5e0ef0615b8b45fb8a4cf9fda71473aaa35d5e7897a6e5ac2d3e84b74d2a613e

Analysis

max time kernel
40s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
Size

184KB
MD5

fa838d9d2ac396322b7c5019300bb895
SHA1

859e3be173175aa0d75e2894477f5b89841d007c
SHA256

5e0ef0615b8b45fb8a4cf9fda71473aaa35d5e7897a6e5ac2d3e84b74d2a613e
SHA512

4b5744dc39376dc7b2e0f243c95e953566b0c0e91f119c9127265e79ccbb9eeaf59bebb1ec47e074d8868842a9be3c033f5a1f8d59dae447fd4a85b895756823
SSDEEP

3072:6F5SomLyovw/oOj1o3Q6oJSLcYjMzoIV60xV+ELuNlvvpFB:6FwoWY/oKog6oJvxxyNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 43 IoCs

pid	Process
2688	Unicorn-38481.exe
2148	Unicorn-8989.exe
2624	Unicorn-50577.exe
2388	Unicorn-36867.exe
2928	Unicorn-12917.exe
2356	Unicorn-60987.exe
2896	Unicorn-6955.exe
2420	Unicorn-48865.exe
2588	Unicorn-3426.exe
848	Unicorn-43712.exe
496	Unicorn-41251.exe
1372	Unicorn-23458.exe
1116	Unicorn-60961.exe
2012	Unicorn-44262.exe
2768	Unicorn-3229.exe
1728	Unicorn-3784.exe
1660	Unicorn-65237.exe
2332	Unicorn-11397.exe
1064	Unicorn-49306.exe
3064	Unicorn-47635.exe
896	Unicorn-48190.exe
1468	Unicorn-63971.exe
332	Unicorn-35191.exe
952	Unicorn-57282.exe
112	Unicorn-23863.exe
2316	Unicorn-40583.exe
900	Unicorn-20717.exe
2232	Unicorn-61003.exe
1600	Unicorn-7718.exe
1988	Unicorn-53390.exe
988	Unicorn-24055.exe
892	Unicorn-56898.exe
1532	Unicorn-18108.exe
992	Unicorn-63779.exe
2864	Unicorn-65424.exe
1908	Unicorn-19753.exe
2968	Unicorn-12139.exe
2548	Unicorn-32005.exe
2484	Unicorn-40365.exe
2676	Unicorn-13483.exe
2296	Unicorn-13997.exe
1632	Unicorn-34417.exe
2884	Unicorn-22165.exe

Loads dropped DLL 64 IoCs

pid	Process
2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
2688	Unicorn-38481.exe
2688	Unicorn-38481.exe
2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
2148	Unicorn-8989.exe
2148	Unicorn-8989.exe
2688	Unicorn-38481.exe
2688	Unicorn-38481.exe
2624	Unicorn-50577.exe
2624	Unicorn-50577.exe
2388	Unicorn-36867.exe
2388	Unicorn-36867.exe
2928	Unicorn-12917.exe
2928	Unicorn-12917.exe
2148	Unicorn-8989.exe
2148	Unicorn-8989.exe
2356	Unicorn-60987.exe
2356	Unicorn-60987.exe
2624	Unicorn-50577.exe
2624	Unicorn-50577.exe
2896	Unicorn-6955.exe
2896	Unicorn-6955.exe
2388	Unicorn-36867.exe
2388	Unicorn-36867.exe
2420	Unicorn-48865.exe
2420	Unicorn-48865.exe
848	Unicorn-43712.exe
848	Unicorn-43712.exe
2928	Unicorn-12917.exe
2928	Unicorn-12917.exe
2356	Unicorn-60987.exe
2356	Unicorn-60987.exe
2588	Unicorn-3426.exe
2588	Unicorn-3426.exe
496	Unicorn-41251.exe
496	Unicorn-41251.exe
1372	Unicorn-23458.exe
1372	Unicorn-23458.exe
2896	Unicorn-6955.exe
2896	Unicorn-6955.exe
1116	Unicorn-60961.exe
1116	Unicorn-60961.exe
2012	Unicorn-44262.exe
2012	Unicorn-44262.exe
2420	Unicorn-48865.exe
2420	Unicorn-48865.exe
2332	Unicorn-11397.exe
2332	Unicorn-11397.exe
2588	Unicorn-3426.exe
2588	Unicorn-3426.exe
1728	Unicorn-3784.exe
1728	Unicorn-3784.exe
1064	Unicorn-49306.exe
1064	Unicorn-49306.exe
496	Unicorn-41251.exe
1660	Unicorn-65237.exe
496	Unicorn-41251.exe
1660	Unicorn-65237.exe
2768	Unicorn-3229.exe
2768	Unicorn-3229.exe
848	Unicorn-43712.exe
848	Unicorn-43712.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
2688	Unicorn-38481.exe
2148	Unicorn-8989.exe
2624	Unicorn-50577.exe
2928	Unicorn-12917.exe
2388	Unicorn-36867.exe
2356	Unicorn-60987.exe
2896	Unicorn-6955.exe
2420	Unicorn-48865.exe
848	Unicorn-43712.exe
2588	Unicorn-3426.exe
496	Unicorn-41251.exe
1372	Unicorn-23458.exe
1116	Unicorn-60961.exe
2012	Unicorn-44262.exe
1660	Unicorn-65237.exe
2332	Unicorn-11397.exe
2768	Unicorn-3229.exe
1728	Unicorn-3784.exe
1064	Unicorn-49306.exe
3064	Unicorn-47635.exe
896	Unicorn-48190.exe
1468	Unicorn-63971.exe
332	Unicorn-35191.exe
952	Unicorn-57282.exe
112	Unicorn-23863.exe
900	Unicorn-20717.exe
2232	Unicorn-61003.exe
1988	Unicorn-53390.exe
1600	Unicorn-7718.exe
892	Unicorn-56898.exe
1908	Unicorn-19753.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2688	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	28
PID 2916 wrote to memory of 2688	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	28
PID 2916 wrote to memory of 2688	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	28
PID 2916 wrote to memory of 2688	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	28
PID 2688 wrote to memory of 2148	2688	Unicorn-38481.exe	29
PID 2688 wrote to memory of 2148	2688	Unicorn-38481.exe	29
PID 2688 wrote to memory of 2148	2688	Unicorn-38481.exe	29
PID 2688 wrote to memory of 2148	2688	Unicorn-38481.exe	29
PID 2916 wrote to memory of 2624	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	30
PID 2916 wrote to memory of 2624	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	30
PID 2916 wrote to memory of 2624	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	30
PID 2916 wrote to memory of 2624	2916	fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe	30
PID 2148 wrote to memory of 2388	2148	Unicorn-8989.exe	31
PID 2148 wrote to memory of 2388	2148	Unicorn-8989.exe	31
PID 2148 wrote to memory of 2388	2148	Unicorn-8989.exe	31
PID 2148 wrote to memory of 2388	2148	Unicorn-8989.exe	31
PID 2688 wrote to memory of 2928	2688	Unicorn-38481.exe	32
PID 2688 wrote to memory of 2928	2688	Unicorn-38481.exe	32
PID 2688 wrote to memory of 2928	2688	Unicorn-38481.exe	32
PID 2688 wrote to memory of 2928	2688	Unicorn-38481.exe	32
PID 2624 wrote to memory of 2356	2624	Unicorn-50577.exe	33
PID 2624 wrote to memory of 2356	2624	Unicorn-50577.exe	33
PID 2624 wrote to memory of 2356	2624	Unicorn-50577.exe	33
PID 2624 wrote to memory of 2356	2624	Unicorn-50577.exe	33
PID 2388 wrote to memory of 2896	2388	Unicorn-36867.exe	34
PID 2388 wrote to memory of 2896	2388	Unicorn-36867.exe	34
PID 2388 wrote to memory of 2896	2388	Unicorn-36867.exe	34
PID 2388 wrote to memory of 2896	2388	Unicorn-36867.exe	34
PID 2928 wrote to memory of 2420	2928	Unicorn-12917.exe	35
PID 2928 wrote to memory of 2420	2928	Unicorn-12917.exe	35
PID 2928 wrote to memory of 2420	2928	Unicorn-12917.exe	35
PID 2928 wrote to memory of 2420	2928	Unicorn-12917.exe	35
PID 2148 wrote to memory of 2588	2148	Unicorn-8989.exe	36
PID 2148 wrote to memory of 2588	2148	Unicorn-8989.exe	36
PID 2148 wrote to memory of 2588	2148	Unicorn-8989.exe	36
PID 2148 wrote to memory of 2588	2148	Unicorn-8989.exe	36
PID 2356 wrote to memory of 848	2356	Unicorn-60987.exe	37
PID 2356 wrote to memory of 848	2356	Unicorn-60987.exe	37
PID 2356 wrote to memory of 848	2356	Unicorn-60987.exe	37
PID 2356 wrote to memory of 848	2356	Unicorn-60987.exe	37
PID 2624 wrote to memory of 496	2624	Unicorn-50577.exe	38
PID 2624 wrote to memory of 496	2624	Unicorn-50577.exe	38
PID 2624 wrote to memory of 496	2624	Unicorn-50577.exe	38
PID 2624 wrote to memory of 496	2624	Unicorn-50577.exe	38
PID 2896 wrote to memory of 1372	2896	Unicorn-6955.exe	39
PID 2896 wrote to memory of 1372	2896	Unicorn-6955.exe	39
PID 2896 wrote to memory of 1372	2896	Unicorn-6955.exe	39
PID 2896 wrote to memory of 1372	2896	Unicorn-6955.exe	39
PID 2388 wrote to memory of 1116	2388	Unicorn-36867.exe	40
PID 2388 wrote to memory of 1116	2388	Unicorn-36867.exe	40
PID 2388 wrote to memory of 1116	2388	Unicorn-36867.exe	40
PID 2388 wrote to memory of 1116	2388	Unicorn-36867.exe	40
PID 2420 wrote to memory of 2012	2420	Unicorn-48865.exe	41
PID 2420 wrote to memory of 2012	2420	Unicorn-48865.exe	41
PID 2420 wrote to memory of 2012	2420	Unicorn-48865.exe	41
PID 2420 wrote to memory of 2012	2420	Unicorn-48865.exe	41
PID 848 wrote to memory of 2768	848	Unicorn-43712.exe	42
PID 848 wrote to memory of 2768	848	Unicorn-43712.exe	42
PID 848 wrote to memory of 2768	848	Unicorn-43712.exe	42
PID 848 wrote to memory of 2768	848	Unicorn-43712.exe	42
PID 2928 wrote to memory of 1728	2928	Unicorn-12917.exe	43
PID 2928 wrote to memory of 1728	2928	Unicorn-12917.exe	43
PID 2928 wrote to memory of 1728	2928	Unicorn-12917.exe	43
PID 2928 wrote to memory of 1728	2928	Unicorn-12917.exe	43

C:\Users\Admin\AppData\Local\Temp\fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa838d9d2ac396322b7c5019300bb895_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        8⤵
        Executes dropped EXE
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        7⤵
        Executes dropped EXE
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
        8⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        7⤵
        Executes dropped EXE
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        10⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        9⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        6⤵
        Executes dropped EXE
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        6⤵
        Executes dropped EXE
        
        PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        7⤵
        Executes dropped EXE
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        8⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        6⤵
        Executes dropped EXE
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        6⤵
        Executes dropped EXE
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        5⤵
        Executes dropped EXE
        
        PID:2316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
        6⤵
        Executes dropped EXE
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        6⤵
        
        PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
        6⤵
        
        PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        6⤵
        Executes dropped EXE
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        5⤵
        Executes dropped EXE
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        6⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        7⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe

Filesize
184KB

MD5
db4065f92800c17675de24067d41a0b9

SHA1
766523945a3a76a27c7a9abbc02a809df0cd73af

SHA256
1ca1d53919a3876cf27f7428f6f4c9149314c3de67a52e9c36dc44893c46c537

SHA512
993b0680a5ac63cdef7e993ec505ead89eb67e450e0a0ea51091a8318a4b8ef00c3e583949e20047f74e22168769fb4536dba395d9982e02ce6488135eb8c6f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe

Filesize
184KB

MD5
c1b77bc091faea2fb74859d77a18ca86

SHA1
66baefaa7f44afbed736072af9997a8ac49acbe6

SHA256
857dd76dff73b4132c76eea37ebd66d9d719dba212767c4273bb458fb233795d

SHA512
6bdc9eb858d7545e2c38392e70496e117456925d87a62524d38dd38fd57934a2a5754d02e54aca4ceeb6fdf5c8e11befa5f2163ed09b7e9932373b409553f761

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe

Filesize
184KB

MD5
6402a3ac1aac2d231ebc5f86cd6d7a15

SHA1
4004a7c6ae1bc4c1afac65f0d68f8054d0ca11d8

SHA256
ab3503708de5a81fe11dd98c3f2ba50cbccb9ed21072f99019aaa2fffae8d1d7

SHA512
033a864ac9393c56b249c1e062f91583754c6d5e5e8dcc615deced10910f7b11173f42e62ff85c0f4e2f85b3c7dab545a85b203016fc837e985b3b8128105170

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe

Filesize
184KB

MD5
18280df7ecd12830cf967b031e4a3e2b

SHA1
3218cc23a56d27b3acd39a0133e5c174dca6ee4b

SHA256
2f2241598d7081a89737555835df3de96e561dab237d81eb422d446e202a7a1b

SHA512
e4e2b0b7b76ac7498f0762fc4587f2dbbcd19ffce9d005e72d4683130c43fba8095be5f735af2e906c6026c1fd1ce7180a16eecda17de7aaf18edac63bafc843

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe

Filesize
184KB

MD5
95d3f15ee15c3bab97032ccb9d90dafd

SHA1
bba0b159842851a02dea0962a612fcf1429112db

SHA256
ef0319b8ad7a8f7c4842423d57bac82e943a99287efa3eaee3e09cc17c0ca203

SHA512
c8f1b5fd2956b4192ad567eed0e2daa16b048bf2c44abfd4044a841214f731be53e0b9dbe01a718999e77e070cc39535d560456af6e9bff7d7d6b31aab5e7d52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe

Filesize
184KB

MD5
d38d8cfe4a9cf837375031835dfdf43d

SHA1
7762922e8e74049f6ca546b6bb2d6261333305bb

SHA256
74aea43f3e332387e943c91f99f89aaaeb0a7bb983b3905ad304ed19244aaa25

SHA512
ffff191a3a2a10e9c6a668448ab3c5c936d83d8c6ca9fee30f81249b5e8eb43d66f8ddb143aad46d7b8e91288c040fa72172b3300b916fa30edd08c2ea6e81ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe

Filesize
184KB

MD5
0215ac20470791e5a04c516f12f80e18

SHA1
ce482e7e586435a86668f15b58a744061391844f

SHA256
82b80d30442909998d5e5c1fa64f99c5dc0d392de341988b4877eed66325e289

SHA512
dedda5b17556b7e29ed4e599f895ff5541cbbd785b337f4f6520c11af98a332f47557b83416dad4818379f5b877a89b8c1bf7737f7fb2857410966eab0da6f40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe

Filesize
184KB

MD5
05ad05d653d254e33c1ff98039388619

SHA1
d81b447bb57e111d32f232006c8fbe96d67eac78

SHA256
fb7ffedb33be4f27bb1b50a1694cc770cae786ae3e7dbb58fdcadc6a2a7a8aa6

SHA512
4eb98c2f14cbe322a22792804947b4c63a21aaa0755b0c9eb6688020737c41e26290f8883618813da798f1423fa69c3d00b015d53b796c70029ebb8014795f36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe

Filesize
184KB

MD5
1ce251a117414d5aaff4d8cb25c7560f

SHA1
0e70088916417bfe4b78f4894ef4a4d938bb302c

SHA256
41eaacf20bcfc3be56cb8447707b8fc2e17b5aaf0086d39fc7f37b8d829de5bc

SHA512
b538f73719f20dfdd269b74c538807f09709eab775d4748c4ecfacd5b14df63128a4c065a4fc5bb279cc5353f9cd662dcf9c9fff4c7df81e9ee5fa1073f58917

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe

Filesize
184KB

MD5
5be42e4919d8dc1326eff42156051f67

SHA1
eafee0290994fa702e9a94b7ece00148e2b1f0d1

SHA256
03e18e02b5076179433a2192633e2b213d68ca2ace04a53dbea3d3843c67acaa

SHA512
b569af7434865ecadf0a4325c781f8ea3059b7b3646af37b8dd4cbc27ffcafa7dd104eb6d49fa3bf70edd0ed2f69f0a22a8b0cccbce39dd5556bd85b74cf6c8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe

Filesize
184KB

MD5
766b69e8fbf14225cb5079b0a02c8d40

SHA1
bf1f9377bff7b8dfc048fff7a9c8da8a1b30a496

SHA256
755271c7fc36ffb238016a31a371e99a94a6caa1d3d783c3f17abc36f8f2b40d

SHA512
7e87d1b3d8775bcdcd9a9f1b3abf1d25d2b00ba7e5776757b9add85724a5a1a7d4b82835d534101377b8073c03039732ac50c894c1e240a89a705c0171516b75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe

Filesize
184KB

MD5
fc6ed97351cd48fa0d37c487723cfbbe

SHA1
d5225ec9d4f441f5b2d37737191d06f2ac005fe2

SHA256
279ccec9a41be69912b309072f039ea56c83ef743cc710dcbad0a2eb01afe6b0

SHA512
80ec5662b259935979d2f1d157349aa3daaee770e8e06f41a215e9ac4ce14db815fec3a956991579cbbf1baacb30edef85cc09a40763dabb041ea498f9eed934

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe

Filesize
184KB

MD5
8fc34f67d7e0c421ebbe34c2894435bc

SHA1
12d4b692802f7b02d2d184697331a35bd9be04d0

SHA256
9041a075a914254d7b2a52b65d2eacd28c8349ea78d818af9f2cd46811d212fa

SHA512
1add6ca3a9275b11fb517803a00f21902d290b1f4759e643ae0c0a4a47d231e34bd81d2da3bed93ef6a7b82f6da9925eb2adedbfee590b9b94b015e4989ef947

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe

Filesize
184KB

MD5
c56ab2a921a4f518e404862e725fc95c

SHA1
02d70d7dcc576d8d472024da9793d669015b4ffe

SHA256
b2800cc425799bdf0a7e13dc04995a5203addbe2091430abc1b4b9c9777a8850

SHA512
8f060e97d336ed76b9544ea18278726c4cb41d9cdac582dbb5293fd83bdfda7177229eda531b32018d9fd0c22547a3fe7e9a161a88625bc5ecd13a7b8ba45931

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe

Filesize
184KB

MD5
9cec4a146689472a731bd0053bd9c569

SHA1
5aab253abbe39bc4b453a6cbc51327af810610ef

SHA256
18a32df1834a74e32019a94a338e8c8e95b56d6057d50a173db550d72b1131d1

SHA512
ed5278a150bf5e5469180932d2637252dc4b1f6c143a8465aa616d45cbe79b3c15c15514f2d181d7d212c7d1d7723bae8f78c78bf60bf0ec8394c58485b10c5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe

Filesize
184KB

MD5
2c8ead1fa21fdc10c45c8f2fb3ef90f5

SHA1
3f3d320207b89c4140af6cd5df486ebe78798a08

SHA256
3352f36649876d0961ad992c1ce74fd4707cf98dc5432de5bcf326e84d91fcdd

SHA512
935ea3a0ed0cf7e879796bc8b9e89041dd38530e36be2c57c4062cd481c504793a8c3b3d249bda45b167c27298ec4a160a27c3683339f883430fe4d1aef6598e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe

Filesize
184KB

MD5
94c7dd3ee74e31f4c58de192bc8c357d

SHA1
3e3cdaecf98b202932abe7e452b1ad365a6518c1

SHA256
6a4228603cfa20e2148d2fea83fdc87f33b4264d9d673e31c838fa1bdcbafaa7

SHA512
6f44d198acaf751ac3b9f222b93d520fcfaa4a14d9c35978acffaeaa5e3bf0886f0464272c252452d753bd84cf505d91f304c40454a9aa669fc1394129fd00bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe

Filesize
184KB

MD5
3ce486007a52b5a892cc84129716342c

SHA1
e25ede034ddaf2df7ae005854177b923e8587476

SHA256
3f9a428133b6d86d0e4d1f991e91567bd1f5013fadc5f11488e8ed5325cb1623

SHA512
fd329689ed1b2fe40ac1c9e751cf861f57402cff67e17b92be71819ae7718c2ac0e23a0832efecf21b823f10d1ae9e22ad3a5023cd2eb88b9fe1574c1f8939c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads