0bd8947987e205323f64c487326f1c69f7a95d57ad5b55631ce8c11e8cf3f2a5

Analysis

max time kernel
28s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
Size

192KB
MD5

fc08a5702fbd02d7f0fb056c3c89c5ed
SHA1

324100e5862be8567592e4b753ff25c8eee71585
SHA256

0bd8947987e205323f64c487326f1c69f7a95d57ad5b55631ce8c11e8cf3f2a5
SHA512

b3121ef270361d5585f693039dc38b83c17eb29638ad0afa72f11e1dfec6362dbf86a3f193e6e6fee9c0579f95b4b05b9fb40efdb5195d70f2398835d9776d3d
SSDEEP

3072:rMICKobRy6JAWO7AuBBblb8TuFs67tCVazVxcPQW+HlP5p6U:rMIDoFmWO5BNlb8I+NWHlP5p6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 47 IoCs

pid	Process
2148	Unicorn-19616.exe
1868	Unicorn-27239.exe
2568	Unicorn-7373.exe
2732	Unicorn-61577.exe
2624	Unicorn-33543.exe
2492	Unicorn-36881.exe
1736	Unicorn-24048.exe
2824	Unicorn-4758.exe
2828	Unicorn-24624.exe
1436	Unicorn-57366.exe
2332	Unicorn-11694.exe
832	Unicorn-61938.exe
2764	Unicorn-53578.exe
1664	Unicorn-33712.exe
2260	Unicorn-43952.exe
2272	Unicorn-32062.exe
324	Unicorn-44336.exe
1492	Unicorn-3111.exe
1828	Unicorn-23209.exe
1036	Unicorn-10511.exe
1644	Unicorn-26848.exe
2228	Unicorn-56183.exe
2908	Unicorn-61689.exe
972	Unicorn-34231.exe
2520	Unicorn-20081.exe
820	Unicorn-49416.exe
1516	Unicorn-52753.exe
2200	Unicorn-61497.exe
1720	Unicorn-3936.exe
1616	Unicorn-49608.exe
1336	Unicorn-61305.exe
1800	Unicorn-23095.exe
2448	Unicorn-19775.exe
2800	Unicorn-48918.exe
2456	Unicorn-27751.exe
2740	Unicorn-58970.exe
2344	Unicorn-9769.exe
2516	Unicorn-55441.exe
1760	Unicorn-58778.exe
1988	Unicorn-38912.exe
2792	Unicorn-49193.exe
2860	Unicorn-27834.exe
2568	Unicorn-60314.exe
2996	Unicorn-60314.exe
344	Unicorn-60314.exe
1592	Unicorn-40448.exe
1684	Unicorn-40448.exe

Loads dropped DLL 64 IoCs

pid	Process
1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
2148	Unicorn-19616.exe
1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
2148	Unicorn-19616.exe
1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
1868	Unicorn-27239.exe
2148	Unicorn-19616.exe
1868	Unicorn-27239.exe
2148	Unicorn-19616.exe
2568	Unicorn-7373.exe
2568	Unicorn-7373.exe
2624	Unicorn-33543.exe
2624	Unicorn-33543.exe
2568	Unicorn-7373.exe
2568	Unicorn-7373.exe
2492	Unicorn-36881.exe
2492	Unicorn-36881.exe
1736	Unicorn-24048.exe
1736	Unicorn-24048.exe
2624	Unicorn-33543.exe
2624	Unicorn-33543.exe
2824	Unicorn-4758.exe
2824	Unicorn-4758.exe
2828	Unicorn-24624.exe
2828	Unicorn-24624.exe
2492	Unicorn-36881.exe
2492	Unicorn-36881.exe
2332	Unicorn-11694.exe
2332	Unicorn-11694.exe
1736	Unicorn-24048.exe
1736	Unicorn-24048.exe
1436	Unicorn-57366.exe
1436	Unicorn-57366.exe
832	Unicorn-61938.exe
832	Unicorn-61938.exe
2824	Unicorn-4758.exe
2824	Unicorn-4758.exe
1664	Unicorn-33712.exe
1664	Unicorn-33712.exe
2764	Unicorn-53578.exe
2828	Unicorn-24624.exe
2828	Unicorn-24624.exe
2764	Unicorn-53578.exe
2260	Unicorn-43952.exe
2260	Unicorn-43952.exe
2332	Unicorn-11694.exe
2332	Unicorn-11694.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
324	Unicorn-44336.exe
324	Unicorn-44336.exe
2204	WerFault.exe
2524	WerFault.exe
1436	Unicorn-57366.exe
1436	Unicorn-57366.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2204	2272	WerFault.exe	43
2524	2732	WerFault.exe	31

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
2148	Unicorn-19616.exe
1868	Unicorn-27239.exe
2568	Unicorn-7373.exe
2624	Unicorn-33543.exe
2492	Unicorn-36881.exe
1736	Unicorn-24048.exe
2824	Unicorn-4758.exe
2828	Unicorn-24624.exe
2332	Unicorn-11694.exe
1436	Unicorn-57366.exe
832	Unicorn-61938.exe
2764	Unicorn-53578.exe
1664	Unicorn-33712.exe
2260	Unicorn-43952.exe
2272	Unicorn-32062.exe
2732	Unicorn-61577.exe
324	Unicorn-44336.exe
1828	Unicorn-23209.exe
1492	Unicorn-3111.exe
2228	Unicorn-56183.exe
1644	Unicorn-26848.exe
1036	Unicorn-10511.exe
2908	Unicorn-61689.exe
972	Unicorn-34231.exe
2520	Unicorn-20081.exe
820	Unicorn-49416.exe
1516	Unicorn-52753.exe
2200	Unicorn-61497.exe
1616	Unicorn-49608.exe
1800	Unicorn-23095.exe
1720	Unicorn-3936.exe
1336	Unicorn-61305.exe
2448	Unicorn-19775.exe
2456	Unicorn-27751.exe
1988	Unicorn-38912.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2148	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	28
PID 1256 wrote to memory of 2148	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	28
PID 1256 wrote to memory of 2148	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	28
PID 1256 wrote to memory of 2148	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	28
PID 2148 wrote to memory of 1868	2148	Unicorn-19616.exe	29
PID 2148 wrote to memory of 1868	2148	Unicorn-19616.exe	29
PID 2148 wrote to memory of 1868	2148	Unicorn-19616.exe	29
PID 2148 wrote to memory of 1868	2148	Unicorn-19616.exe	29
PID 1256 wrote to memory of 2568	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	30
PID 1256 wrote to memory of 2568	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	30
PID 1256 wrote to memory of 2568	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	30
PID 1256 wrote to memory of 2568	1256	fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe	30
PID 1868 wrote to memory of 2732	1868	Unicorn-27239.exe	31
PID 1868 wrote to memory of 2732	1868	Unicorn-27239.exe	31
PID 1868 wrote to memory of 2732	1868	Unicorn-27239.exe	31
PID 1868 wrote to memory of 2732	1868	Unicorn-27239.exe	31
PID 2148 wrote to memory of 2624	2148	Unicorn-19616.exe	32
PID 2148 wrote to memory of 2624	2148	Unicorn-19616.exe	32
PID 2148 wrote to memory of 2624	2148	Unicorn-19616.exe	32
PID 2148 wrote to memory of 2624	2148	Unicorn-19616.exe	32
PID 2568 wrote to memory of 2492	2568	Unicorn-7373.exe	33
PID 2568 wrote to memory of 2492	2568	Unicorn-7373.exe	33
PID 2568 wrote to memory of 2492	2568	Unicorn-7373.exe	33
PID 2568 wrote to memory of 2492	2568	Unicorn-7373.exe	33
PID 2624 wrote to memory of 1736	2624	Unicorn-33543.exe	34
PID 2624 wrote to memory of 1736	2624	Unicorn-33543.exe	34
PID 2624 wrote to memory of 1736	2624	Unicorn-33543.exe	34
PID 2624 wrote to memory of 1736	2624	Unicorn-33543.exe	34
PID 2568 wrote to memory of 2824	2568	Unicorn-7373.exe	35
PID 2568 wrote to memory of 2824	2568	Unicorn-7373.exe	35
PID 2568 wrote to memory of 2824	2568	Unicorn-7373.exe	35
PID 2568 wrote to memory of 2824	2568	Unicorn-7373.exe	35
PID 2492 wrote to memory of 2828	2492	Unicorn-36881.exe	36
PID 2492 wrote to memory of 2828	2492	Unicorn-36881.exe	36
PID 2492 wrote to memory of 2828	2492	Unicorn-36881.exe	36
PID 2492 wrote to memory of 2828	2492	Unicorn-36881.exe	36
PID 1736 wrote to memory of 2332	1736	Unicorn-24048.exe	37
PID 1736 wrote to memory of 2332	1736	Unicorn-24048.exe	37
PID 1736 wrote to memory of 2332	1736	Unicorn-24048.exe	37
PID 1736 wrote to memory of 2332	1736	Unicorn-24048.exe	37
PID 2624 wrote to memory of 1436	2624	Unicorn-33543.exe	38
PID 2624 wrote to memory of 1436	2624	Unicorn-33543.exe	38
PID 2624 wrote to memory of 1436	2624	Unicorn-33543.exe	38
PID 2624 wrote to memory of 1436	2624	Unicorn-33543.exe	38
PID 2824 wrote to memory of 832	2824	Unicorn-4758.exe	39
PID 2824 wrote to memory of 832	2824	Unicorn-4758.exe	39
PID 2824 wrote to memory of 832	2824	Unicorn-4758.exe	39
PID 2824 wrote to memory of 832	2824	Unicorn-4758.exe	39
PID 2828 wrote to memory of 2764	2828	Unicorn-24624.exe	40
PID 2828 wrote to memory of 2764	2828	Unicorn-24624.exe	40
PID 2828 wrote to memory of 2764	2828	Unicorn-24624.exe	40
PID 2828 wrote to memory of 2764	2828	Unicorn-24624.exe	40
PID 2492 wrote to memory of 1664	2492	Unicorn-36881.exe	41
PID 2492 wrote to memory of 1664	2492	Unicorn-36881.exe	41
PID 2492 wrote to memory of 1664	2492	Unicorn-36881.exe	41
PID 2492 wrote to memory of 1664	2492	Unicorn-36881.exe	41
PID 2332 wrote to memory of 2260	2332	Unicorn-11694.exe	42
PID 2332 wrote to memory of 2260	2332	Unicorn-11694.exe	42
PID 2332 wrote to memory of 2260	2332	Unicorn-11694.exe	42
PID 2332 wrote to memory of 2260	2332	Unicorn-11694.exe	42
PID 1736 wrote to memory of 2272	1736	Unicorn-24048.exe	43
PID 1736 wrote to memory of 2272	1736	Unicorn-24048.exe	43
PID 1736 wrote to memory of 2272	1736	Unicorn-24048.exe	43
PID 1736 wrote to memory of 2272	1736	Unicorn-24048.exe	43

C:\Users\Admin\AppData\Local\Temp\fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc08a5702fbd02d7f0fb056c3c89c5ed_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        9⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        7⤵
        Executes dropped EXE
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        7⤵
        Executes dropped EXE
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        8⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        6⤵
        Executes dropped EXE
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        7⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        6⤵
        Executes dropped EXE
        
        PID:2740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        8⤵
        Executes dropped EXE
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        12⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        7⤵
        Executes dropped EXE
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31521.exe
        11⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        12⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26488.exe
        13⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        7⤵
        Executes dropped EXE
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        6⤵
        Executes dropped EXE
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        9⤵
        
        PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        7⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        8⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        10⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        6⤵
        Executes dropped EXE
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        9⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        6⤵
        Executes dropped EXE
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        8⤵
        
        PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        6⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        9⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        8⤵
        
        PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe

Filesize
192KB

MD5
930c13fdc43c9a4e61c9735695ff0aa1

SHA1
51cfd2ce0bff251b48f8f197c9b7f246e7a3eb3a

SHA256
d946986d8779a74e533ed2ef0928e9883e76bf99e6d801f546548338f14fcb5e

SHA512
14d724b5afac39e006f7c17d7b50c2f8098d883265f3c19cc35b5bc062f4ab7d4484ad44b36ac8ae8c0e751932850ce826c32dbd99c75e87e2782158b9a7f921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe

Filesize
192KB

MD5
2c960a422aa809c98faedd1ff44295e8

SHA1
b5a8b20bd300729f83b8acb715dc1d0d9ee10f00

SHA256
0d7e8bddcfaad701abda241f1a2b8b796b3569fe26a2da13cc81e25c1f3a022d

SHA512
c60b2d6158e971a9cbb27fbd43cee35d2ee31449e91ce2085aae487e12b70d49bce1ed44f2b66e753939a952e6b84db105d7dfb3954086607d748a0333e2b2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe

Filesize
192KB

MD5
dcc713d439b4776421841b4e3208eb42

SHA1
e9603f24be9524ac5157dfbdbfcd4d5ff3871b9f

SHA256
05d6b892a9aa5cb215601079e47561051f85fb8cad49f0540321a79e9fc82302

SHA512
aec3e29efcd221db954086cdcfaf186463d9430a5bc4203a555ca1e902b4df9274a053006167cbbb43406ba67abd4efdde832bbecc04176a299df48c222d8255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe

Filesize
192KB

MD5
ea0069cac416940087453d0a1fdce503

SHA1
117be726581418e745394ba31d7a2da5b736f381

SHA256
be7bf7a261994342738c0393f1dd6ac42ae96726d1d68737b2c16db0628ed10a

SHA512
8e9b31fbaf9c97455d4cae94e43e0f8977cc70e9f00b7d9889a6b5ee080f8d75b4fbecf22c56dd19286963d228e128ee0e47dc4fdaef360a8b8b588af9438c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe

Filesize
192KB

MD5
e4dd8563a1af70d313c7ca456209b1dc

SHA1
260119b5444d05b8e4757b7e45e5f0e098ca0f3e

SHA256
8eb5fba381ba2e289c7d363c646270606c66a6154c446606bed31829c3a700a3

SHA512
ff099c5bfdc3262cc6ca08c9708ee2de8ccb0830f935f79b072a05cc50d4bb0a892916f3b731e675352afada89ff7313457a9d28c40f48102b3c86161f666881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe

Filesize
192KB

MD5
aafa670a1cf287bdd77855e1d632bc03

SHA1
1ab882ea5e50345489ca34db4ea93e21e6c839d8

SHA256
09d8f642315323b9d1fd313fb6e8164ccecd3561eb778fe67948423151a9fc6f

SHA512
d1f33a813fab77f605399708a71bb962d6f2e4ff86286f88f0fbf61bfbc40f5efec2cd48b075848278c91385a02aef2bc2aadb4f8ca3b0b13bec7668b5c526bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe

Filesize
192KB

MD5
43fc10c2d77e61ee1511636173b71dcf

SHA1
596dddd0aac61b05976c3475ac76f120189d0a36

SHA256
ff84bb8cd5514eb57d6f294c6fb6af716378a672e55f60bb15d4b637753d0bf0

SHA512
adf199b7e8ee01d91eab9360e34b858f50f74a93f6c2cb113274bf1d0f085446d68d748b7aee8d2ff47d4a0fb04cb5d511696124eae6132e4ffe405575151286

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe

Filesize
192KB

MD5
5028c84a1cd692c4e247350aafd8199b

SHA1
5807cb472cbd066eb8aeedd2b1311a496ca90a3b

SHA256
865be563545a56edfecb575409636c9e1c8082b520e64136bf8e6cfe23d58aa9

SHA512
22fa58c73c70b480ffcb0ed7d055875c631cd42f37d073a5a6e4f7fb178a6de042d12464730eceb75e734367629dcfc179229f761ac4fa2281e5b24ddfd766fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe

Filesize
192KB

MD5
6160ad540c6737a2ad41dc795105bcad

SHA1
d4b267a2d946ec08a3d70228d776190fdfb4d7f4

SHA256
74c3bb3727a94a923659e29ce00e65c8dd73dc6adf1608de4b6a79b26eee32c6

SHA512
59ba6a4b7c5057c0b672b14d7ad40888dec14f77f5fcca51484680e2604e2b9ce30aff39b847c3c278a02a93296f7ce35731485db70e8146180ef4de82d10475

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe

Filesize
192KB

MD5
b0509d783409ff86bec17fffb4207965

SHA1
a79ae3dd6009c6f9f3e398cfc84010509a98b0cb

SHA256
8664dd292d777c7d67f931c9a94fbcd5b7a3749a6fe1fcb306d260907d20d3b1

SHA512
83e75f64c43c0b063cf43cd07cfa98025345c5b96d24ad8228b9747cb14ab1b92d0f61ec63455e5673e745b314f16e0b8517f32f8c6b30492df534269c8d4221

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe

Filesize
192KB

MD5
de53a56717898cf7a44babf98eee4691

SHA1
75498c646b0fdcf429722de58de958c24cf5273b

SHA256
b87d65cd2004d5c6cd888704c68e729992af071e484219db0f0a29c71ad878b1

SHA512
9b533533f37a935b8fe6fc9c8f34bb96c9dd203548ce03c106701fc860a7ba6426f73a50c95fb6d90389a73398f86f0195c22cba8d8184f2be4a2cb2d25b6e8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe

Filesize
192KB

MD5
470bfd089ed468edf5e6153c49dc20a0

SHA1
835632fcd38a3384036ba7986818dafb3919d4c0

SHA256
7d0d0cbb16a667c87629192320622688ba560c67119642e9bafb1f238f56bfe8

SHA512
7317aa4869fd661679c8480619e3f096060000dfc74cd3b31f265dff8e86b09952cce95c59d48dcaa617114e746cd6423441c2ce5394fd11354baa354618e04e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe

Filesize
192KB

MD5
6431c6771454db4007716aa7ebf95d89

SHA1
df91ffa866ed8f78cf7dc10bd27fbd5726190a7d

SHA256
6d42389bb5ed6b66b1d754dddcd639a7f0b73d2acdef672c51a252a35f548e4e

SHA512
b8b3e182e2648d50ce46af715f2c434cf6a1f9d0de19c18391929e4c802b6480875843de13053c23722c7269639ec6287afe5a84dbda6b38b85ee91d5d56456e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe

Filesize
192KB

MD5
6c2f8c17f0dbdea19b0328762ab3aad4

SHA1
3d8329412a56761719ea1b2646681be233998ead

SHA256
f9cc57f08544d1a9a4b0f9554f35d59803d876aaca9d98184d777035f0c970e1

SHA512
107ef7c3e617e4289c9c9a3bf1de9f1ffd802edb7887abaca6b1b5054926a7bc9414bc340e17eafb31f1f582cb8ed03b8a607a9aa71f0af4feba78e03f00ed9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe

Filesize
192KB

MD5
4449ceb26910f3492d11a7b34e0fe1eb

SHA1
e3d710e33978a003083916350f72f2dcf9b84a2e

SHA256
cbf86107f8348c1407dbaf248a04400db313c0a3dfec23569dc3e30d26587ff1

SHA512
33653acef455008e09af41114c985af85cc9aa8cd0a51cf5948c2b5bcb922c02934b6b246e3cc4d64870f9dbda6ee12a48140b87b73f9ecb8b0492038d9e28be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe

Filesize
192KB

MD5
8f5cafee224fbcc238cbfa436fa4cc56

SHA1
6e15ec1236db1803717c3b274c0eb2aef8406c86

SHA256
3bb30d750ef23ec4926b3d7b34fc13c42da7ef32d2889f0e6ad51d786f2d8ecb

SHA512
43002fc48202adc2858b216068993ab75e41450a9d4d862686079bfee389c56a3596a8c7ceb46ddcdb1d11b3346376b800f07f1ae512cfab4ab18fb72a7860a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe

Filesize
192KB

MD5
628d1a6e06972a2cb57adbc612fdd0ba

SHA1
cf83d13f364e3ffaffc575abf10855b9b8abfd9d

SHA256
97ddcf8b0af2eb480088ddb5effecf4a04cf852f2b71a60d0c09a3b261d0defd

SHA512
3fdda1da7b41004185f4c2f4e36a6afbae866b0ff178d805280ce9648acef208bce00fbed368c6105b67e9f21bff430c71eade67df6a602e0a89f7f3fe127f36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe

Filesize
192KB

MD5
c5158802489d22301285337e5ddd4887

SHA1
9da04a38ead566badf404bce9c3fc8d74529fd71

SHA256
4698927250c35cb8725b0c3a652601ea6a18bdb8468f00d65ee706681591ab16

SHA512
9461e3aa8f80f12199dda27412737fb77e4fd50f741d023df93eec95091f704c1b986b19b91fc85bff8ca9f0655c27432481baa002604bbbf38bd921bc68aed8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe

Filesize
192KB

MD5
42062e428fe10a13954a96f8017b3ca6

SHA1
f672ca3883566d8cdf50538c682157f05f092f1a

SHA256
a63daa2f385bd770b57a2c66d758ea71e1fe224283ad5018ea10a36e966472bf

SHA512
22863e7b5379c9ecb7c12db19a8336fa9af878574b50ddf9b1c938712ba24cf10bb29065ba22f38a38598cbbc4fb63c2c978583543865b8a6fa3458db70afd69

Download Submit
memory/1248-518-0x0000000002B20000-0x0000000002C7C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads