446d1fda5ca0a16f5ab03ba6d6329930ccfed008e9e86025c2c393ce039f69c3

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09802a41049cb234db6d38d44671498f.exe
Size

192KB
MD5

09802a41049cb234db6d38d44671498f
SHA1

1fb3af7075623aa8f8e72b3678c4a369cd9652e0
SHA256

446d1fda5ca0a16f5ab03ba6d6329930ccfed008e9e86025c2c393ce039f69c3
SHA512

9b40418e495cb6beed6778548e3080dbc6e64d970f7f6391dc23df75a18be761a3201e7a6da0581154402d37bcd4e9ba922d8b3802277fa152ddd0cc3ed151ca
SSDEEP

3072:fm6vomkww6KoBSOjhqNX5F7+GVs3JmfIBQjxomoM4xlvJpF/:fmeoSHBSmqB5F7pQv9xlvJpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 41 IoCs

pid	Process
1944	Unicorn-59214.exe
2860	Unicorn-29444.exe
2872	Unicorn-46556.exe
2828	Unicorn-35240.exe
2880	Unicorn-51967.exe
1048	Unicorn-14400.exe
2572	Unicorn-58846.exe
580	Unicorn-6218.exe
2952	Unicorn-25925.exe
2976	Unicorn-21449.exe
1924	Unicorn-30379.exe
1692	Unicorn-474.exe
584	Unicorn-38041.exe
2808	Unicorn-34356.exe
628	Unicorn-55690.exe
1776	Unicorn-19426.exe
2460	Unicorn-39326.exe
2528	Unicorn-35598.exe
2428	Unicorn-18871.exe
2352	Unicorn-17005.exe
1824	Unicorn-26533.exe
2488	Unicorn-63160.exe
1120	Unicorn-43260.exe
1908	Unicorn-30603.exe
1592	Unicorn-27245.exe
1628	Unicorn-50502.exe
1648	Unicorn-62412.exe
608	Unicorn-62219.exe
2380	Unicorn-21864.exe
2404	Unicorn-62945.exe
2588	Unicorn-1949.exe
2400	Unicorn-2692.exe
312	Unicorn-41757.exe
768	Unicorn-20964.exe
2184	Unicorn-5320.exe
540	Unicorn-6137.exe
2208	Unicorn-40539.exe
2448	Unicorn-36063.exe
2284	Unicorn-50858.exe
1372	Unicorn-27778.exe
960	Unicorn-25584.exe

Loads dropped DLL 64 IoCs

pid	Process
1308	09802a41049cb234db6d38d44671498f.exe
1308	09802a41049cb234db6d38d44671498f.exe
1944	Unicorn-59214.exe
1308	09802a41049cb234db6d38d44671498f.exe
1308	09802a41049cb234db6d38d44671498f.exe
1944	Unicorn-59214.exe
2860	Unicorn-29444.exe
2860	Unicorn-29444.exe
2872	Unicorn-46556.exe
1944	Unicorn-59214.exe
1944	Unicorn-59214.exe
2872	Unicorn-46556.exe
2828	Unicorn-35240.exe
2828	Unicorn-35240.exe
2860	Unicorn-29444.exe
2860	Unicorn-29444.exe
2880	Unicorn-51967.exe
2880	Unicorn-51967.exe
1048	Unicorn-14400.exe
1048	Unicorn-14400.exe
2872	Unicorn-46556.exe
2872	Unicorn-46556.exe
2572	Unicorn-58846.exe
2572	Unicorn-58846.exe
2828	Unicorn-35240.exe
2828	Unicorn-35240.exe
580	Unicorn-6218.exe
580	Unicorn-6218.exe
2976	Unicorn-21449.exe
2976	Unicorn-21449.exe
1048	Unicorn-14400.exe
2952	Unicorn-25925.exe
1924	Unicorn-30379.exe
1048	Unicorn-14400.exe
2952	Unicorn-25925.exe
2880	Unicorn-51967.exe
2880	Unicorn-51967.exe
1924	Unicorn-30379.exe
1692	Unicorn-474.exe
1692	Unicorn-474.exe
584	Unicorn-38041.exe
584	Unicorn-38041.exe
2808	Unicorn-34356.exe
2808	Unicorn-34356.exe
2572	Unicorn-58846.exe
2572	Unicorn-58846.exe
580	Unicorn-6218.exe
580	Unicorn-6218.exe
2976	Unicorn-21449.exe
628	Unicorn-55690.exe
2976	Unicorn-21449.exe
628	Unicorn-55690.exe
2460	Unicorn-39326.exe
2460	Unicorn-39326.exe
2428	Unicorn-18871.exe
2952	Unicorn-25925.exe
2428	Unicorn-18871.exe
2952	Unicorn-25925.exe
1628	Unicorn-50502.exe
1628	Unicorn-50502.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3024	2428	WerFault.exe	46
2608	1648	WerFault.exe	54
436	608	WerFault.exe	55
1108	2488	WerFault.exe	49
2556	2400	WerFault.exe	63

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1308	09802a41049cb234db6d38d44671498f.exe
1944	Unicorn-59214.exe
2860	Unicorn-29444.exe
2872	Unicorn-46556.exe
2828	Unicorn-35240.exe
2880	Unicorn-51967.exe
1048	Unicorn-14400.exe
2572	Unicorn-58846.exe
580	Unicorn-6218.exe
2952	Unicorn-25925.exe
2976	Unicorn-21449.exe
1924	Unicorn-30379.exe
1692	Unicorn-474.exe
584	Unicorn-38041.exe
2808	Unicorn-34356.exe
628	Unicorn-55690.exe
2460	Unicorn-39326.exe
2428	Unicorn-18871.exe
1628	Unicorn-50502.exe
1120	Unicorn-43260.exe
1648	Unicorn-62412.exe
1592	Unicorn-27245.exe
2488	Unicorn-63160.exe
1824	Unicorn-26533.exe
2352	Unicorn-17005.exe
608	Unicorn-62219.exe
1908	Unicorn-30603.exe
2380	Unicorn-21864.exe
2404	Unicorn-62945.exe
2400	Unicorn-2692.exe
2588	Unicorn-1949.exe
312	Unicorn-41757.exe
2184	Unicorn-5320.exe
768	Unicorn-20964.exe
540	Unicorn-6137.exe
2208	Unicorn-40539.exe
2284	Unicorn-50858.exe
2448	Unicorn-36063.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1944	1308	09802a41049cb234db6d38d44671498f.exe	28
PID 1308 wrote to memory of 1944	1308	09802a41049cb234db6d38d44671498f.exe	28
PID 1308 wrote to memory of 1944	1308	09802a41049cb234db6d38d44671498f.exe	28
PID 1308 wrote to memory of 1944	1308	09802a41049cb234db6d38d44671498f.exe	28
PID 1308 wrote to memory of 2872	1308	09802a41049cb234db6d38d44671498f.exe	30
PID 1308 wrote to memory of 2872	1308	09802a41049cb234db6d38d44671498f.exe	30
PID 1308 wrote to memory of 2872	1308	09802a41049cb234db6d38d44671498f.exe	30
PID 1308 wrote to memory of 2872	1308	09802a41049cb234db6d38d44671498f.exe	30
PID 1944 wrote to memory of 2860	1944	Unicorn-59214.exe	29
PID 1944 wrote to memory of 2860	1944	Unicorn-59214.exe	29
PID 1944 wrote to memory of 2860	1944	Unicorn-59214.exe	29
PID 1944 wrote to memory of 2860	1944	Unicorn-59214.exe	29
PID 2860 wrote to memory of 2828	2860	Unicorn-29444.exe	31
PID 2860 wrote to memory of 2828	2860	Unicorn-29444.exe	31
PID 2860 wrote to memory of 2828	2860	Unicorn-29444.exe	31
PID 2860 wrote to memory of 2828	2860	Unicorn-29444.exe	31
PID 1944 wrote to memory of 2880	1944	Unicorn-59214.exe	33
PID 1944 wrote to memory of 2880	1944	Unicorn-59214.exe	33
PID 1944 wrote to memory of 2880	1944	Unicorn-59214.exe	33
PID 1944 wrote to memory of 2880	1944	Unicorn-59214.exe	33
PID 2872 wrote to memory of 1048	2872	Unicorn-46556.exe	32
PID 2872 wrote to memory of 1048	2872	Unicorn-46556.exe	32
PID 2872 wrote to memory of 1048	2872	Unicorn-46556.exe	32
PID 2872 wrote to memory of 1048	2872	Unicorn-46556.exe	32
PID 2828 wrote to memory of 2572	2828	Unicorn-35240.exe	34
PID 2828 wrote to memory of 2572	2828	Unicorn-35240.exe	34
PID 2828 wrote to memory of 2572	2828	Unicorn-35240.exe	34
PID 2828 wrote to memory of 2572	2828	Unicorn-35240.exe	34
PID 2860 wrote to memory of 580	2860	Unicorn-29444.exe	35
PID 2860 wrote to memory of 580	2860	Unicorn-29444.exe	35
PID 2860 wrote to memory of 580	2860	Unicorn-29444.exe	35
PID 2860 wrote to memory of 580	2860	Unicorn-29444.exe	35
PID 2880 wrote to memory of 2952	2880	Unicorn-51967.exe	36
PID 2880 wrote to memory of 2952	2880	Unicorn-51967.exe	36
PID 2880 wrote to memory of 2952	2880	Unicorn-51967.exe	36
PID 2880 wrote to memory of 2952	2880	Unicorn-51967.exe	36
PID 1048 wrote to memory of 2976	1048	Unicorn-14400.exe	37
PID 1048 wrote to memory of 2976	1048	Unicorn-14400.exe	37
PID 1048 wrote to memory of 2976	1048	Unicorn-14400.exe	37
PID 1048 wrote to memory of 2976	1048	Unicorn-14400.exe	37
PID 2872 wrote to memory of 1924	2872	Unicorn-46556.exe	38
PID 2872 wrote to memory of 1924	2872	Unicorn-46556.exe	38
PID 2872 wrote to memory of 1924	2872	Unicorn-46556.exe	38
PID 2872 wrote to memory of 1924	2872	Unicorn-46556.exe	38
PID 2572 wrote to memory of 1692	2572	Unicorn-58846.exe	39
PID 2572 wrote to memory of 1692	2572	Unicorn-58846.exe	39
PID 2572 wrote to memory of 1692	2572	Unicorn-58846.exe	39
PID 2572 wrote to memory of 1692	2572	Unicorn-58846.exe	39
PID 2828 wrote to memory of 584	2828	Unicorn-35240.exe	40
PID 2828 wrote to memory of 584	2828	Unicorn-35240.exe	40
PID 2828 wrote to memory of 584	2828	Unicorn-35240.exe	40
PID 2828 wrote to memory of 584	2828	Unicorn-35240.exe	40
PID 580 wrote to memory of 2808	580	Unicorn-6218.exe	41
PID 580 wrote to memory of 2808	580	Unicorn-6218.exe	41
PID 580 wrote to memory of 2808	580	Unicorn-6218.exe	41
PID 580 wrote to memory of 2808	580	Unicorn-6218.exe	41
PID 2976 wrote to memory of 628	2976	Unicorn-21449.exe	42
PID 2976 wrote to memory of 628	2976	Unicorn-21449.exe	42
PID 2976 wrote to memory of 628	2976	Unicorn-21449.exe	42
PID 2976 wrote to memory of 628	2976	Unicorn-21449.exe	42
PID 1048 wrote to memory of 1776	1048	Unicorn-14400.exe	44
PID 1048 wrote to memory of 1776	1048	Unicorn-14400.exe	44
PID 1048 wrote to memory of 1776	1048	Unicorn-14400.exe	44
PID 1048 wrote to memory of 1776	1048	Unicorn-14400.exe	44

C:\Users\Admin\AppData\Local\Temp\09802a41049cb234db6d38d44671498f.exe
"C:\Users\Admin\AppData\Local\Temp\09802a41049cb234db6d38d44671498f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 244
        7⤵
        Program crash
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        7⤵
        Executes dropped EXE
        
        PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 200
        7⤵
        Program crash
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
      4⤵
      Executes dropped EXE
      PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
      4⤵
      Executes dropped EXE
      PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        8⤵
        Executes dropped EXE
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 380
        7⤵
        Program crash
        
        PID:2556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 380
        6⤵
        Program crash
        
        PID:436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe

Filesize
192KB

MD5
5af440043e16325fd28d06d29bba5674

SHA1
9fa36dafbdec82df1f1deeac954ef384a73e97d6

SHA256
eae1be28b894112c7bdc767ca53fb1b2128870222803612077c7edde025272a8

SHA512
70c22c4f4e866cd1577f50fd08a28c387be8a60677443755fa9ffa8cb28485aee5e821aa15c1e6a4899bcfd2b77105473c9ba3a7d4f02d99651316d620964068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe

Filesize
192KB

MD5
0484204a00797ac451ae8e8acf41dbfd

SHA1
f40a349327554e867d4a261906da81426c9871f0

SHA256
845ee25c8c53b8f5e303e85839baccbbd030728d486d6fe7b7503aa6018e3185

SHA512
cfdb0c7468931892a95a6cdac81d2509110941d83fb38b3f10e41ed1dd0884d6bb733d59b68bf8649812835b3cd6bbd0ebb9c6342a431d45d85d4f7b72b6a8e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe

Filesize
192KB

MD5
caf7cee04279c918a436c1c1146a2d51

SHA1
578df6484c70c6993ddd172535156d2670b05fb2

SHA256
b33b1fe2ad9e55b13f48d5183121841e62a8c809fc504bdc4d12c740a9216b2e

SHA512
f792dbd8d11e00706dfebf97385992c202d841751d3bbf915b21e91b95ead3abad9d935c35a355777b65b4a405ff5eacc5a8a873c391d46d78e3f42547057c3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe

Filesize
192KB

MD5
e26760b94d32bcdc6062d049ae1754d0

SHA1
8c145730de51bd09249dcc93f91f10be8884fee4

SHA256
63eca1a8b1d011fba1a1f12233e5f14a0868e148a810f20c4e39f43f9331f38e

SHA512
ce04b0277872f3c92b27a4c7fa63436e8be90d31e9474736f15dda4ebc1c4d32f644b742590f5e9e75e23faa778374cadf25238fdb3fa49b64dfa4ab6049773d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe

Filesize
192KB

MD5
ffb1d6a11af2365c4b5c19263b78d37a

SHA1
f65c70abcd7570e469ba588da4816bb4349f4093

SHA256
4e5561c962fad3fb2d893c7dca3b2efbb77422898806383dc0007ec40468c78e

SHA512
95f6e41f30c5b916f7c677fa6ba13893281627746a301f2c60630e5057a2ec38f143e47169f00bd88611f9f30b6f6243c39c28e768e7c784495b36f13bad0c84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe

Filesize
192KB

MD5
d4ac801c2ce2eef309f1cad497c49458

SHA1
b8317c8268a13f3d0ed04221f4456617d6d8ed1b

SHA256
964d6fd548f059a2a11d09e759cec2c95cc969257456d9d46d162d9a75a53d60

SHA512
4e16919d960ad8742af8a27ab924cd914841f219d597fcc97c9b41a5eb9e6659d98c1b6c6b84f9a5ec2171216c1fba2a592d3a9a3987cfe46f3eac83f9919b0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe

Filesize
192KB

MD5
de3c0ec7bcf06798203c0f36de80d829

SHA1
551dffa22860e60edc768b60b68665e83c7f511e

SHA256
a5d00eccbe4b29cfc88398410cefec10006345372d62ea13ff5ff88c8b6acb58

SHA512
c0b04cab13a8345f564177847635234750bb79f829d422edae23f936990f0d4b13207c009427c276553edcc0687b981cb0919bf749e75adfce03f282ede74ff7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe

Filesize
192KB

MD5
3ab8252cc3eaa529f3a17618ab5829e8

SHA1
24a9ba60475b24090fc791980ed810decf244e8a

SHA256
93fbf7c4021fb53ec18a1ab5a3793b99b6850d91c9d9b64c2896423baa43f9e6

SHA512
92d059fafbf8358de791c03a6da49071f6424d2c93de89811cdc98be3565da78172d65ffd98b3e4226d2e4af4ac96da86e8b87531480ed335f83d0982241fa94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe

Filesize
192KB

MD5
9702c92d8646b3f3920c8123f378884e

SHA1
eb1ab42719f10e770ef26c9f4aecff45b49a48f6

SHA256
c63b33c0005e7ddc45cbb1d623e90e866f9d28ea24cf6ed709a479aebed74fd3

SHA512
9e08d45b407bb6a7f304da933f51e2d526c3eddad98cd74eab59d14f41a0663c82b482fab0199834f8f7fc841cb58b52c8d28206c811dbfaf25fe25a469d5446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe

Filesize
192KB

MD5
dd17b55997d25386b870f086731d81bd

SHA1
56952d8b4a2de7720e5941860cebf109eb526cc9

SHA256
85112d939b8119fbeae5ee0836954f1073b6bc4cdd74860804c6c46a4b21d636

SHA512
cf5d41c9a71246c12dd98df716dce558895cbd5dee15b9f5b7c2c7d75af60a617eff1b4c85fbfb19b976a4ec8178498960bd504071752a8a8a075e4180855cfa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe

Filesize
192KB

MD5
71f6da9f2974aec3d50621a91153c6f9

SHA1
4e3f3f3685b6d1ae679b5a643a731291f6c44131

SHA256
9994706f6596c2e9639682724b5abaa94cf9af8f08fb46bab64cf2f45a0b845c

SHA512
db2e11ed003dbcafea88fb4ab60100d6dfae4c423d7e902f6d66e7442177ed1f91f84ac1a2c17317438e50736134e796f61c0b0b677c6030ca102143799ce580

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe

Filesize
192KB

MD5
a20fbbf7b15f241820774a5cfdacda20

SHA1
e418108772de5df1e4e820e951465fafe2f5a8e9

SHA256
88456830305c4c5235d8c29b033cebc4fba6449145252e37ff738cca1bf7d49f

SHA512
f85e6a90c88b21819a52674c2920d82ed338e8f878496d9a4fdca02af042d519f7d2e7f68bac4521bd2c04dcf3c9322aa27f67f2921571554d21fc4b2e458459

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe

Filesize
192KB

MD5
b0050436ec1ac9f70921fc5b003949be

SHA1
f06f50a43cbbb79e5cedcab6bc1e3bce6a139c8c

SHA256
ee5ef6a5f48851fb6d6ac39cbebb2b36686dfab896323d05187e60f24f0a123e

SHA512
fd0c277d664015215ce0701d03a3e1c2ad11fb87ee4a4967b4971d8a18267c423083328f72dbf70213baa261af2fb2b41b1941914aa484111fe82a7880b043a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe

Filesize
192KB

MD5
02bc30812d867a6540563ea0deb919dc

SHA1
1fee8888ec6576c7770daacddddce36aadded30d

SHA256
2daa3ab3c4bc606cc74e1c5073e2ef91a3a89473a36fced09e49f928fe3c745d

SHA512
2d736e6ada14e7301c924bf1f56b1b9cfdb58c1c4227513a5f84b8977efdc55649ba23ad9d26ada4c3d2bbc80bb07879ff7e500476fe6816ce8202eb34d883ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-474.exe

Filesize
192KB

MD5
420ac393d7eed7a9db76ef6e333df2a2

SHA1
fa9846219dae2c8acdc3da2ed6bc383a68afb027

SHA256
b4ad0482679148d89a8b15372dffbef5446105099a899b1239f8edf69505c780

SHA512
effbfb2b6c1161aa3fc618d7293123a2e86315a04851b4730323d4e6fefa3c6bc6235ac2329bacb61c199938cd65bc11683628c051ab7729d104b912a194ef86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe

Filesize
192KB

MD5
bbba8da36a169813df35bfa4fbbc9eba

SHA1
c7baf4ec3276c8a597da25a0a50561e98dda0b77

SHA256
058c1bf9db5a77aebb41b80d5784ef1b5a966f689bace18c4ef28621d69cc354

SHA512
fe84fcce178850522543269700da7edd89b3fc841be92a83a6056fd91d2207e8b838d57a07bc3da2046bf55920f2cfba7ab8d6e39326dba30b19aec4a05f52a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe

Filesize
192KB

MD5
afce9ef1fb3e457000bb65e104f7b21d

SHA1
dbeafd0fa1a3c90545acc43bb852f525bb2ec92a

SHA256
f923fb760081e57b5cf9047414db38900a60f3dfaa1a3992736f1c28fcb9b9c4

SHA512
d26fd2c500dff692e951cb10d381954bb84778ce67f5db68bfead21391a1fed1bf05103d85b0c31ea9db34e0141b42e8b3aa1886f3e19c0630a5bb69a617ac25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe

Filesize
192KB

MD5
e442770f3ae86a127091e1184248ac60

SHA1
b8defbb9b2fab0d1f5e84c8cff6a9612f2b542be

SHA256
9d200013d5a347ec4bfb34c7200fe102c5312f11c9bbf4b4886b800b0781def8

SHA512
13e4c91b2cc46ac9081fad7010a6732bd329d752b37fb3e4383083bade6d7f66e2c0a7f776ad05c82bb537651844de40de35ce7967eb93023e98ff892fd8e0c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe

Filesize
192KB

MD5
f23bfc210ea0548d1bc0bc2609d8b5d0

SHA1
ef5e0486d1615165c7768936a51650ed863929ac

SHA256
f4956d2dc3a2fb1953c456eeae6ef3b71663b92da6645f2f22f31e87fa9cbe62

SHA512
1dc41f17159112a5a8a52b2b23d08499dbeb6983faaddbeac8e8408ad5301abe2a77293e1570ee1b332b53606907394a9a427dc1b8c78d6dab99264e819b7994

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads