03f2d05a52b3b0cbd765ed05e19582bf931ed51ce4759029c1e2e351665505f3

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe
Size

184KB
MD5

feb4f46431567f14c180af4a275ec89e
SHA1

b8e6b08be3184df0dade8dc137282dc6d3754fc1
SHA256

03f2d05a52b3b0cbd765ed05e19582bf931ed51ce4759029c1e2e351665505f3
SHA512

58a42ccd251d28344f92d7394f8cfb1d7522499185135c1731b15ad88e25f602ee2f8a1afefd3a7cc492cf912db61687bca98a749f6fe5ab4be6ab463b463df5
SSDEEP

3072:BuhEouGExo7Xsd5/VwwF0y8d2uUv6VUzCLv3xwhd4jNlOFpFs:BuCoPTsd7w40y86eq6NlOFpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 49 IoCs

pid	Process
1244	Unicorn-32317.exe
2592	Unicorn-26967.exe
2856	Unicorn-40537.exe
2440	Unicorn-19440.exe
2000	Unicorn-31495.exe
2008	Unicorn-33929.exe
800	Unicorn-58272.exe
2544	Unicorn-52538.exe
1740	Unicorn-56425.exe
2132	Unicorn-34355.exe
776	Unicorn-47946.exe
556	Unicorn-38164.exe
2324	Unicorn-33499.exe
1760	Unicorn-52749.exe
1768	Unicorn-56252.exe
1316	Unicorn-54638.exe
3024	Unicorn-58525.exe
2628	Unicorn-53860.exe
2704	Unicorn-40342.exe
3008	Unicorn-30560.exe
2480	Unicorn-34063.exe
2684	Unicorn-27177.exe
1052	Unicorn-30680.exe
760	Unicorn-37618.exe
2364	Unicorn-52400.exe
1284	Unicorn-17009.exe
596	Unicorn-7574.exe
3032	Unicorn-18213.exe
1300	Unicorn-48742.exe
2120	Unicorn-29687.exe
1832	Unicorn-29957.exe
2596	Unicorn-20139.exe
2568	Unicorn-62956.exe
2508	Unicorn-61306.exe
1136	Unicorn-1698.exe
1536	Unicorn-49249.exe
592	Unicorn-34698.exe
1804	Unicorn-24880.exe
1948	Unicorn-55025.exe
2524	Unicorn-44055.exe
1996	Unicorn-37288.exe
1868	Unicorn-19686.exe
2380	Unicorn-57999.exe
1664	Unicorn-39328.exe
2052	Unicorn-33630.exe
2016	Unicorn-48796.exe
940	Unicorn-29741.exe
320	Unicorn-59886.exe
2608	Unicorn-51988.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe
2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe
1244	Unicorn-32317.exe
1244	Unicorn-32317.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2592	Unicorn-26967.exe
2592	Unicorn-26967.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2472	WerFault.exe
2856	Unicorn-40537.exe
2856	Unicorn-40537.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2440	Unicorn-19440.exe
2440	Unicorn-19440.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2000	Unicorn-31495.exe
2000	Unicorn-31495.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
2008	Unicorn-33929.exe
2008	Unicorn-33929.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
800	Unicorn-58272.exe
800	Unicorn-58272.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
2544	Unicorn-52538.exe
2544	Unicorn-52538.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
1740	Unicorn-56425.exe
1740	Unicorn-56425.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe

Program crash 49 IoCs

pid	pid_target	Process	procid_target
2796	2368	WerFault.exe	27
2720	1244	WerFault.exe	28
2472	2592	WerFault.exe	30
2168	2856	WerFault.exe	32
2656	2440	WerFault.exe	34
1992	2000	WerFault.exe	36
1692	2008	WerFault.exe	38
1560	800	WerFault.exe	40
2876	2544	WerFault.exe	42
2292	1740	WerFault.exe	44
580	2132	WerFault.exe	46
1088	776	WerFault.exe	48
2088	556	WerFault.exe	50
888	2324	WerFault.exe	52
912	1760	WerFault.exe	54
1512	1768	WerFault.exe	56
1620	1316	WerFault.exe	60
2552	3024	WerFault.exe	62
2600	2628	WerFault.exe	64
2536	2704	WerFault.exe	66
2520	3008	WerFault.exe	68
2632	2480	WerFault.exe	70
2020	2684	WerFault.exe	72
1672	1052	WerFault.exe	74
1600	760	WerFault.exe	76
1048	2364	WerFault.exe	78
1500	1284	WerFault.exe	80
2288	596	WerFault.exe	82
1624	3032	WerFault.exe	84
1204	1300	WerFault.exe	86
1732	2120	WerFault.exe	88
2788	1832	WerFault.exe	90
1320	2596	WerFault.exe	92
1816	2568	WerFault.exe	94
2812	2508	WerFault.exe	96
2064	1136	WerFault.exe	98
704	1536	WerFault.exe	100
1032	592	WerFault.exe	102
2580	1804	WerFault.exe	104
2444	1948	WerFault.exe	106
376	2524	WerFault.exe	108
1800	1996	WerFault.exe	110
1376	1868	WerFault.exe	112
1040	2380	WerFault.exe	114
2708	1664	WerFault.exe	116
2972	2052	WerFault.exe	118
1208	2016	WerFault.exe	120
848	940	WerFault.exe	122
1592	320	WerFault.exe	124

Suspicious use of SetWindowsHookEx 50 IoCs

pid	Process
2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe
1244	Unicorn-32317.exe
2592	Unicorn-26967.exe
2856	Unicorn-40537.exe
2440	Unicorn-19440.exe
2000	Unicorn-31495.exe
2008	Unicorn-33929.exe
800	Unicorn-58272.exe
2544	Unicorn-52538.exe
1740	Unicorn-56425.exe
2132	Unicorn-34355.exe
776	Unicorn-47946.exe
556	Unicorn-38164.exe
2324	Unicorn-33499.exe
1760	Unicorn-52749.exe
1768	Unicorn-56252.exe
1316	Unicorn-54638.exe
3024	Unicorn-58525.exe
2628	Unicorn-53860.exe
2704	Unicorn-40342.exe
3008	Unicorn-30560.exe
2480	Unicorn-34063.exe
2684	Unicorn-27177.exe
1052	Unicorn-30680.exe
760	Unicorn-37618.exe
2364	Unicorn-52400.exe
1284	Unicorn-17009.exe
596	Unicorn-7574.exe
3032	Unicorn-18213.exe
1300	Unicorn-48742.exe
2120	Unicorn-29687.exe
1832	Unicorn-29957.exe
2596	Unicorn-20139.exe
2568	Unicorn-62956.exe
2508	Unicorn-61306.exe
1136	Unicorn-1698.exe
1536	Unicorn-49249.exe
592	Unicorn-34698.exe
1804	Unicorn-24880.exe
1948	Unicorn-55025.exe
2524	Unicorn-44055.exe
1996	Unicorn-37288.exe
1868	Unicorn-19686.exe
2380	Unicorn-57999.exe
1664	Unicorn-39328.exe
2052	Unicorn-33630.exe
2016	Unicorn-48796.exe
940	Unicorn-29741.exe
320	Unicorn-59886.exe
2608	Unicorn-51988.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1244	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	28
PID 2368 wrote to memory of 1244	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	28
PID 2368 wrote to memory of 1244	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	28
PID 2368 wrote to memory of 1244	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	28
PID 2368 wrote to memory of 2796	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	29
PID 2368 wrote to memory of 2796	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	29
PID 2368 wrote to memory of 2796	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	29
PID 2368 wrote to memory of 2796	2368	feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe	29
PID 1244 wrote to memory of 2592	1244	Unicorn-32317.exe	30
PID 1244 wrote to memory of 2592	1244	Unicorn-32317.exe	30
PID 1244 wrote to memory of 2592	1244	Unicorn-32317.exe	30
PID 1244 wrote to memory of 2592	1244	Unicorn-32317.exe	30
PID 1244 wrote to memory of 2720	1244	Unicorn-32317.exe	31
PID 1244 wrote to memory of 2720	1244	Unicorn-32317.exe	31
PID 1244 wrote to memory of 2720	1244	Unicorn-32317.exe	31
PID 1244 wrote to memory of 2720	1244	Unicorn-32317.exe	31
PID 2592 wrote to memory of 2856	2592	Unicorn-26967.exe	32
PID 2592 wrote to memory of 2856	2592	Unicorn-26967.exe	32
PID 2592 wrote to memory of 2856	2592	Unicorn-26967.exe	32
PID 2592 wrote to memory of 2856	2592	Unicorn-26967.exe	32
PID 2592 wrote to memory of 2472	2592	Unicorn-26967.exe	33
PID 2592 wrote to memory of 2472	2592	Unicorn-26967.exe	33
PID 2592 wrote to memory of 2472	2592	Unicorn-26967.exe	33
PID 2592 wrote to memory of 2472	2592	Unicorn-26967.exe	33
PID 2856 wrote to memory of 2440	2856	Unicorn-40537.exe	34
PID 2856 wrote to memory of 2440	2856	Unicorn-40537.exe	34
PID 2856 wrote to memory of 2440	2856	Unicorn-40537.exe	34
PID 2856 wrote to memory of 2440	2856	Unicorn-40537.exe	34
PID 2856 wrote to memory of 2168	2856	Unicorn-40537.exe	35
PID 2856 wrote to memory of 2168	2856	Unicorn-40537.exe	35
PID 2856 wrote to memory of 2168	2856	Unicorn-40537.exe	35
PID 2856 wrote to memory of 2168	2856	Unicorn-40537.exe	35
PID 2440 wrote to memory of 2000	2440	Unicorn-19440.exe	36
PID 2440 wrote to memory of 2000	2440	Unicorn-19440.exe	36
PID 2440 wrote to memory of 2000	2440	Unicorn-19440.exe	36
PID 2440 wrote to memory of 2000	2440	Unicorn-19440.exe	36
PID 2440 wrote to memory of 2656	2440	Unicorn-19440.exe	37
PID 2440 wrote to memory of 2656	2440	Unicorn-19440.exe	37
PID 2440 wrote to memory of 2656	2440	Unicorn-19440.exe	37
PID 2440 wrote to memory of 2656	2440	Unicorn-19440.exe	37
PID 2000 wrote to memory of 2008	2000	Unicorn-31495.exe	38
PID 2000 wrote to memory of 2008	2000	Unicorn-31495.exe	38
PID 2000 wrote to memory of 2008	2000	Unicorn-31495.exe	38
PID 2000 wrote to memory of 2008	2000	Unicorn-31495.exe	38
PID 2000 wrote to memory of 1992	2000	Unicorn-31495.exe	39
PID 2000 wrote to memory of 1992	2000	Unicorn-31495.exe	39
PID 2000 wrote to memory of 1992	2000	Unicorn-31495.exe	39
PID 2000 wrote to memory of 1992	2000	Unicorn-31495.exe	39
PID 2008 wrote to memory of 800	2008	Unicorn-33929.exe	40
PID 2008 wrote to memory of 800	2008	Unicorn-33929.exe	40
PID 2008 wrote to memory of 800	2008	Unicorn-33929.exe	40
PID 2008 wrote to memory of 800	2008	Unicorn-33929.exe	40
PID 2008 wrote to memory of 1692	2008	Unicorn-33929.exe	41
PID 2008 wrote to memory of 1692	2008	Unicorn-33929.exe	41
PID 2008 wrote to memory of 1692	2008	Unicorn-33929.exe	41
PID 2008 wrote to memory of 1692	2008	Unicorn-33929.exe	41
PID 800 wrote to memory of 2544	800	Unicorn-58272.exe	42
PID 800 wrote to memory of 2544	800	Unicorn-58272.exe	42
PID 800 wrote to memory of 2544	800	Unicorn-58272.exe	42
PID 800 wrote to memory of 2544	800	Unicorn-58272.exe	42
PID 800 wrote to memory of 1560	800	Unicorn-58272.exe	43
PID 800 wrote to memory of 1560	800	Unicorn-58272.exe	43
PID 800 wrote to memory of 1560	800	Unicorn-58272.exe	43
PID 800 wrote to memory of 1560	800	Unicorn-58272.exe	43

C:\Users\Admin\AppData\Local\Temp\feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\feb4f46431567f14c180af4a275ec89e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33499.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        49⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        50⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        50⤵
        Program crash
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        49⤵
        Program crash
        
        PID:848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        48⤵
        Program crash
        
        PID:1208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        47⤵
        Program crash
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        46⤵
        Program crash
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        45⤵
        Program crash
        
        PID:1040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        44⤵
        Program crash
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        43⤵
        Program crash
        
        PID:1800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        42⤵
        Program crash
        
        PID:376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        41⤵
        Program crash
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        40⤵
        Program crash
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
        39⤵
        Program crash
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        38⤵
        Program crash
        
        PID:704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        37⤵
        Program crash
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        36⤵
        Program crash
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        35⤵
        Program crash
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        34⤵
        Program crash
        
        PID:1320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        33⤵
        Program crash
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        32⤵
        Program crash
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        31⤵
        Program crash
        
        PID:1204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        30⤵
        Program crash
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
        29⤵
        Program crash
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        28⤵
        Program crash
        
        PID:1500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        27⤵
        Program crash
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        26⤵
        Program crash
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        25⤵
        Program crash
        
        PID:1672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        24⤵
        Program crash
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        23⤵
        Program crash
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        22⤵
        Program crash
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        21⤵
        Program crash
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        20⤵
        Program crash
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        19⤵
        Program crash
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
        18⤵
        Program crash
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        17⤵
        Program crash
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        16⤵
        Program crash
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        15⤵
        Program crash
        
        PID:888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        14⤵
        Program crash
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
        13⤵
        Program crash
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        12⤵
        Program crash
        
        PID:580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        11⤵
        Loads dropped DLL
        Program crash
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        10⤵
        Loads dropped DLL
        Program crash
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:1560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2472
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
  2⤵
  - Program crash
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe

Filesize
184KB

MD5
e8206310cc4cbbe59102d0c3f3a3cb49

SHA1
5ea520bf78f84301b5af7039026e26cbb5f66d7e

SHA256
8cc95bd6d5b383cfc43dfb9b84c82740494068b95f4f0e50f9d78e352e09a013

SHA512
678090cc47d623056be98088b5d5dffad9f51608ba6d4f2017e26667998d64b3742da91fe4d8df408d64d2cf148e9b27000baf8d3b22cf79c9b4077aa0d25e1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe

Filesize
184KB

MD5
35be13dade5f559d6a52ea3c999daed9

SHA1
253e05b31c16e621ed8e239ec895a93c81a0ef1d

SHA256
b766ec683386a473f840614fd5ce405790705df66d461dc93d01fabb6c68f33b

SHA512
19c8db2a65f81630a889a13dcc03900c78c70e410db44313493789c62a16049db0a6c7673d034267bc130f5a99b42c35ed4c9f43ecb60017adeaa3aa5a9d5561

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe

Filesize
184KB

MD5
35f9efad7b16e83dc71236d425a1269e

SHA1
a575c72289d7650aa76130bcbb11dea02062893f

SHA256
232fccc5dd8279c11af1ef6154d3e828e4ec51f7086a031fac5a2586b5df320a

SHA512
7766bcf378558c71b49c6fef5f9828daa35f7c73651886ead9008bb06c79000ee6e668e7700ee496a114cbba1e9260934042871e806df16c9f5913690757b231

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe

Filesize
184KB

MD5
accf8a46f4bad4ec69004e18313ba9b6

SHA1
d0284e3fbc850d988b911ca456c5608b6a4683b0

SHA256
e1cca7fa5d49b2ca20c631665f6a5b0189c5c09f9d3ea4332ed320963bc33c0d

SHA512
91c7dd8b3ef7627da66431263f2072ab08a5adaf6b01e69ad23db89a5cb353653fc4c9b08477b9d611871cfe66e2d804374f8268f7fe7cf3b5286667aa15db88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe

Filesize
184KB

MD5
5cd7724f9d6cd736647f35d0868d87a3

SHA1
60f88393e6b6bfb46d787bbac04de488e4948a10

SHA256
6bd0c76a86d603e8258203ae0d1beb1799a319cb86e27d54119b4a116914e7e2

SHA512
d3999ee7ddb558781c243ab9c1e1e44bec40b35963b7acf5706562849a518cfae5929e16a863110651e3747d7ff3ffd70e64c9c98a8fe3026a3d098441f17de8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe

Filesize
184KB

MD5
04dc9170abe765c78400cb4d19467809

SHA1
cf8666fada514e9a2fb5853db16257880dd820cd

SHA256
d6afcd93fca45204bce4b707e8cf437e23e5974d09119aa6c5138c3e77b9a1e5

SHA512
1e199e2b3e397650aae9bc0abd97eff389d4dc793a5df8dcb4461901f9e6905aa898cdde477bc1f67a2ac8f2d2c433352a2eed4ca59709a9f8c7ff409a337e32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe

Filesize
184KB

MD5
7153d24077c0667552ed478da6e89194

SHA1
c29548561893c7546758ea52a789f7c96ff6e5bb

SHA256
3631cb1e7d15219a6d88988b14fc4439b82aaa4e2e34e2f799fa191af0c27017

SHA512
cc02e6dedc7d7b0a4ffa3cd2e5d99939aae5639a2aa31d63b9ff5ebda57029f5923a17746817304d6a7e02e84fab610b1cd12b14b5b43b250b1d9c81b02844ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe

Filesize
184KB

MD5
99996e689671c37df307826be5339daa

SHA1
5d1dd77ef579d8662bf92880c4bb81b4fa3cf274

SHA256
3d4e1413a3dcfabfd0c1630e3120b7f5bb914097e866e971f3da7a0f82361f3a

SHA512
5c9312322caf455a308bdaafd71792c8d9c4c9522cecead80e4f52f2b9133a071c9e1a74e639cb2b0c5f3a297faf40b7fbe1dca41f63e065d43342a8067846c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads