel
24s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
Size

184KB
MD5

fa344016075bd01cebd9c8c442f4b5c2
SHA1

4b186a76c5055658f858e1d5fe392d03631ef37b
SHA256

aaa45dfcc1baf50804364984b68c38e307664be8fae2ea6e277a949886534e8e
SHA512

d89beb4652f09e20875de5249741b1ddf902e8885a2a879a6c51c7ec24a63cc64f8ffc9d75544af9abdcf99d076ad625db7941e7ab283fcbbd14de8d2c49d1c2
SSDEEP

3072:S++yoEHHXBA8k5/zwTOS08db32t6VdzhpR7x+Sd9PNlPvpF0:S+roau8kZwqS08R1YgNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 50 IoCs

pid	Process
2900	Unicorn-24799.exe
2628	Unicorn-34202.exe
2536	Unicorn-18420.exe
2876	Unicorn-39329.exe
2460	Unicorn-23547.exe
2580	Unicorn-51581.exe
1656	Unicorn-27399.exe
2388	Unicorn-57056.exe
2316	Unicorn-27953.exe
2308	Unicorn-7663.exe
1016	Unicorn-61503.exe
2140	Unicorn-36802.exe
1360	Unicorn-33080.exe
3000	Unicorn-24358.exe
2112	Unicorn-58374.exe
1940	Unicorn-1005.exe
580	Unicorn-46677.exe
1428	Unicorn-13449.exe
1812	Unicorn-5836.exe
2596	Unicorn-62409.exe
3064	Unicorn-54796.exe
1720	Unicorn-17485.exe
1304	Unicorn-51501.exe
320	Unicorn-43888.exe
908	Unicorn-55393.exe
696	Unicorn-64308.exe
2032	Unicorn-26805.exe
2792	Unicorn-39057.exe
2920	Unicorn-47588.exe
1448	Unicorn-59285.exe
2592	Unicorn-6000.exe
2184	Unicorn-2663.exe
2552	Unicorn-59560.exe
1892	Unicorn-56223.exe
2756	Unicorn-22804.exe
2116	Unicorn-48652.exe
2708	Unicorn-36954.exe
2464	Unicorn-32124.exe
1588	Unicorn-12258.exe
2432	Unicorn-11895.exe
2832	Unicorn-64090.exe
292	Unicorn-18419.exe
2960	Unicorn-18419.exe
2300	Unicorn-18419.exe
2900	Unicorn-18419.exe
2400	Unicorn-15657.exe
636	Unicorn-35523.exe
1472	Unicorn-15657.exe
1556	Unicorn-35523.exe
2588	Unicorn-35523.exe

Loads dropped DLL 64 IoCs

pid	Process
2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
2900	Unicorn-24799.exe
2900	Unicorn-24799.exe
2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
2628	Unicorn-34202.exe
2900	Unicorn-24799.exe
2628	Unicorn-34202.exe
2900	Unicorn-24799.exe
2536	Unicorn-18420.exe
2536	Unicorn-18420.exe
2460	Unicorn-23547.exe
2460	Unicorn-23547.exe
2876	Unicorn-39329.exe
2876	Unicorn-39329.exe
2628	Unicorn-34202.exe
2628	Unicorn-34202.exe
2580	Unicorn-51581.exe
2580	Unicorn-51581.exe
2536	Unicorn-18420.exe
2536	Unicorn-18420.exe
1656	Unicorn-27399.exe
1656	Unicorn-27399.exe
2460	Unicorn-23547.exe
2460	Unicorn-23547.exe
2316	Unicorn-27953.exe
2316	Unicorn-27953.exe
2388	Unicorn-57056.exe
2388	Unicorn-57056.exe
1016	Unicorn-61503.exe
1016	Unicorn-61503.exe
2876	Unicorn-39329.exe
2876	Unicorn-39329.exe
2308	Unicorn-7663.exe
2308	Unicorn-7663.exe
2580	Unicorn-51581.exe
2580	Unicorn-51581.exe
2140	Unicorn-36802.exe
2140	Unicorn-36802.exe
1656	Unicorn-27399.exe
1656	Unicorn-27399.exe
1360	Unicorn-33080.exe
1360	Unicorn-33080.exe
3000	Unicorn-24358.exe
3000	Unicorn-24358.exe
2316	Unicorn-27953.exe
2316	Unicorn-27953.exe
1940	Unicorn-1005.exe
1940	Unicorn-1005.exe
1016	Unicorn-61503.exe
1016	Unicorn-61503.exe
580	Unicorn-46677.exe
580	Unicorn-46677.exe
1812	Unicorn-5836.exe
1812	Unicorn-5836.exe
2388	Unicorn-57056.exe
2388	Unicorn-57056.exe
2112	Unicorn-58374.exe
2112	Unicorn-58374.exe
1428	Unicorn-13449.exe
1428	Unicorn-13449.exe
2308	Unicorn-7663.exe
2308	Unicorn-7663.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
2900	Unicorn-24799.exe
2628	Unicorn-34202.exe
2536	Unicorn-18420.exe
2460	Unicorn-23547.exe
2876	Unicorn-39329.exe
2580	Unicorn-51581.exe
1656	Unicorn-27399.exe
2316	Unicorn-27953.exe
2388	Unicorn-57056.exe
2308	Unicorn-7663.exe
1016	Unicorn-61503.exe
2140	Unicorn-36802.exe
1360	Unicorn-33080.exe
3000	Unicorn-24358.exe
2112	Unicorn-58374.exe
1940	Unicorn-1005.exe
580	Unicorn-46677.exe
1812	Unicorn-5836.exe
1428	Unicorn-13449.exe
2596	Unicorn-62409.exe
3064	Unicorn-54796.exe
1720	Unicorn-17485.exe
1304	Unicorn-51501.exe
320	Unicorn-43888.exe
908	Unicorn-55393.exe
696	Unicorn-64308.exe
2032	Unicorn-26805.exe
2792	Unicorn-39057.exe
2184	Unicorn-2663.exe
2592	Unicorn-6000.exe
1448	Unicorn-59285.exe
2552	Unicorn-59560.exe
1892	Unicorn-56223.exe
2116	Unicorn-48652.exe
2756	Unicorn-22804.exe
2708	Unicorn-36954.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2900	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2900	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2900	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2900	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	28
PID 2900 wrote to memory of 2628	2900	Unicorn-24799.exe	29
PID 2900 wrote to memory of 2628	2900	Unicorn-24799.exe	29
PID 2900 wrote to memory of 2628	2900	Unicorn-24799.exe	29
PID 2900 wrote to memory of 2628	2900	Unicorn-24799.exe	29
PID 2748 wrote to memory of 2536	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	30
PID 2748 wrote to memory of 2536	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	30
PID 2748 wrote to memory of 2536	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	30
PID 2748 wrote to memory of 2536	2748	fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2876	2628	Unicorn-34202.exe	31
PID 2628 wrote to memory of 2876	2628	Unicorn-34202.exe	31
PID 2628 wrote to memory of 2876	2628	Unicorn-34202.exe	31
PID 2628 wrote to memory of 2876	2628	Unicorn-34202.exe	31
PID 2900 wrote to memory of 2460	2900	Unicorn-24799.exe	32
PID 2900 wrote to memory of 2460	2900	Unicorn-24799.exe	32
PID 2900 wrote to memory of 2460	2900	Unicorn-24799.exe	32
PID 2900 wrote to memory of 2460	2900	Unicorn-24799.exe	32
PID 2536 wrote to memory of 2580	2536	Unicorn-18420.exe	33
PID 2536 wrote to memory of 2580	2536	Unicorn-18420.exe	33
PID 2536 wrote to memory of 2580	2536	Unicorn-18420.exe	33
PID 2536 wrote to memory of 2580	2536	Unicorn-18420.exe	33
PID 2460 wrote to memory of 1656	2460	Unicorn-23547.exe	34
PID 2460 wrote to memory of 1656	2460	Unicorn-23547.exe	34
PID 2460 wrote to memory of 1656	2460	Unicorn-23547.exe	34
PID 2460 wrote to memory of 1656	2460	Unicorn-23547.exe	34
PID 2876 wrote to memory of 2388	2876	Unicorn-39329.exe	35
PID 2876 wrote to memory of 2388	2876	Unicorn-39329.exe	35
PID 2876 wrote to memory of 2388	2876	Unicorn-39329.exe	35
PID 2876 wrote to memory of 2388	2876	Unicorn-39329.exe	35
PID 2628 wrote to memory of 2316	2628	Unicorn-34202.exe	36
PID 2628 wrote to memory of 2316	2628	Unicorn-34202.exe	36
PID 2628 wrote to memory of 2316	2628	Unicorn-34202.exe	36
PID 2628 wrote to memory of 2316	2628	Unicorn-34202.exe	36
PID 2580 wrote to memory of 2308	2580	Unicorn-51581.exe	37
PID 2580 wrote to memory of 2308	2580	Unicorn-51581.exe	37
PID 2580 wrote to memory of 2308	2580	Unicorn-51581.exe	37
PID 2580 wrote to memory of 2308	2580	Unicorn-51581.exe	37
PID 2536 wrote to memory of 1016	2536	Unicorn-18420.exe	38
PID 2536 wrote to memory of 1016	2536	Unicorn-18420.exe	38
PID 2536 wrote to memory of 1016	2536	Unicorn-18420.exe	38
PID 2536 wrote to memory of 1016	2536	Unicorn-18420.exe	38
PID 1656 wrote to memory of 2140	1656	Unicorn-27399.exe	39
PID 1656 wrote to memory of 2140	1656	Unicorn-27399.exe	39
PID 1656 wrote to memory of 2140	1656	Unicorn-27399.exe	39
PID 1656 wrote to memory of 2140	1656	Unicorn-27399.exe	39
PID 2460 wrote to memory of 1360	2460	Unicorn-23547.exe	40
PID 2460 wrote to memory of 1360	2460	Unicorn-23547.exe	40
PID 2460 wrote to memory of 1360	2460	Unicorn-23547.exe	40
PID 2460 wrote to memory of 1360	2460	Unicorn-23547.exe	40
PID 2316 wrote to memory of 3000	2316	Unicorn-27953.exe	41
PID 2316 wrote to memory of 3000	2316	Unicorn-27953.exe	41
PID 2316 wrote to memory of 3000	2316	Unicorn-27953.exe	41
PID 2316 wrote to memory of 3000	2316	Unicorn-27953.exe	41
PID 2388 wrote to memory of 2112	2388	Unicorn-57056.exe	42
PID 2388 wrote to memory of 2112	2388	Unicorn-57056.exe	42
PID 2388 wrote to memory of 2112	2388	Unicorn-57056.exe	42
PID 2388 wrote to memory of 2112	2388	Unicorn-57056.exe	42
PID 1016 wrote to memory of 1940	1016	Unicorn-61503.exe	43
PID 1016 wrote to memory of 1940	1016	Unicorn-61503.exe	43
PID 1016 wrote to memory of 1940	1016	Unicorn-61503.exe	43
PID 1016 wrote to memory of 1940	1016	Unicorn-61503.exe	43

C:\Users\Admin\AppData\Local\Temp\fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa344016075bd01cebd9c8c442f4b5c2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59285.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        8⤵
        Executes dropped EXE
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        7⤵
        Executes dropped EXE
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        6⤵
        Executes dropped EXE
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        7⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        8⤵
        
        PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
        7⤵
        Executes dropped EXE
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14966.exe
        8⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        6⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        7⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        6⤵
        Executes dropped EXE
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        7⤵
        
        PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        7⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        7⤵
        
        PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        7⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        9⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
        6⤵
        Executes dropped EXE
        
        PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        6⤵
        Executes dropped EXE
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        5⤵
        Executes dropped EXE
        
        PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        6⤵
        Executes dropped EXE
        
        PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        5⤵
        Executes dropped EXE
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        7⤵
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        5⤵
        Executes dropped EXE
        
        PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe

Filesize
184KB

MD5
3fc72f5de50a13c02a008b0e864e3407

SHA1
10b2b860d336cc274e3c024fd33f6fd587df19d2

SHA256
05141762fba9d5bafa3b7ab588d112bb6b6f8e929db637ed951052ff7b3bbb5d

SHA512
44ed0ad672a48e27f58c12e1aae64e0913973d205d05ce7faa85edf7c20d4c61a62d81b91620077ab96a3b719f2659e553bdfb0b31fb50238f5827f96c13e9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe

Filesize
184KB

MD5
c9aec33d0b5c0b34021045bfe5f77f7e

SHA1
5cafb5baf96de7a1af6a9273058ad4df8337ec84

SHA256
8d87d743566bb7f4d6ecf1b3d8242b1c4bfec47856fc564cd1c7ee2a8307b9d8

SHA512
2aa2ea2ea21bf2e765d17c5ba2b0643b4ff86d981c2f169d3c60fb69fd14fce7af7a6397e136cc6b9989e973cec3fcae2a83d0b4fd210e93743f0aad7d56fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe

Filesize
184KB

MD5
8fca9c644fa9e6b0dbf76470acc464a5

SHA1
2de7caadfc6184f2ad921327a19e275fa4ab6be7

SHA256
3ef7a0ac3f78d5207931faf18f47aaa93fcaf5bd6d494ce20c512239a790fa39

SHA512
e72bf37f612d573c500a485f9477099b7c2c2a272ea8ef6c4157e8591d9f988dc666dbe10c09c4f7a3402d5f77c4c7ae0edd7218fb51007aacc8e0c126110822

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe

Filesize
184KB

MD5
ae2e39020fd805a6554aeef384a03ba0

SHA1
713a9dc3be7262436b7ba2482832c9e48ac83a9a

SHA256
d68b3e3d6517e026d7069682a176672cb82eeddf6adb9aa219d942457fd2d302

SHA512
c4ecea2c045ed874cfb300ee9b3e82ce177636d3719d5dfcf321025c206edc07f75c1925c8d471f9723e7a9abf944bcfff788053f6f7b2caf94bd0d93530eae1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe

Filesize
184KB

MD5
d6e08f7215bece13b8f2ed504ff3a673

SHA1
0e1c67c1c9b2b92cce9aff56bd74d56a06c0a578

SHA256
fda8f864e58b845647a335044d3712d93751cdb0ab2f1fdd603a75df61cd46ce

SHA512
61997bef423a10e2fcf6aac0f32a624928c5019d5e9ff63335d2ca28f9c3e4a828c695bfaee9d3d8fade5f0ae28cbaceab63c756a2aaede1a995bc073889d26a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe

Filesize
184KB

MD5
144d9a9f6c559af1e6f6d03997e92afa

SHA1
4526b6724bf627c2671f6966da7855aab2d28a75

SHA256
5d9a7fd9c32c8ab99be5dd8ba7f32f6a5bef6b9ffe7b776443d164702171a59f

SHA512
ad9521d57799e7673bfebe0f161e1fa435140ce2c406d18c2c8bdf76b1bbe000e7e86ac721215367d42936f23290afc8c5a6bc010f1fbb73b473642302fbae88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe

Filesize
184KB

MD5
4010f0b937267b176159125ec7799b43

SHA1
bd22d37d3bed5b4e2f8af637366fc3fffaeaa542

SHA256
5b488cfc2d7ae1fd36570a5667bb8d4b3f67142253af1c9ce4617f248a64a5f6

SHA512
95728184e619e45f7310f3c03d3373ddd7bc9918cbd83324bb437fb156e74a150d527307cd2bb70ea6269254efa833d05c9b8169f1291d5bf10fe84f70c4dd9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe

Filesize
184KB

MD5
2d2606eb206babdf47ef399e4bffc4da

SHA1
21af95adc007507c1139d4a820423b881622664d

SHA256
d724ace6de7ef317d46715adf0dd2abba1f7ca85ef8fa5260eb2cc9f5df0878a

SHA512
cbec20dae04f3e2d7c3216fea23b12791e135934b4a40a987268fa14036dc5466783f34f2c91856c6866003159255bea1c75112d3495bd1034138ef511cbef54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe

Filesize
184KB

MD5
6923841bd1f8a2d72f5945f422c58bdf

SHA1
2c0cc31b6116d251495af52732d80b36e4e32950

SHA256
17f2cd7f43512e91693def08374c890d19e9a87f9a6db9857f1b534de577493d

SHA512
6de834a97c73aee4a1aa90d5f22b5d3bb5c9a243ec77a1e293a2e700cdcfba69dc8b0094ceceead6054066b3e06db116ca6a66d801354fcb892817efb97303aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe

Filesize
184KB

MD5
fab528048ff731bf0beedbe86f3a4368

SHA1
04e2e34040c826ef536fd50c725b4fec5966a6d6

SHA256
f0ce4b259260bff4fa8a47e89214b22ec63a9fe6301c9ce656dbb6c1895532ef

SHA512
ed94634ed7458c4f9b98f9995234cd9b7eaf525dcb5e588f07821894d618b9384a254ad8261313e570b5aaddf19af370f1212a5824d6722d403fda304b1cc263

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe

Filesize
184KB

MD5
93289e4b7f81a9d56becc18bd1757af3

SHA1
ca3d73bc1b51f8b2fff48c623740582cb8ca4851

SHA256
70985021e1403f6366f90a253db142921504c2320f83b53331e4cab652e701c7

SHA512
57e2d7e6902df0e86d20f65ef134c6a8afeb913c799fa86b93661c942191e09a2c4fc2d53376f77b9b1192f583bf3f3552ebed8cca9fcb51e5dc8184656a254e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe

Filesize
184KB

MD5
bafd7fc253f637a184bf64d391aad47d

SHA1
64959c1c9cb5a9010b9654ba4429c0396f1e5a29

SHA256
5307cd5e26de2073b3728409d3f3e5d43a31904a212546a48895ac627c4e2eeb

SHA512
bf8d93b062c4fbe8e5785b8d585a80da61a3960a7fed9361113ef3c03cc5ae938418384c0993029475a9ca28e20295dfdda188b78aaa8e6c251d3ba7f0452009

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe

Filesize
184KB

MD5
60d0193c8b492769b51421d6fb360f21

SHA1
8f3707cbefcce8bbd54f67ca95067fba5e3b0876

SHA256
45335e8346323ed2abcbb4183f943f4f47b88afdf67fc2d9fe80e322374803d4

SHA512
547d998ff01d666873ad82c3504a04196caf2c7b4d49ceac5532ee5c6196bd761e62a63afd89a41aed63abe4fd75725be73db48fa66955ad9df5115f22393dd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe

Filesize
184KB

MD5
82c6be91fba92232403efcdf2790b37d

SHA1
37613f79e03a496a27ec379ebfb3bfefb3705ec8

SHA256
02f9dcc502985d081e46ed1e379c6442172d4a29b1d3ec262c5fe0a90472549c

SHA512
94e55d807028798c5cdb90f48b212d8653384dd67fc905f92af2ca77ab293ba95b9e1875464917a6e21ca7a758e70beac504f36d0d667442e1076578549ee4cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe

Filesize
184KB

MD5
f6f191ccbb8516c2e4f673480532b951

SHA1
d1f1036888a36c974f2a31d3e040523dc230b07c

SHA256
e66ad303f5e15ae4854bb189299aa22cdcbff0efaf4bb6c800911ce7f079f1ee

SHA512
fecb1d422b20ba26e65cc4dc08332379997bdd6ddb41bc99b89e8bf75cccffe99897864eb69d155f654cac6bc528a95a88f5e9e5d00dc44d28f4f9abae42f88c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe

Filesize
184KB

MD5
189ff82f50898866a908ece3d45b1e75

SHA1
1fec502543241b87a2faffa430adebdc10ab4979

SHA256
3c2656803811aebdf553abaaaa9e083b83b2c909f09a44a4386727ef129b9d4a

SHA512
a50a984a65cafba82d6cc52c2be9efca6f908fc4bb5860a59fdb5717d261ab1ae441eb22de3b8cb52ada40e2aa4d42321a7ef833facf9c2b6da66fbd8dc93102

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe

Filesize
184KB

MD5
bc080174f342cd297a9786624e820ef2

SHA1
79f16f7bef778cf0afadbd2f512db76d1615c109

SHA256
6b50c39d7e661f5d8c7cd1b17d265440091100c0ae4dea4e728b53af39c0bec7

SHA512
ef14665b0756083421d6ea271abc1451e0f31d8938b07f450b501abe61c6fe14e55d8a658f085a3fd207ed73281eab848c9923c054eb707330e6adbd5aa34851

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe

Filesize
184KB

MD5
ae3acae3f628b852fa7de7bad0bdca20

SHA1
4a1193467bcebb1e0151620179f72cf61f5004bd

SHA256
39965e7cc0de2e0c4e5dd52d548a2981d0dfc0f3caed49c39c7a528d24cebdde

SHA512
dba36e876c0a25c4198a9623494f2c9cb7861cf3d8c84a009f1786cde1c0869c43bfb21774220521cf7c57a6e647c481dd06669b18159b558160eb89bc93474e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe

Filesize
184KB

MD5
b6215d0f4437667472791af0245e24cc

SHA1
21bf08836fa8bea9811585062a33c815844f4326

SHA256
2912183322036e10d26c348c883416f8b7dafde126d57cdc05c4b025b4ad31c6

SHA512
dd6162013b8fd2d42acb5904e33f62daa1d7abfee75ac25e1788e6e317464c82f4b8cf6f67043c2f4481b87c7e2740a49f445e65ce4bbeea6ad6a582761ec1cb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads