4adc1f3e0e28ccec64bd636e3338b09b0f2d8fd07af0dadf9d48d78679320991

Analysis

max time kernel
50s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
Size

184KB
MD5

fac25e1f18ba026d0b1bcb1a73513b75
SHA1

b4240a13027a4609d1d3ce3b40ddab1efc200e48
SHA256

4adc1f3e0e28ccec64bd636e3338b09b0f2d8fd07af0dadf9d48d78679320991
SHA512

d43d166fd97c57600802151b1bdde4e00a9fb4747d795668686ea019335348f46b75971e398780c5c881618bbe14f366d1994d84d9d61a44c56e653ec8ca2b7d
SSDEEP

3072:M4HiocvfjhIlEjhd1AWvzFbObM6G/HI0QYxA2P4b7lPdpF1:M4Cou1IlUd6WvzXoTV7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2980	Unicorn-48757.exe
3064	Unicorn-15181.exe
2588	Unicorn-56769.exe
2972	Unicorn-42483.exe
2424	Unicorn-47122.exe
2508	Unicorn-58819.exe
2888	Unicorn-58168.exe
804	Unicorn-47540.exe
1836	Unicorn-26373.exe
1860	Unicorn-34733.exe
2356	Unicorn-39371.exe
1668	Unicorn-62610.exe
2304	Unicorn-46829.exe
1364	Unicorn-38106.exe
2756	Unicorn-43704.exe
2068	Unicorn-55402.exe
2016	Unicorn-55402.exe
2780	Unicorn-47789.exe
1740	Unicorn-446.exe
2364	Unicorn-5085.exe
2336	Unicorn-37395.exe
2824	Unicorn-58739.exe
1996	Unicorn-59294.exe
1280	Unicorn-21983.exe
1240	Unicorn-54847.exe
836	Unicorn-5646.exe
3004	Unicorn-51318.exe
1900	Unicorn-26259.exe
1232	Unicorn-30897.exe
2172	Unicorn-65236.exe
2228	Unicorn-57068.exe
3020	Unicorn-13466.exe
2148	Unicorn-49860.exe
2968	Unicorn-46331.exe
2504	Unicorn-9896.exe
2592	Unicorn-10643.exe
2716	Unicorn-29440.exe
2796	Unicorn-1920.exe
2688	Unicorn-55760.exe
2292	Unicorn-54437.exe
2988	Unicorn-51100.exe
2892	Unicorn-58713.exe
1216	Unicorn-26041.exe
1600	Unicorn-26041.exe
1352	Unicorn-62989.exe
2484	Unicorn-19387.exe
2620	Unicorn-55376.exe
2276	Unicorn-34436.exe
2636	Unicorn-37966.exe
672	Unicorn-50197.exe
1244	Unicorn-33306.exe
1004	Unicorn-633.exe
1396	Unicorn-42220.exe
2284	Unicorn-9761.exe
2452	Unicorn-2340.exe
1460	Unicorn-38542.exe
1696	Unicorn-37005.exe
2828	Unicorn-37005.exe
1684	Unicorn-37005.exe
2088	Unicorn-56871.exe
2812	Unicorn-56871.exe
1152	Unicorn-56871.exe
1960	Unicorn-56871.exe
692	Unicorn-56871.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
2980	Unicorn-48757.exe
2980	Unicorn-48757.exe
2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
3064	Unicorn-15181.exe
3064	Unicorn-15181.exe
2980	Unicorn-48757.exe
2980	Unicorn-48757.exe
2588	Unicorn-56769.exe
2588	Unicorn-56769.exe
2972	Unicorn-42483.exe
2972	Unicorn-42483.exe
3064	Unicorn-15181.exe
3064	Unicorn-15181.exe
2424	Unicorn-47122.exe
2424	Unicorn-47122.exe
2508	Unicorn-58819.exe
2508	Unicorn-58819.exe
2588	Unicorn-56769.exe
2588	Unicorn-56769.exe
2888	Unicorn-58168.exe
2888	Unicorn-58168.exe
2972	Unicorn-42483.exe
2972	Unicorn-42483.exe
1836	Unicorn-26373.exe
1836	Unicorn-26373.exe
2424	Unicorn-47122.exe
2424	Unicorn-47122.exe
1860	Unicorn-34733.exe
2356	Unicorn-39371.exe
2356	Unicorn-39371.exe
1860	Unicorn-34733.exe
2508	Unicorn-58819.exe
2508	Unicorn-58819.exe
1668	Unicorn-62610.exe
1668	Unicorn-62610.exe
2888	Unicorn-58168.exe
2888	Unicorn-58168.exe
2304	Unicorn-46829.exe
2304	Unicorn-46829.exe
1364	Unicorn-38106.exe
1364	Unicorn-38106.exe
1836	Unicorn-26373.exe
1836	Unicorn-26373.exe
2756	Unicorn-43704.exe
2756	Unicorn-43704.exe
2068	Unicorn-55402.exe
2068	Unicorn-55402.exe
2016	Unicorn-55402.exe
2016	Unicorn-55402.exe
2356	Unicorn-39371.exe
2356	Unicorn-39371.exe
2780	Unicorn-47789.exe
2780	Unicorn-47789.exe
1860	Unicorn-34733.exe
1860	Unicorn-34733.exe
1740	Unicorn-446.exe
1740	Unicorn-446.exe
2364	Unicorn-5085.exe
2364	Unicorn-5085.exe
1668	Unicorn-62610.exe
1668	Unicorn-62610.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
888	2172	WerFault.exe	57

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
2980	Unicorn-48757.exe
3064	Unicorn-15181.exe
2588	Unicorn-56769.exe
2972	Unicorn-42483.exe
2424	Unicorn-47122.exe
2508	Unicorn-58819.exe
2888	Unicorn-58168.exe
804	Unicorn-47540.exe
1836	Unicorn-26373.exe
2356	Unicorn-39371.exe
1860	Unicorn-34733.exe
1668	Unicorn-62610.exe
2304	Unicorn-46829.exe
1364	Unicorn-38106.exe
2756	Unicorn-43704.exe
2068	Unicorn-55402.exe
2016	Unicorn-55402.exe
2780	Unicorn-47789.exe
1740	Unicorn-446.exe
2364	Unicorn-5085.exe
2336	Unicorn-37395.exe
2824	Unicorn-58739.exe
1996	Unicorn-59294.exe
1280	Unicorn-21983.exe
1240	Unicorn-54847.exe
1900	Unicorn-26259.exe
836	Unicorn-5646.exe
1232	Unicorn-30897.exe
3004	Unicorn-51318.exe
2172	Unicorn-65236.exe
2228	Unicorn-57068.exe
3020	Unicorn-13466.exe
2148	Unicorn-49860.exe
2504	Unicorn-9896.exe
2968	Unicorn-46331.exe
2592	Unicorn-10643.exe
2716	Unicorn-29440.exe
2796	Unicorn-1920.exe
2688	Unicorn-55760.exe
2292	Unicorn-54437.exe
2988	Unicorn-51100.exe
1600	Unicorn-26041.exe
2892	Unicorn-58713.exe
1352	Unicorn-62989.exe
2484	Unicorn-19387.exe
2620	Unicorn-55376.exe
2276	Unicorn-34436.exe
2636	Unicorn-37966.exe
672	Unicorn-50197.exe
1244	Unicorn-33306.exe
1004	Unicorn-633.exe
1396	Unicorn-42220.exe
2284	Unicorn-9761.exe
908	Unicorn-56871.exe
2452	Unicorn-2340.exe
2900	Unicorn-28837.exe
1460	Unicorn-38542.exe
468	Unicorn-56871.exe
2812	Unicorn-56871.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2980	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2980	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2980	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2980	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	28
PID 2980 wrote to memory of 3064	2980	Unicorn-48757.exe	29
PID 2980 wrote to memory of 3064	2980	Unicorn-48757.exe	29
PID 2980 wrote to memory of 3064	2980	Unicorn-48757.exe	29
PID 2980 wrote to memory of 3064	2980	Unicorn-48757.exe	29
PID 2204 wrote to memory of 2588	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2588	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2588	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2588	2204	fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe	30
PID 3064 wrote to memory of 2972	3064	Unicorn-15181.exe	31
PID 3064 wrote to memory of 2972	3064	Unicorn-15181.exe	31
PID 3064 wrote to memory of 2972	3064	Unicorn-15181.exe	31
PID 3064 wrote to memory of 2972	3064	Unicorn-15181.exe	31
PID 2980 wrote to memory of 2424	2980	Unicorn-48757.exe	32
PID 2980 wrote to memory of 2424	2980	Unicorn-48757.exe	32
PID 2980 wrote to memory of 2424	2980	Unicorn-48757.exe	32
PID 2980 wrote to memory of 2424	2980	Unicorn-48757.exe	32
PID 2588 wrote to memory of 2508	2588	Unicorn-56769.exe	33
PID 2588 wrote to memory of 2508	2588	Unicorn-56769.exe	33
PID 2588 wrote to memory of 2508	2588	Unicorn-56769.exe	33
PID 2588 wrote to memory of 2508	2588	Unicorn-56769.exe	33
PID 2972 wrote to memory of 2888	2972	Unicorn-42483.exe	34
PID 2972 wrote to memory of 2888	2972	Unicorn-42483.exe	34
PID 2972 wrote to memory of 2888	2972	Unicorn-42483.exe	34
PID 2972 wrote to memory of 2888	2972	Unicorn-42483.exe	34
PID 3064 wrote to memory of 804	3064	Unicorn-15181.exe	35
PID 3064 wrote to memory of 804	3064	Unicorn-15181.exe	35
PID 3064 wrote to memory of 804	3064	Unicorn-15181.exe	35
PID 3064 wrote to memory of 804	3064	Unicorn-15181.exe	35
PID 2424 wrote to memory of 1836	2424	Unicorn-47122.exe	36
PID 2424 wrote to memory of 1836	2424	Unicorn-47122.exe	36
PID 2424 wrote to memory of 1836	2424	Unicorn-47122.exe	36
PID 2424 wrote to memory of 1836	2424	Unicorn-47122.exe	36
PID 2508 wrote to memory of 1860	2508	Unicorn-58819.exe	37
PID 2508 wrote to memory of 1860	2508	Unicorn-58819.exe	37
PID 2508 wrote to memory of 1860	2508	Unicorn-58819.exe	37
PID 2508 wrote to memory of 1860	2508	Unicorn-58819.exe	37
PID 2588 wrote to memory of 2356	2588	Unicorn-56769.exe	38
PID 2588 wrote to memory of 2356	2588	Unicorn-56769.exe	38
PID 2588 wrote to memory of 2356	2588	Unicorn-56769.exe	38
PID 2588 wrote to memory of 2356	2588	Unicorn-56769.exe	38
PID 2888 wrote to memory of 1668	2888	Unicorn-58168.exe	39
PID 2888 wrote to memory of 1668	2888	Unicorn-58168.exe	39
PID 2888 wrote to memory of 1668	2888	Unicorn-58168.exe	39
PID 2888 wrote to memory of 1668	2888	Unicorn-58168.exe	39
PID 2972 wrote to memory of 2304	2972	Unicorn-42483.exe	40
PID 2972 wrote to memory of 2304	2972	Unicorn-42483.exe	40
PID 2972 wrote to memory of 2304	2972	Unicorn-42483.exe	40
PID 2972 wrote to memory of 2304	2972	Unicorn-42483.exe	40
PID 1836 wrote to memory of 1364	1836	Unicorn-26373.exe	41
PID 1836 wrote to memory of 1364	1836	Unicorn-26373.exe	41
PID 1836 wrote to memory of 1364	1836	Unicorn-26373.exe	41
PID 1836 wrote to memory of 1364	1836	Unicorn-26373.exe	41
PID 2424 wrote to memory of 2756	2424	Unicorn-47122.exe	42
PID 2424 wrote to memory of 2756	2424	Unicorn-47122.exe	42
PID 2424 wrote to memory of 2756	2424	Unicorn-47122.exe	42
PID 2424 wrote to memory of 2756	2424	Unicorn-47122.exe	42
PID 1860 wrote to memory of 2016	1860	Unicorn-34733.exe	44
PID 1860 wrote to memory of 2016	1860	Unicorn-34733.exe	44
PID 1860 wrote to memory of 2016	1860	Unicorn-34733.exe	44
PID 2356 wrote to memory of 2068	2356	Unicorn-39371.exe	43

C:\Users\Admin\AppData\Local\Temp\fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fac25e1f18ba026d0b1bcb1a73513b75_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65236.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        9⤵
        Program crash
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        8⤵
        Executes dropped EXE
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57068.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        8⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        7⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        7⤵
        Executes dropped EXE
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
        7⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        8⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38542.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        8⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        9⤵
        
        PID:1352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        7⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        7⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        8⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        7⤵
        Executes dropped EXE
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        6⤵
        Executes dropped EXE
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        7⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        7⤵
        Executes dropped EXE
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        8⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        6⤵
        Executes dropped EXE
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        6⤵
        
        PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        6⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        5⤵
        Executes dropped EXE
        
        PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe

Filesize
184KB

MD5
b2e7dece06acccdf5383372879b59317

SHA1
ae3ec9b0a564853c226ed5ce8fb2bdf0d4480bd8

SHA256
7c10de780330a3185b05ede8951a5f8e5475328fe9d2ed27e4c34c4b81b7c9b9

SHA512
145264e42311bb20a921a0fc890dccf564659c3e5042246c6f359c6d307123312d501b635b4ce15ca8e345247440ae8bdf7ae20abe82faa336b3fc9db69d8b6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe

Filesize
184KB

MD5
7a5ec5ad10e25b1bc670708090fe40d7

SHA1
04abcb0b6ea71ffb48cbd69e7783bda6d5c5d7c2

SHA256
bfb786fdc48f3f0daacb745f8a8031547d958e1e7f448643dd71808fdee27ea6

SHA512
ca74db508438e2842e08532cc25e91ba37805e237b305486d6429f6bef48c8ce32ef9bab552688ed8ed22fed46ebe7a2049c8d8ce439457235ec0452538b0e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe

Filesize
184KB

MD5
02784e72735a8e466ebf8d296fa2f252

SHA1
a8b53f4b1d7a7b0df23e58afd6c867a7b19dfb75

SHA256
485d516dff2773d680b3b610c5cf5dfabe6d7d367b980cbbba3691141bd5a347

SHA512
c90056ffd9c102f2a534e56003938ddf1efa1a4b710da43dd281108a38aea07a6d30637e312ae16cdfe3d3f84b919526a0d3225b3c169c7ddf0d38cee668d339

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe

Filesize
184KB

MD5
f16332f065d666c2f4eb7e751caf1297

SHA1
ee45cf545c512bedf86e570dd7523c4e80045f40

SHA256
d06f4db21c1ec93a04ea0649e9d2a568117fd8daa3628d945cd6569222f5cc27

SHA512
c5dbba1b6ebdaff5401e65d08a0f3a2b07586636845977725a18d19211303b006a51b1255af1dae33aceb2ce79c93324a194c282c9253e0b102c274af04ec5ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe

Filesize
184KB

MD5
38fc3e005378d11eb4e508dc87fb71bb

SHA1
f7692e798acf15503aab6ae9e7dd4d3a14d7a92b

SHA256
2e19c823413744913e1f3a25c617268ff81906c940ecd3c40ec72b5e483432f6

SHA512
25f05a7d0e066fc99edcfe6a1f57e10de5d7b219efa48aefb838f582bc474d2b22f46292d0755702833cd4200050cd609a1a6128a00b137554d5d76473b1c25f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe

Filesize
184KB

MD5
6bb18d030cb6d577422c8dfe7720be94

SHA1
efc9c873be92f39ad4156152c7696c4708eccbc8

SHA256
b789ce3035a338fe9422bfc550ecb3c121074a7eb3a94eabffb59cd31dbb2d43

SHA512
2a3763d29f6d5e9ddb29976e431604c2f87c377c0c0739f426e40dc8c5d5aa09a87aa8d2cf77655cecb8593879412ddb286ef143985504f32079e5b92f178fdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe

Filesize
184KB

MD5
8624c428dbc7ce849796cb2c589cebe3

SHA1
c454392b891fbada6e03f9288f0b71068703d995

SHA256
54208c835866d3f37263bd6da0a2330ac03e5f769a0568bed5d67a486e789111

SHA512
ae8c1d7dfe6aecc8902811436982156adb3fd6bd82eaa943fb38c375f47b29c356687b361223a6ee02a9a2c95ca6e8dad95c8c6da6dd61081e4c9e7bb71cb9bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe

Filesize
184KB

MD5
09126557f980498b98c536e3f4843bfd

SHA1
49636ad03e3522f0d504e4f1b24790402c4146ec

SHA256
509e3c89a7909618e2842b8ec2ee4a8b2b40f79f2f427235bb404be01d70f0ee

SHA512
c5f5f3918ee29a2cda5d5a4b166439b77f95e5d8b3db61774b8e15337dbea061001c353152d1d6532fa30f198ad140f39c28bd11c621da7eec28a0a8e18d1b10

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe

Filesize
184KB

MD5
5ad9ecd023c22f36cabb1755c94b263c

SHA1
39cacfdd2c893de50874155f5fe7d7986ff45413

SHA256
66ad6d6f0710bdc5face147f360c6deb3efde574b3a05979336559188a85cea7

SHA512
bc93be7c40c5cc61f712684706985d4997e8ad2f310cbb73eb58d1b9a5e37030561baf8e0d410d90cfd3bc1c082ac31448e2d948aad556a4c35891f22ef98cde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe

Filesize
184KB

MD5
ed68027ee2448317973aea4dd83d76e7

SHA1
621239940aac7b8e557358b25a2157abfc6c6512

SHA256
4a8006d83776a505f8c8dee10d96e287a87d69426f0e8518fec80b2abf3ec8dc

SHA512
5849cf380b5fa6e0b6084cee057963ba3259186f1e0d3dc12856e9f6041ba21ed9e4a80889bfcfd1a758c35311713f7c95c14c383fd48bb8fe092b1c4949f269

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe

Filesize
184KB

MD5
7527a75cfc1cc2173ce75d1dc5fe5c7f

SHA1
efe0a2e578a07984e57523afde61e90b44b0f46e

SHA256
f1fda35a91a1a894622b05adf07ced1f3eedc0c3c0a51bdfcff65167fd396e49

SHA512
c5dfce26f6ecf8b3f4c72af2e77f27b2ede36c4f7c2942b227a2c511851a1bf79ab63ec5f9a08e6053c0b4e8ce2a5c51675321aa12cc85eeb6cec5a98e4bf7d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe

Filesize
184KB

MD5
7bd2bc54be9beff0ecd8beb5be378a14

SHA1
6470d76c069419c1e4c36f0936d24a2b7d96fde0

SHA256
17e57231a0c481071e990145f8ff63c0b9e7a3becfc3dda19376de100fd0a4a7

SHA512
26653dec537b101495bd64e891c9625c923e6e5a59ec88583df0efaf74a3dc596e2dd517d40fb9e9410429665b110121743fc039d40958431338cfd3078db29c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe

Filesize
184KB

MD5
edce21f76938cc9e19d2b1205190f68c

SHA1
ed977524fde73f56daebc668bf3f31e1baed20a8

SHA256
2e98891f01d7b718ee08c03be6d4a8d17bac8741360f684efc164e7230e3d1c9

SHA512
31b1d47f14486bf697408fdf4d85eaff2178d625fe41dae3d6ab259e6b15775afe6afff435d263548758e872dd73870098e09b578893b0c525e1c159b2d25060

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe

Filesize
184KB

MD5
1b4c9639143f12131c4275c7b1caf43a

SHA1
ccc2ef9324aa11cf6c8cea04c96950ba16e8b32f

SHA256
66e0e9d961e0b88f33793ad3a511eb56d5d070bf040039d26c86de711465e94b

SHA512
c06077a2df4d5b3874e4e2ebb3180869905ad2cca27b933b23d368d5d5ce6c6dd392411b175eefdea321845f626418de237da8a2337a53fab64991def80407fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe

Filesize
184KB

MD5
2284218be2fbb0a79579f103c7f81836

SHA1
bf89e99c9f6533b2c1ea2d33f64d40e540a7cc96

SHA256
b51922f36bcf4fd7e6cc146f63f576d77193486e48432e6114f095a3ad71f859

SHA512
434972a27606b23bba07fd276ba2844c5d9c4cd72a24ac652fd65b8ee3056acac7adb1f7178abc53c9a369278813d3945a35553ffb7404fb396b2481b9164b9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe

Filesize
184KB

MD5
d3624b6d1699391b93b3d5d4fbfafae6

SHA1
a494a9ca0a190019a83cb75168656241104eac91

SHA256
95821e13003c9c67375115deec83710781b14bb528453cbef482306e9e7de592

SHA512
2c1fc555bbdcd8ea4260d16f16dad0a3be957d5521ecdd0aa99d5bf631c7866850ac4a8e0a59fcce16fca3e5121816b76d1222435d8b12b451c7348e7f01a3a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe

Filesize
184KB

MD5
8d43e3d38a0335e836341eb158771ee9

SHA1
59b21ce3f2d6a751e4be65f667bbea2a09292e91

SHA256
e4929046c7b61b2de780f7251153d60965df1c7af206df32b0b6c82cb6f0cc3a

SHA512
e8a0989824884e2a8ef7e85038e6439a07aabce3d1b1641e595200c87cb38d0fc646bedb36b277a402ed2ec4a974bda3bccbfc0401844446276f390255e5c886

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe

Filesize
184KB

MD5
ecc2e3d60c12d113b64cf7f63fe45a21

SHA1
50f93c07e3f5688f20c000c0c036f7503ca9ae85

SHA256
b647c5da4c1b5384b00812c7eb5427f8b500d9ff1050fde22d1c941c259dfb8f

SHA512
a603ff8b1e664efe7056cd0b220227adf4ca5ee8bc7ac467f1ac5f2f95e2e53c8155fa1ea5b43c4b5919b7cbe9b7d9362f846df0c9b264381a6635541c10a7a9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads