6cca8137216ab6be9bcb0dc715764c764d45e50bb7cd7c15e222f35b4f67da09

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe
Size

184KB
MD5

fefc3e214bbbfaa97f87a0d3b66625fc
SHA1

2ae8d066b215e59e261f58a58d721735aa85d611
SHA256

6cca8137216ab6be9bcb0dc715764c764d45e50bb7cd7c15e222f35b4f67da09
SHA512

db2dfa3e2456233c80ab04d10104e6a130f7253ea7172edfc9043a6423772a3a34a308b78bb2a69417b3a1ff18e6f6898617bf1767ee900a2c049a33fff131ca
SSDEEP

3072:wTiEomRLyUT0nOj4MRPovJ01yv0MR8l48SxKia1uNlPMpFC:wT5oL+0n7MtovJzMP2NlPMpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 49 IoCs

pid	Process
2980	Unicorn-14995.exe
2620	Unicorn-51041.exe
2528	Unicorn-9261.exe
2116	Unicorn-45307.exe
1516	Unicorn-3563.exe
328	Unicorn-44726.exe
1768	Unicorn-15234.exe
856	Unicorn-38992.exe
2160	Unicorn-9500.exe
2776	Unicorn-50699.exe
572	Unicorn-29436.exe
836	Unicorn-4028.exe
2592	Unicorn-27822.exe
2244	Unicorn-58268.exe
360	Unicorn-20609.exe
2176	Unicorn-48450.exe
1964	Unicorn-6706.exe
2668	Unicorn-47905.exe
2492	Unicorn-10209.exe
2220	Unicorn-34003.exe
2892	Unicorn-45508.exe
1920	Unicorn-37506.exe
1800	Unicorn-61299.exe
2256	Unicorn-7267.exe
1312	Unicorn-47397.exe
1952	Unicorn-23059.exe
980	Unicorn-34564.exe
452	Unicorn-9156.exe
1960	Unicorn-20662.exe
2768	Unicorn-61860.exe
1576	Unicorn-36453.exe
2640	Unicorn-15189.exe
2972	Unicorn-38983.exe
1484	Unicorn-30981.exe
1744	Unicorn-42486.exe
1028	Unicorn-742.exe
1404	Unicorn-28584.exe
1208	Unicorn-5781.exe
2208	Unicorn-29575.exe
2372	Unicorn-53332.exe
2312	Unicorn-27925.exe
1732	Unicorn-52751.exe
2420	Unicorn-23260.exe
2136	Unicorn-63389.exe
1180	Unicorn-9357.exe
1940	Unicorn-50556.exe
1724	Unicorn-21065.exe
2272	Unicorn-44822.exe
1004	Unicorn-3078.exe

Loads dropped DLL 64 IoCs

pid	Process
2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe
2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe
2980	Unicorn-14995.exe
2980	Unicorn-14995.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2720	WerFault.exe
2620	Unicorn-51041.exe
2620	Unicorn-51041.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
2528	Unicorn-9261.exe
2528	Unicorn-9261.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
2116	Unicorn-45307.exe
2116	Unicorn-45307.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
1516	Unicorn-3563.exe
1516	Unicorn-3563.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
2068	WerFault.exe
328	Unicorn-44726.exe
328	Unicorn-44726.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
1768	Unicorn-15234.exe
1768	Unicorn-15234.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe

Program crash 49 IoCs

pid	pid_target	Process	procid_target
3048	2968	WerFault.exe	27
2720	2980	WerFault.exe	28
1720	2620	WerFault.exe	30
1792	2528	WerFault.exe	32
2316	2116	WerFault.exe	34
2068	1516	WerFault.exe	36
2516	328	WerFault.exe	38
2684	1768	WerFault.exe	40
2164	856	WerFault.exe	42
336	2160	WerFault.exe	44
1712	2776	WerFault.exe	46
3028	572	WerFault.exe	48
2748	836	WerFault.exe	50
816	2592	WerFault.exe	52
2948	2244	WerFault.exe	54
1424	360	WerFault.exe	56
1632	2176	WerFault.exe	60
2548	1964	WerFault.exe	62
1820	2668	WerFault.exe	64
2336	2492	WerFault.exe	66
2804	2220	WerFault.exe	68
1360	2892	WerFault.exe	70
1696	1920	WerFault.exe	72
1780	1800	WerFault.exe	74
1680	2256	WerFault.exe	76
1924	1312	WerFault.exe	78
812	1952	WerFault.exe	80
320	980	WerFault.exe	82
948	452	WerFault.exe	84
1524	1960	WerFault.exe	86
2076	2768	WerFault.exe	88
2504	1576	WerFault.exe	90
1944	2640	WerFault.exe	92
2236	2972	WerFault.exe	94
1772	1484	WerFault.exe	96
3044	1744	WerFault.exe	98
2728	1028	WerFault.exe	100
1664	1404	WerFault.exe	102
2428	1208	WerFault.exe	104
1292	2208	WerFault.exe	106
1584	2372	WerFault.exe	108
604	2312	WerFault.exe	110
2216	1732	WerFault.exe	112
2508	2420	WerFault.exe	114
2112	2136	WerFault.exe	116
1256	1180	WerFault.exe	118
1636	1940	WerFault.exe	120
2480	1724	WerFault.exe	122
952	2272	WerFault.exe	124

Suspicious use of SetWindowsHookEx 50 IoCs

pid	Process
2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe
2980	Unicorn-14995.exe
2620	Unicorn-51041.exe
2528	Unicorn-9261.exe
2116	Unicorn-45307.exe
1516	Unicorn-3563.exe
328	Unicorn-44726.exe
1768	Unicorn-15234.exe
856	Unicorn-38992.exe
2160	Unicorn-9500.exe
2776	Unicorn-50699.exe
572	Unicorn-29436.exe
836	Unicorn-4028.exe
2592	Unicorn-27822.exe
2244	Unicorn-58268.exe
360	Unicorn-20609.exe
2176	Unicorn-48450.exe
1964	Unicorn-6706.exe
2668	Unicorn-47905.exe
2492	Unicorn-10209.exe
2220	Unicorn-34003.exe
2892	Unicorn-45508.exe
1920	Unicorn-37506.exe
1800	Unicorn-61299.exe
2256	Unicorn-7267.exe
1312	Unicorn-47397.exe
1952	Unicorn-23059.exe
980	Unicorn-34564.exe
452	Unicorn-9156.exe
1960	Unicorn-20662.exe
2768	Unicorn-61860.exe
1576	Unicorn-36453.exe
2640	Unicorn-15189.exe
2972	Unicorn-38983.exe
1484	Unicorn-30981.exe
1744	Unicorn-42486.exe
1028	Unicorn-742.exe
1404	Unicorn-28584.exe
1208	Unicorn-5781.exe
2208	Unicorn-29575.exe
2372	Unicorn-53332.exe
2312	Unicorn-27925.exe
1732	Unicorn-52751.exe
2420	Unicorn-23260.exe
2136	Unicorn-63389.exe
1180	Unicorn-9357.exe
1940	Unicorn-50556.exe
1724	Unicorn-21065.exe
2272	Unicorn-44822.exe
1004	Unicorn-3078.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2980	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2980	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2980	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	28
PID 2968 wrote to memory of 2980	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	28
PID 2968 wrote to memory of 3048	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	29
PID 2968 wrote to memory of 3048	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	29
PID 2968 wrote to memory of 3048	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	29
PID 2968 wrote to memory of 3048	2968	fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe	29
PID 2980 wrote to memory of 2620	2980	Unicorn-14995.exe	30
PID 2980 wrote to memory of 2620	2980	Unicorn-14995.exe	30
PID 2980 wrote to memory of 2620	2980	Unicorn-14995.exe	30
PID 2980 wrote to memory of 2620	2980	Unicorn-14995.exe	30
PID 2980 wrote to memory of 2720	2980	Unicorn-14995.exe	31
PID 2980 wrote to memory of 2720	2980	Unicorn-14995.exe	31
PID 2980 wrote to memory of 2720	2980	Unicorn-14995.exe	31
PID 2980 wrote to memory of 2720	2980	Unicorn-14995.exe	31
PID 2620 wrote to memory of 2528	2620	Unicorn-51041.exe	32
PID 2620 wrote to memory of 2528	2620	Unicorn-51041.exe	32
PID 2620 wrote to memory of 2528	2620	Unicorn-51041.exe	32
PID 2620 wrote to memory of 2528	2620	Unicorn-51041.exe	32
PID 2620 wrote to memory of 1720	2620	Unicorn-51041.exe	33
PID 2620 wrote to memory of 1720	2620	Unicorn-51041.exe	33
PID 2620 wrote to memory of 1720	2620	Unicorn-51041.exe	33
PID 2620 wrote to memory of 1720	2620	Unicorn-51041.exe	33
PID 2528 wrote to memory of 2116	2528	Unicorn-9261.exe	34
PID 2528 wrote to memory of 2116	2528	Unicorn-9261.exe	34
PID 2528 wrote to memory of 2116	2528	Unicorn-9261.exe	34
PID 2528 wrote to memory of 2116	2528	Unicorn-9261.exe	34
PID 2528 wrote to memory of 1792	2528	Unicorn-9261.exe	35
PID 2528 wrote to memory of 1792	2528	Unicorn-9261.exe	35
PID 2528 wrote to memory of 1792	2528	Unicorn-9261.exe	35
PID 2528 wrote to memory of 1792	2528	Unicorn-9261.exe	35
PID 2116 wrote to memory of 1516	2116	Unicorn-45307.exe	36
PID 2116 wrote to memory of 1516	2116	Unicorn-45307.exe	36
PID 2116 wrote to memory of 1516	2116	Unicorn-45307.exe	36
PID 2116 wrote to memory of 1516	2116	Unicorn-45307.exe	36
PID 2116 wrote to memory of 2316	2116	Unicorn-45307.exe	37
PID 2116 wrote to memory of 2316	2116	Unicorn-45307.exe	37
PID 2116 wrote to memory of 2316	2116	Unicorn-45307.exe	37
PID 2116 wrote to memory of 2316	2116	Unicorn-45307.exe	37
PID 1516 wrote to memory of 328	1516	Unicorn-3563.exe	38
PID 1516 wrote to memory of 328	1516	Unicorn-3563.exe	38
PID 1516 wrote to memory of 328	1516	Unicorn-3563.exe	38
PID 1516 wrote to memory of 328	1516	Unicorn-3563.exe	38
PID 1516 wrote to memory of 2068	1516	Unicorn-3563.exe	39
PID 1516 wrote to memory of 2068	1516	Unicorn-3563.exe	39
PID 1516 wrote to memory of 2068	1516	Unicorn-3563.exe	39
PID 1516 wrote to memory of 2068	1516	Unicorn-3563.exe	39
PID 328 wrote to memory of 1768	328	Unicorn-44726.exe	40
PID 328 wrote to memory of 1768	328	Unicorn-44726.exe	40
PID 328 wrote to memory of 1768	328	Unicorn-44726.exe	40
PID 328 wrote to memory of 1768	328	Unicorn-44726.exe	40
PID 328 wrote to memory of 2516	328	Unicorn-44726.exe	41
PID 328 wrote to memory of 2516	328	Unicorn-44726.exe	41
PID 328 wrote to memory of 2516	328	Unicorn-44726.exe	41
PID 328 wrote to memory of 2516	328	Unicorn-44726.exe	41
PID 1768 wrote to memory of 856	1768	Unicorn-15234.exe	42
PID 1768 wrote to memory of 856	1768	Unicorn-15234.exe	42
PID 1768 wrote to memory of 856	1768	Unicorn-15234.exe	42
PID 1768 wrote to memory of 856	1768	Unicorn-15234.exe	42
PID 1768 wrote to memory of 2684	1768	Unicorn-15234.exe	43
PID 1768 wrote to memory of 2684	1768	Unicorn-15234.exe	43
PID 1768 wrote to memory of 2684	1768	Unicorn-15234.exe	43
PID 1768 wrote to memory of 2684	1768	Unicorn-15234.exe	43

C:\Users\Admin\AppData\Local\Temp\fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fefc3e214bbbfaa97f87a0d3b66625fc_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53332.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23260.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21065.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        49⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3078.exe
        50⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        50⤵
        Program crash
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        49⤵
        Program crash
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        48⤵
        Program crash
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
        47⤵
        Program crash
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        46⤵
        Program crash
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        45⤵
        Program crash
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        44⤵
        Program crash
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        43⤵
        Program crash
        
        PID:604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        42⤵
        Program crash
        
        PID:1584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        41⤵
        Program crash
        
        PID:1292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        40⤵
        Program crash
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        39⤵
        Program crash
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        38⤵
        Program crash
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        37⤵
        Program crash
        
        PID:3044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
        36⤵
        Program crash
        
        PID:1772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        35⤵
        Program crash
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        34⤵
        Program crash
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        33⤵
        Program crash
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        32⤵
        Program crash
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        31⤵
        Program crash
        
        PID:1524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 236
        30⤵
        Program crash
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        29⤵
        Program crash
        
        PID:320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        28⤵
        Program crash
        
        PID:812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
        27⤵
        Program crash
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        26⤵
        Program crash
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        25⤵
        Program crash
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        24⤵
        Program crash
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        23⤵
        Program crash
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        22⤵
        Program crash
        
        PID:2804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        21⤵
        Program crash
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        20⤵
        Program crash
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        19⤵
        Program crash
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        18⤵
        Program crash
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 236
        17⤵
        Program crash
        
        PID:1424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        16⤵
        Program crash
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        15⤵
        Program crash
        
        PID:816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        14⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        13⤵
        Program crash
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        12⤵
        Program crash
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        11⤵
        Program crash
        
        PID:336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        10⤵
        Program crash
        
        PID:2164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        9⤵
        Loads dropped DLL
        Program crash
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:2068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
  2⤵
  - Program crash
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe

Filesize
184KB

MD5
453d45f38145d985b7bbb3fa279d534f

SHA1
be90429a2cadd258a61ae8619ae53d16132462d4

SHA256
d25decfeb0b132ea7edd2508a2c7117aabf8b1d3e9485bff235783eb8bad4293

SHA512
5d350da5aa188628d3b99cebe95fae141811db08af3efb9da1c0e73f51fc6f884a0b3ab7633d01f3b78ac50f20394169314e3ab5c1c3c7d2ad4e63114ba0b68e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe

Filesize
184KB

MD5
c3b1eca892ca52c8daf97d0c4848adc0

SHA1
2aa22030df1a5f85a4cd6aa35c935dc1cd63f18f

SHA256
bed10380ab5e0a4e64aa075b1674b130c91c78e23714954f77f57b6593a373ea

SHA512
4b8eb6fcc0d9185f7c0d74dba2763c6f1b237ebb0f507e0c07427db99741985c1b1dac9a3df424e49579114c94003d21a082c01c6f29214dc4aa5a51439e59ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe

Filesize
184KB

MD5
2f3393261ec74ff07e75a5162b07e733

SHA1
cd25956868ef2380817f372059a329fe337c8511

SHA256
966154d26bf9c0755d8746762ebb037bcb94679b2489633789b04a3a5a2f50d8

SHA512
e3b6f40024bf1e7b76d77e02ae6b8c54307410aecd8cb779811d4dc130522b0c63ba4083e27c332d817a501233fb551b730e56985fda920bc1b9b84f3e5f053b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe

Filesize
184KB

MD5
f1bef738f205483051d5a6a4cdd8041d

SHA1
748cae1e1863c2bc28d3959e13d373325c695602

SHA256
71ed7845bc1aa85afadfdc5ce5e5a874e46e257aef51db0eb175f8bcf09b341e

SHA512
74aea1bc4f6a02db8606443200b9b0145e6cd8a812fc2bc628e28b49c66533d9e2bd21573a62ebf9b3eb35a2e02ea6fe6eabc799a80e04a313a121fe8ec4110b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe

Filesize
184KB

MD5
caf09c60eaf83c3e81e548a272375b77

SHA1
3f29e895c1b73b4207f0fdf06f9b0bec32257cac

SHA256
d9c4669c13ef4b0d573e744e0d1ba16b1948f4e56b079629af4480e49c9939b1

SHA512
e43e929ba11a5a47b8737d051193258c114e8206473b200ffbcfccefde166f0b93ec41bcb68bbc181845911a76db1e1938bd349cb57ecf3e331623f7f945156c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe

Filesize
184KB

MD5
a762a123281362c41e707f2e6667bddd

SHA1
7e3b1c164e4519f95f176633825e55da5fb85b89

SHA256
5921354e9850ce8e204cc4c0ecea30925f9b48f6fe0c869fb1c27a259f8518bf

SHA512
a1227fe102d1759da0cb6415027f9e4c8053b569da297817bbef1d39e87b33e5125e1e078fb166e9ecbc4c630d407fa4a11e1bd9a09279e31a82815b5135aae9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe

Filesize
184KB

MD5
37eb294602523edd04307971b571a5c9

SHA1
06894723ece11143d7133a885d64fafb43229b80

SHA256
3da58c4b9db870c436d5189f0a96dd97658d28cf2323c12080c80b575de8e04e

SHA512
3636dd633c6f6de9595f7f304ce17d06a930cfe4b2ee8e5a88d068fbd603f4eb9967e5583069927f8a021b002bc4263934b3ff57c4aad3ad255b85e6517a6503

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe

Filesize
184KB

MD5
9cce46aabb02d98a3899a2fc1df9bc1d

SHA1
19a0da56984fb0fe6f22c4b1ca02437e962715ae

SHA256
32d042ccf49b0264b9bc9e4d121177a3b1baf02945748f03f060b8232c11937e

SHA512
59d21d90cbcad1cf6b77f5350fc8e19235227a78887201fc3fc4130fbfaee38363583e568e6769e4aba782ccc52e8e54b68f91eb074a624a6879cbc9874adc0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe

Filesize
184KB

MD5
b3389d0006ae6c8055c9ef52e501978a

SHA1
88a46ab9e3b71d9d253f03834b9a73a77fee68db

SHA256
dc8f5cfe3cf311225c2cefae7d24c2b98a574511abc8532080a789a08b88443d

SHA512
bb32f7bb57073e2bc901a242afc0de4bb82c790fcec27365f86cd237aa7409112631105d087b8885c3ec9fa7823dacc996b9b87a8f860337936b23233a253eb0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads