1479bf417af9dcee4c9a623d87256a8a7458fc497f489925c19f8cd0056b474d

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
Size

184KB
MD5

fb1b34b7c6087e24d9fdbbffa1d9fa4f
SHA1

c2403dd1cf4197275c91f826d373b993ef51d1ad
SHA256

1479bf417af9dcee4c9a623d87256a8a7458fc497f489925c19f8cd0056b474d
SHA512

b1bcc14afb42e96fae35b59b8dc6730cf57f354861676a4ca19a027910196e0f49ca76153cf666584eb56ddd2643abfd3911c2eaaaba0e8a8a8459bb47db5f8e
SSDEEP

3072:o418osrfjhilEjUd/fa8zybObP6zjHIA5YxyLP4b7lPdpFs:o4+oC1ilJdna8zeoEG7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 54 IoCs

pid	Process
2004	Unicorn-13564.exe
2532	Unicorn-32676.exe
2524	Unicorn-21816.exe
2640	Unicorn-63964.exe
2548	Unicorn-7150.exe
2396	Unicorn-57742.exe
2336	Unicorn-27099.exe
344	Unicorn-3149.exe
1500	Unicorn-18931.exe
908	Unicorn-43435.exe
2296	Unicorn-15401.exe
1660	Unicorn-44286.exe
2176	Unicorn-20336.exe
1508	Unicorn-60622.exe
2480	Unicorn-20144.exe
1948	Unicorn-21536.exe
1928	Unicorn-60430.exe
1404	Unicorn-45308.exe
2744	Unicorn-36585.exe
2452	Unicorn-5666.exe
2828	Unicorn-22387.exe
836	Unicorn-2521.exe
2908	Unicorn-8572.exe
1676	Unicorn-33892.exe
2268	Unicorn-42719.exe
1476	Unicorn-5770.exe
2868	Unicorn-63243.exe
2636	Unicorn-3108.exe
1352	Unicorn-25893.exe
2440	Unicorn-24030.exe
2320	Unicorn-21373.exe
2004	Unicorn-17372.exe
1716	Unicorn-12088.exe
1616	Unicorn-3194.exe
1584	Unicorn-37704.exe
808	Unicorn-64922.exe
1624	Unicorn-36609.exe
1932	Unicorn-34025.exe
1444	Unicorn-11632.exe
2236	Unicorn-19090.exe
1236	Unicorn-23989.exe
1040	Unicorn-16288.exe
784	Unicorn-39313.exe
332	Unicorn-8607.exe
2852	Unicorn-12582.exe
2932	Unicorn-37471.exe
2056	Unicorn-39417.exe
1948	Unicorn-11788.exe
2360	Unicorn-42768.exe
1324	Unicorn-195.exe
696	Unicorn-21130.exe
1520	Unicorn-19760.exe
2660	Unicorn-46677.exe
2664	Unicorn-37030.exe

Loads dropped DLL 64 IoCs

pid	Process
1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
2004	Unicorn-13564.exe
1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
2004	Unicorn-13564.exe
2524	Unicorn-21816.exe
2524	Unicorn-21816.exe
2004	Unicorn-13564.exe
2004	Unicorn-13564.exe
2532	Unicorn-32676.exe
2532	Unicorn-32676.exe
2640	Unicorn-63964.exe
2640	Unicorn-63964.exe
2524	Unicorn-21816.exe
2524	Unicorn-21816.exe
2548	Unicorn-7150.exe
2548	Unicorn-7150.exe
2396	Unicorn-57742.exe
2396	Unicorn-57742.exe
2532	Unicorn-32676.exe
2532	Unicorn-32676.exe
1500	Unicorn-18931.exe
1500	Unicorn-18931.exe
2548	Unicorn-7150.exe
2548	Unicorn-7150.exe
2336	Unicorn-27099.exe
2336	Unicorn-27099.exe
344	Unicorn-3149.exe
344	Unicorn-3149.exe
2640	Unicorn-63964.exe
2640	Unicorn-63964.exe
2296	Unicorn-15401.exe
2296	Unicorn-15401.exe
344	Unicorn-3149.exe
344	Unicorn-3149.exe
1948	Unicorn-21536.exe
1948	Unicorn-21536.exe
2480	Unicorn-20144.exe
2480	Unicorn-20144.exe
1508	Unicorn-60622.exe
1508	Unicorn-60622.exe
2336	Unicorn-27099.exe
2336	Unicorn-27099.exe
1928	Unicorn-60430.exe
1928	Unicorn-60430.exe
2744	Unicorn-36585.exe
2744	Unicorn-36585.exe
2828	Unicorn-22387.exe
2828	Unicorn-22387.exe
2908	Unicorn-8572.exe
2908	Unicorn-8572.exe
2268	Unicorn-42719.exe
2268	Unicorn-42719.exe
2868	Unicorn-63243.exe
2868	Unicorn-63243.exe
1676	Unicorn-33892.exe
1676	Unicorn-33892.exe
2452	Unicorn-5666.exe
2452	Unicorn-5666.exe
1352	Unicorn-25893.exe
1352	Unicorn-25893.exe
2320	Unicorn-21373.exe
2320	Unicorn-21373.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
2004	Unicorn-13564.exe
2524	Unicorn-21816.exe
2532	Unicorn-32676.exe
2548	Unicorn-7150.exe
2640	Unicorn-63964.exe
2396	Unicorn-57742.exe
2336	Unicorn-27099.exe
1500	Unicorn-18931.exe
344	Unicorn-3149.exe
2296	Unicorn-15401.exe
1660	Unicorn-44286.exe
2176	Unicorn-20336.exe
1948	Unicorn-21536.exe
1508	Unicorn-60622.exe
2480	Unicorn-20144.exe
1928	Unicorn-60430.exe
2744	Unicorn-36585.exe
1404	Unicorn-45308.exe
2828	Unicorn-22387.exe
2908	Unicorn-8572.exe
836	Unicorn-2521.exe
2268	Unicorn-42719.exe
2868	Unicorn-63243.exe
1676	Unicorn-33892.exe
2452	Unicorn-5666.exe
1352	Unicorn-25893.exe
1476	Unicorn-5770.exe
2636	Unicorn-3108.exe
2440	Unicorn-24030.exe
2320	Unicorn-21373.exe
1716	Unicorn-12088.exe
2004	Unicorn-17372.exe
1584	Unicorn-37704.exe
1624	Unicorn-36609.exe
1616	Unicorn-3194.exe
1444	Unicorn-11632.exe
808	Unicorn-64922.exe
1236	Unicorn-23989.exe
1040	Unicorn-16288.exe
1932	Unicorn-34025.exe
2236	Unicorn-19090.exe
784	Unicorn-39313.exe
2852	Unicorn-12582.exe
2056	Unicorn-39417.exe
2360	Unicorn-42768.exe
696	Unicorn-21130.exe
1948	Unicorn-11788.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2004	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2004	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2004	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2004	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2532	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2532	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2532	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2532	1992	fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe	30
PID 2004 wrote to memory of 2524	2004	Unicorn-13564.exe	29
PID 2004 wrote to memory of 2524	2004	Unicorn-13564.exe	29
PID 2004 wrote to memory of 2524	2004	Unicorn-13564.exe	29
PID 2004 wrote to memory of 2524	2004	Unicorn-13564.exe	29
PID 2524 wrote to memory of 2640	2524	Unicorn-21816.exe	31
PID 2524 wrote to memory of 2640	2524	Unicorn-21816.exe	31
PID 2524 wrote to memory of 2640	2524	Unicorn-21816.exe	31
PID 2524 wrote to memory of 2640	2524	Unicorn-21816.exe	31
PID 2004 wrote to memory of 2548	2004	Unicorn-13564.exe	32
PID 2004 wrote to memory of 2548	2004	Unicorn-13564.exe	32
PID 2004 wrote to memory of 2548	2004	Unicorn-13564.exe	32
PID 2004 wrote to memory of 2548	2004	Unicorn-13564.exe	32
PID 2532 wrote to memory of 2396	2532	Unicorn-32676.exe	33
PID 2532 wrote to memory of 2396	2532	Unicorn-32676.exe	33
PID 2532 wrote to memory of 2396	2532	Unicorn-32676.exe	33
PID 2532 wrote to memory of 2396	2532	Unicorn-32676.exe	33
PID 2640 wrote to memory of 2336	2640	Unicorn-63964.exe	34
PID 2640 wrote to memory of 2336	2640	Unicorn-63964.exe	34
PID 2640 wrote to memory of 2336	2640	Unicorn-63964.exe	34
PID 2640 wrote to memory of 2336	2640	Unicorn-63964.exe	34
PID 2524 wrote to memory of 344	2524	Unicorn-21816.exe	35
PID 2524 wrote to memory of 344	2524	Unicorn-21816.exe	35
PID 2524 wrote to memory of 344	2524	Unicorn-21816.exe	35
PID 2524 wrote to memory of 344	2524	Unicorn-21816.exe	35
PID 2548 wrote to memory of 1500	2548	Unicorn-7150.exe	36
PID 2548 wrote to memory of 1500	2548	Unicorn-7150.exe	36
PID 2548 wrote to memory of 1500	2548	Unicorn-7150.exe	36
PID 2548 wrote to memory of 1500	2548	Unicorn-7150.exe	36
PID 2396 wrote to memory of 908	2396	Unicorn-57742.exe	37
PID 2396 wrote to memory of 908	2396	Unicorn-57742.exe	37
PID 2396 wrote to memory of 908	2396	Unicorn-57742.exe	37
PID 2396 wrote to memory of 908	2396	Unicorn-57742.exe	37
PID 2532 wrote to memory of 2296	2532	Unicorn-32676.exe	38
PID 2532 wrote to memory of 2296	2532	Unicorn-32676.exe	38
PID 2532 wrote to memory of 2296	2532	Unicorn-32676.exe	38
PID 2532 wrote to memory of 2296	2532	Unicorn-32676.exe	38
PID 1500 wrote to memory of 1660	1500	Unicorn-18931.exe	39
PID 1500 wrote to memory of 1660	1500	Unicorn-18931.exe	39
PID 1500 wrote to memory of 1660	1500	Unicorn-18931.exe	39
PID 1500 wrote to memory of 1660	1500	Unicorn-18931.exe	39
PID 2548 wrote to memory of 2176	2548	Unicorn-7150.exe	40
PID 2548 wrote to memory of 2176	2548	Unicorn-7150.exe	40
PID 2548 wrote to memory of 2176	2548	Unicorn-7150.exe	40
PID 2548 wrote to memory of 2176	2548	Unicorn-7150.exe	40
PID 2336 wrote to memory of 1508	2336	Unicorn-27099.exe	41
PID 2336 wrote to memory of 1508	2336	Unicorn-27099.exe	41
PID 2336 wrote to memory of 1508	2336	Unicorn-27099.exe	41
PID 2336 wrote to memory of 1508	2336	Unicorn-27099.exe	41
PID 344 wrote to memory of 1948	344	Unicorn-3149.exe	42
PID 344 wrote to memory of 1948	344	Unicorn-3149.exe	42
PID 344 wrote to memory of 1948	344	Unicorn-3149.exe	42
PID 344 wrote to memory of 1948	344	Unicorn-3149.exe	42
PID 2640 wrote to memory of 2480	2640	Unicorn-63964.exe	43
PID 2640 wrote to memory of 2480	2640	Unicorn-63964.exe	43
PID 2640 wrote to memory of 2480	2640	Unicorn-63964.exe	43
PID 2640 wrote to memory of 2480	2640	Unicorn-63964.exe	43

C:\Users\Admin\AppData\Local\Temp\fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb1b34b7c6087e24d9fdbbffa1d9fa4f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        12⤵
        Executes dropped EXE
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
        8⤵
        Executes dropped EXE
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        11⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        14⤵
        Executes dropped EXE
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
        8⤵
        Executes dropped EXE
        
        PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
      4⤵
      Executes dropped EXE
      PID:908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        9⤵
        Executes dropped EXE
        
        PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe

Filesize
184KB

MD5
5fc89b3ea919e715ad1da79cd6c4fed0

SHA1
e13ec5eb555c0a55d15aa800153af4706db62b08

SHA256
9b2e128b4557d665f1afe7481cd2adf9f3ce67300891b1a6aeee68e619abbd03

SHA512
cea5bf1fc4ad2cbadb506fcadeab311b5b7b01c7746b9b020325186f6024d9fe061f9e68c3d1c153e3f839f881872622c96c9afd7cd2ec740b36fc42e20f4326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe

Filesize
184KB

MD5
ef6c3b33ff278afcf581cbec9a0c3980

SHA1
e83f353e512d81876d3cd0a55038991640d46e4e

SHA256
34ea2b443ef1ca1b7e86b865a18309f0e2476b551920cf74048634dd8eff4173

SHA512
352ee51f05e60a0dc50473ec33bd19a52d94d442e3d6b2cc85b2dcfb6da7a86fa768b95857136d76349874c0a8406af654a2c59edbc91c0c1b9721d9441bc2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe

Filesize
184KB

MD5
d3b7059b1bc6a4c9d4cd0748a26b1e33

SHA1
0f59eb16ee2c5461f8779bd2a245bc3426546e37

SHA256
4c45565b841eb4537de00762e04fde70584e00397ff1afe2db3518cf444ce8a7

SHA512
5605dd6ca668b72d8b1caffb10939b48c334621313fc5a7a166956363992811901dcb412f8d6751824fd2a1a43d31a81d4bde872ac72bcc7b727da6e0523e13b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe

Filesize
184KB

MD5
4cc55bff58f420a13a74e0818ad4d68a

SHA1
4a78eef21fd81a600f05b8f635d9a7e039995339

SHA256
76f6b0cb9eec88ece45104d7d78bd137bdf7cc0c809f5db5b820796b8f5fe298

SHA512
3296e91dc4a1f3687187fc6e6bd43d2df8e37de46b5901e8a277ab47572a79c92cba62881a07aa70546faee82fb1680b0d58d7f736300e3f2ac0bf7a77b08121

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe

Filesize
184KB

MD5
6e3958fc10e335f6a50e87bd79e68a6f

SHA1
e37c2a47791e6e1572269a09dfe9afd63f970ad4

SHA256
7864f6068c07b9acea77b08bd4c22bbdd18b8869bc2e70561bd79673db105571

SHA512
843fa6d2f2afd568f59179d5df34da4eb4f395989b46e082a89e9a4bbe7b543968921ea9ec8c0fb4e923e858382a0ef5d344362a4dd110fa652598af10405e36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe

Filesize
184KB

MD5
8feedf8dd9bab06d50ec15cbc20014d9

SHA1
55340668d9e01190cd559df951db16e4361d3d77

SHA256
613e6ac72e46969752fa37416b9709c3b1e8f00d267d94e7c3df68c712878e48

SHA512
a201d89ed017c1f67f8ce20d53993ac3105b5ee43d3b0119a8fd53da261cc99df9c1e6c120eb9d9f221627230342d8d449e27dbdba1f83064210c0ef15b2c846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe

Filesize
184KB

MD5
9510fa664e42c470b0a75dfb01e5ea0d

SHA1
aa3e83709119629a3b140ababe0be5ebd33afde5

SHA256
22140f3ec12733b959d7e1a5e1edb2d7461fbab78d674c531fbbd57c87fcd501

SHA512
6d05bb827204b632dd0f02d01353e1ec99ee27b33282d5bc5643b6b424a5e04b5667dfdc2b7631ba3fe80731583e2583a52453ea39f8135c792b903b141557b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe

Filesize
184KB

MD5
27fbcafba9816f8aaaebef1e329bd7b6

SHA1
02b46a7de3d2ebddd5e4f7a0b6c90ad445ab46dc

SHA256
e0632d2abfb8a2221a25326663508ad12f02d8b21ea5f69a2cbd5ee235861672

SHA512
f78fb729721a8423740cc1a4e84836a19804ef2c2ff3fa1f19ade173075ecdc63b083ba3b887a6765b46de27fb54f410c802e1d88df3744ce2c343867eacaad8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe

Filesize
184KB

MD5
64560abc62c31bb6d68612e23a96a6e4

SHA1
705cf9a177b6cf59463ce332778ecc7912e37436

SHA256
cea3f7efa0a0d2706f68f87c103619f68759263d9da364bb8a1741f04e281cb6

SHA512
5931c32bde575179172d8dfa34567647c2753897361b21ffdf57869a68f7d77173696a93434e9c5197bca688b11dfbcb53da67536377015c1a539c5be92e19b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe

Filesize
184KB

MD5
3b499173ee5baf6d3bfc2a80b5d094bf

SHA1
a200c92bc17c9026e495a989d3a3c3f992af42a5

SHA256
2cda413823b9070236caf0db6c5e0b5ea85861ebb0f7b071584d5fd8d7a5bca5

SHA512
5098fade36f69f2c8533a7d1673815c2098dbe0d4c69df1ef566b1563cdd2a77153ba0354af8cfe82eb3566859453c1b5c24a19a16d5b7db98bb19af72c0c5c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe

Filesize
184KB

MD5
3fa078c1d8a2315af9bbbfd0a4a09954

SHA1
b1e35cf7b080ca660305e01e997a39c40e9a2272

SHA256
d01287b7751775a0755f53427592aec3b7c06a2c27e19f69151399d9dcc2b24a

SHA512
13d6c0586bd4e1f76a981a5dd22b0612a93fa6b7602097b1a940dd5589a3172581f5754ec73e455f31b03c160f23e88660645e2932243a7caf5db64c298dbd3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe

Filesize
184KB

MD5
e832a10f9949f24ecc9887557b4d2e93

SHA1
9471a10734eeebec33e3813787151f3fe80a29de

SHA256
d4dd1e7e03bf56763b7071f9b6575632f362deca0df61a986a5ae1872eb68ed7

SHA512
9e406ef70b11f25a3ce233acc0fb65dbbd06d625ca4a0b668829c3abc715afb13cdca4d55d073bfeb232ec2473f165019dc876843cd7315aab8042c498b9cce7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe

Filesize
184KB

MD5
33f677696cd43c54502332c1f509f6d4

SHA1
f317d478382e1086758f2c6255689cd950204a53

SHA256
aee947ecad88f9529ae82ffd470f48e13dbd7ac284c18ffda1f0bf413bd54b09

SHA512
ec9fdf7edf6b35ab8afccd19bc8efac356d779ceba6eb72c42da6df2c241a221a98e69d2aea951ceb20953f1e98aca71d7f376c97675fa21a8f47181f7433236

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe

Filesize
184KB

MD5
078ca41092ef4df6569f22c2f47fd916

SHA1
7d9737685dd836a24a7c41afcf131fb5d4b1dd3c

SHA256
f8ab7f4cd616c058e4eafd9591d617152844f1f5c245afdc5d0aa3e103e17650

SHA512
428463e91b08a89c23f6334da6f17e521b21f68d3129f7a8745c25601623c291f3902eb7a593d14f8a353d4445fcd918094c6087a753f284dbce5656175707d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe

Filesize
184KB

MD5
62fc80ebf60818ea4ce7aec5f98b99f8

SHA1
f85fbdb47b6a1a941922edf63c5a88be0217c008

SHA256
4e6f49f336b36109b76b1ac08f9d443c728d012ad160138da1f5d2befd1c7830

SHA512
8186d4641d46617948bf330b2fc0606284a75caad54a9ec7bfc5a2573de15077f6d45154a9c3ed5ecb3325b0c5218911de4dbb8487b434339449433efc7ea133

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe

Filesize
184KB

MD5
46d58777b7b328192d85575cff1ed32c

SHA1
7d9581eecb8e9c46875978bbc6c28534212ee094

SHA256
b7a9e2d1e27972d6e3b2cf3c6d0703345d81f00cd3555fd9500d777638f1eb00

SHA512
9ea5206289d6002b5924730f146e497c5c1de2a632c373eaee4532e47d1cffd75409dae04ee89d35dda0f3f474451636d1ee0d95e963336106dea601b53905ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe

Filesize
184KB

MD5
d41a100529d5e79385594393f4be1894

SHA1
4e3df2511632a460c88c89143e2bd87daf97637d

SHA256
9caced0b55137666290815869b82c721134dc02dfb3aedc385896ce7400c65e0

SHA512
041bec56098f7cd9f3269aa42a9984c969254b06d3b5ea4c0cf573803fa9330f465a02cffd2a812ad81215bbcdb10e3079643249d480453c893f5de3b6f4ac94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe

Filesize
184KB

MD5
ac60288c44f16db8a609af17a68af950

SHA1
84675c1537bbd81cca07a7c1e54198f26dfbed57

SHA256
c8cd203cd856fc39bb2b8e5f6e2b1ddacb8df44cb8e43370c1f47beb2055680d

SHA512
505bc3a7ddabaec75f42dfdbf0b2549f295aae6fda8605dd5d33e072ecf36f45a6c5a7b42b77588671e5925268fab5eff8fd4ecc13a7c2f8af3c017c24233820

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe

Filesize
184KB

MD5
0ad29f97ff341dbc2694576bc6fb4854

SHA1
2658a14e114c86ce3936dacbe5a14795173ca17b

SHA256
ec21e88845c7aa874e43c903dcb3db7cf3a30b687f1d1eb2857c29aa4b2c6b7d

SHA512
b770a357dd31e760d2f4379b04ae49027813174a1957e2e419de147dd41da51b9c0cee793bf12713bc4eedc719fa5ed9ddb7acad627e6573f6b71afa6332c2be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe

Filesize
184KB

MD5
8cc240e20ce7109c54ac223ceba072e0

SHA1
db2ebc4a732f35bd87b309875554cb3b7e5cd1b1

SHA256
c99018d2025544b39ae4e8611ca53f68e5377c3868cf1119cbd727455b12757c

SHA512
373b853350123fef3444722e342c0ad9f2c83dfdb1bda74d351b78e2930f1cd7e5d797eb9dcbc605866cae3ab177086515ec867aad4ab80f5a9dc158e7869f41

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads