b2026bd306e2509ad586a82e81f892903f4f4801026a354299af9108c1dccf18

Analysis

max time kernel
46s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53cff891e18072397078e0ee1df565f6.exe
Size

188KB
MD5

53cff891e18072397078e0ee1df565f6
SHA1

6930b5950aac0e8b6a7129264f2e7236d518846b
SHA256

b2026bd306e2509ad586a82e81f892903f4f4801026a354299af9108c1dccf18
SHA512

712b76abf370d805bec8343fb22e6e4e1baeccedfd6d1c6fbede2386658190011d8cdabd0f8e74ca159af466039293715ba4d9178b1240cc6e6fbc62bffa1c66
SSDEEP

3072:tksHo0Bq0AkvOjMdTIbjzQbMML6nWZme+wx8UPEI7lPdpFp:tkIo9Fkv7dMbjzugzA7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2204	Unicorn-53555.exe
1736	Unicorn-44676.exe
2312	Unicorn-28894.exe
2700	Unicorn-23331.exe
2732	Unicorn-56518.exe
2956	Unicorn-52434.exe
2592	Unicorn-47603.exe
2648	Unicorn-15485.exe
2812	Unicorn-23099.exe
2128	Unicorn-2678.exe
312	Unicorn-40181.exe
1188	Unicorn-38724.exe
2328	Unicorn-14774.exe
1824	Unicorn-10135.exe
908	Unicorn-35386.exe
2068	Unicorn-27432.exe
1748	Unicorn-19264.exe
1920	Unicorn-48599.exe
2428	Unicorn-17557.exe
1952	Unicorn-38723.exe
2256	Unicorn-42253.exe
1260	Unicorn-47297.exe
1556	Unicorn-30961.exe
1960	Unicorn-48044.exe
1636	Unicorn-64894.exe
1968	Unicorn-3441.exe
956	Unicorn-10519.exe
1032	Unicorn-23286.exe
1528	Unicorn-64873.exe
2136	Unicorn-57878.exe
2164	Unicorn-27597.exe
2192	Unicorn-27043.exe
1812	Unicorn-40041.exe
2704	Unicorn-39487.exe
2764	Unicorn-6814.exe
2728	Unicorn-27213.exe
2692	Unicorn-59523.exe
2748	Unicorn-18683.exe
2596	Unicorn-16113.exe
2576	Unicorn-7390.exe
2368	Unicorn-32087.exe
2284	Unicorn-7582.exe
2620	Unicorn-64183.exe
384	Unicorn-7561.exe
2968	Unicorn-15729.exe
2808	Unicorn-7006.exe
1440	Unicorn-52678.exe
2908	Unicorn-22056.exe
2676	Unicorn-30608.exe
2916	Unicorn-59175.exe
2532	Unicorn-5335.exe
2060	Unicorn-22418.exe
3020	Unicorn-62896.exe
796	Unicorn-16819.exe
564	Unicorn-46752.exe
1804	Unicorn-12180.exe
1144	Unicorn-29839.exe
876	Unicorn-4396.exe
828	Unicorn-26139.exe
1356	Unicorn-29093.exe
1500	Unicorn-9056.exe
1388	Unicorn-15724.exe
1400	Unicorn-62533.exe
1956	Unicorn-4588.exe

Loads dropped DLL 64 IoCs

pid	Process
1052	53cff891e18072397078e0ee1df565f6.exe
1052	53cff891e18072397078e0ee1df565f6.exe
2204	Unicorn-53555.exe
2204	Unicorn-53555.exe
1052	53cff891e18072397078e0ee1df565f6.exe
1052	53cff891e18072397078e0ee1df565f6.exe
1736	Unicorn-44676.exe
1736	Unicorn-44676.exe
2204	Unicorn-53555.exe
2204	Unicorn-53555.exe
2312	Unicorn-28894.exe
2312	Unicorn-28894.exe
2732	Unicorn-56518.exe
1736	Unicorn-44676.exe
2732	Unicorn-56518.exe
1736	Unicorn-44676.exe
2700	Unicorn-23331.exe
2700	Unicorn-23331.exe
2956	Unicorn-52434.exe
2956	Unicorn-52434.exe
2312	Unicorn-28894.exe
2312	Unicorn-28894.exe
2592	Unicorn-47603.exe
2592	Unicorn-47603.exe
2732	Unicorn-56518.exe
2732	Unicorn-56518.exe
2812	Unicorn-23099.exe
2812	Unicorn-23099.exe
2700	Unicorn-23331.exe
2700	Unicorn-23331.exe
2128	Unicorn-2678.exe
2128	Unicorn-2678.exe
312	Unicorn-40181.exe
312	Unicorn-40181.exe
2956	Unicorn-52434.exe
2956	Unicorn-52434.exe
1188	Unicorn-38724.exe
1188	Unicorn-38724.exe
2592	Unicorn-47603.exe
2592	Unicorn-47603.exe
2328	Unicorn-14774.exe
2328	Unicorn-14774.exe
908	Unicorn-35386.exe
908	Unicorn-35386.exe
2068	Unicorn-27432.exe
2068	Unicorn-27432.exe
2128	Unicorn-2678.exe
2128	Unicorn-2678.exe
1920	Unicorn-48599.exe
1920	Unicorn-48599.exe
1824	Unicorn-10135.exe
1824	Unicorn-10135.exe
2812	Unicorn-23099.exe
2812	Unicorn-23099.exe
1748	Unicorn-19264.exe
1748	Unicorn-19264.exe
312	Unicorn-40181.exe
312	Unicorn-40181.exe
2428	Unicorn-17557.exe
2428	Unicorn-17557.exe
1188	Unicorn-38724.exe
1188	Unicorn-38724.exe
2256	Unicorn-42253.exe
2256	Unicorn-42253.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
1052	53cff891e18072397078e0ee1df565f6.exe
2204	Unicorn-53555.exe
1736	Unicorn-44676.exe
2312	Unicorn-28894.exe
2732	Unicorn-56518.exe
2700	Unicorn-23331.exe
2956	Unicorn-52434.exe
2592	Unicorn-47603.exe
2648	Unicorn-15485.exe
2812	Unicorn-23099.exe
2128	Unicorn-2678.exe
312	Unicorn-40181.exe
1188	Unicorn-38724.exe
2328	Unicorn-14774.exe
1824	Unicorn-10135.exe
908	Unicorn-35386.exe
2068	Unicorn-27432.exe
1748	Unicorn-19264.exe
1920	Unicorn-48599.exe
2428	Unicorn-17557.exe
2256	Unicorn-42253.exe
1952	Unicorn-38723.exe
1260	Unicorn-47297.exe
1556	Unicorn-30961.exe
1960	Unicorn-48044.exe
1968	Unicorn-3441.exe
1636	Unicorn-64894.exe
956	Unicorn-10519.exe
1032	Unicorn-23286.exe
1528	Unicorn-64873.exe
2136	Unicorn-57878.exe
2164	Unicorn-27597.exe
2192	Unicorn-27043.exe
1812	Unicorn-40041.exe
2728	Unicorn-27213.exe
2764	Unicorn-6814.exe
2704	Unicorn-39487.exe
2692	Unicorn-59523.exe
2596	Unicorn-16113.exe
2748	Unicorn-18683.exe
2368	Unicorn-32087.exe
2576	Unicorn-7390.exe
2284	Unicorn-7582.exe
384	Unicorn-7561.exe
2808	Unicorn-7006.exe
2620	Unicorn-64183.exe
2968	Unicorn-15729.exe
1440	Unicorn-52678.exe
2908	Unicorn-22056.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2204	1052	53cff891e18072397078e0ee1df565f6.exe	28
PID 1052 wrote to memory of 2204	1052	53cff891e18072397078e0ee1df565f6.exe	28
PID 1052 wrote to memory of 2204	1052	53cff891e18072397078e0ee1df565f6.exe	28
PID 1052 wrote to memory of 2204	1052	53cff891e18072397078e0ee1df565f6.exe	28
PID 2204 wrote to memory of 1736	2204	Unicorn-53555.exe	29
PID 2204 wrote to memory of 1736	2204	Unicorn-53555.exe	29
PID 2204 wrote to memory of 1736	2204	Unicorn-53555.exe	29
PID 2204 wrote to memory of 1736	2204	Unicorn-53555.exe	29
PID 1052 wrote to memory of 2312	1052	53cff891e18072397078e0ee1df565f6.exe	30
PID 1052 wrote to memory of 2312	1052	53cff891e18072397078e0ee1df565f6.exe	30
PID 1052 wrote to memory of 2312	1052	53cff891e18072397078e0ee1df565f6.exe	30
PID 1052 wrote to memory of 2312	1052	53cff891e18072397078e0ee1df565f6.exe	30
PID 2204 wrote to memory of 2700	2204	Unicorn-53555.exe	32
PID 2204 wrote to memory of 2700	2204	Unicorn-53555.exe	32
PID 2204 wrote to memory of 2700	2204	Unicorn-53555.exe	32
PID 2204 wrote to memory of 2700	2204	Unicorn-53555.exe	32
PID 1736 wrote to memory of 2732	1736	Unicorn-44676.exe	31
PID 1736 wrote to memory of 2732	1736	Unicorn-44676.exe	31
PID 1736 wrote to memory of 2732	1736	Unicorn-44676.exe	31
PID 1736 wrote to memory of 2732	1736	Unicorn-44676.exe	31
PID 2312 wrote to memory of 2956	2312	Unicorn-28894.exe	33
PID 2312 wrote to memory of 2956	2312	Unicorn-28894.exe	33
PID 2312 wrote to memory of 2956	2312	Unicorn-28894.exe	33
PID 2312 wrote to memory of 2956	2312	Unicorn-28894.exe	33
PID 2732 wrote to memory of 2592	2732	Unicorn-56518.exe	34
PID 2732 wrote to memory of 2592	2732	Unicorn-56518.exe	34
PID 2732 wrote to memory of 2592	2732	Unicorn-56518.exe	34
PID 2732 wrote to memory of 2592	2732	Unicorn-56518.exe	34
PID 1736 wrote to memory of 2648	1736	Unicorn-44676.exe	35
PID 1736 wrote to memory of 2648	1736	Unicorn-44676.exe	35
PID 1736 wrote to memory of 2648	1736	Unicorn-44676.exe	35
PID 1736 wrote to memory of 2648	1736	Unicorn-44676.exe	35
PID 2700 wrote to memory of 2812	2700	Unicorn-23331.exe	36
PID 2700 wrote to memory of 2812	2700	Unicorn-23331.exe	36
PID 2700 wrote to memory of 2812	2700	Unicorn-23331.exe	36
PID 2700 wrote to memory of 2812	2700	Unicorn-23331.exe	36
PID 2956 wrote to memory of 2128	2956	Unicorn-52434.exe	37
PID 2956 wrote to memory of 2128	2956	Unicorn-52434.exe	37
PID 2956 wrote to memory of 2128	2956	Unicorn-52434.exe	37
PID 2956 wrote to memory of 2128	2956	Unicorn-52434.exe	37
PID 2312 wrote to memory of 312	2312	Unicorn-28894.exe	38
PID 2312 wrote to memory of 312	2312	Unicorn-28894.exe	38
PID 2312 wrote to memory of 312	2312	Unicorn-28894.exe	38
PID 2312 wrote to memory of 312	2312	Unicorn-28894.exe	38
PID 2592 wrote to memory of 1188	2592	Unicorn-47603.exe	39
PID 2592 wrote to memory of 1188	2592	Unicorn-47603.exe	39
PID 2592 wrote to memory of 1188	2592	Unicorn-47603.exe	39
PID 2592 wrote to memory of 1188	2592	Unicorn-47603.exe	39
PID 2732 wrote to memory of 2328	2732	Unicorn-56518.exe	40
PID 2732 wrote to memory of 2328	2732	Unicorn-56518.exe	40
PID 2732 wrote to memory of 2328	2732	Unicorn-56518.exe	40
PID 2732 wrote to memory of 2328	2732	Unicorn-56518.exe	40
PID 2812 wrote to memory of 1824	2812	Unicorn-23099.exe	42
PID 2812 wrote to memory of 1824	2812	Unicorn-23099.exe	42
PID 2812 wrote to memory of 1824	2812	Unicorn-23099.exe	42
PID 2812 wrote to memory of 1824	2812	Unicorn-23099.exe	42
PID 2700 wrote to memory of 908	2700	Unicorn-23331.exe	41
PID 2700 wrote to memory of 908	2700	Unicorn-23331.exe	41
PID 2700 wrote to memory of 908	2700	Unicorn-23331.exe	41
PID 2700 wrote to memory of 908	2700	Unicorn-23331.exe	41
PID 2128 wrote to memory of 2068	2128	Unicorn-2678.exe	43
PID 2128 wrote to memory of 2068	2128	Unicorn-2678.exe	43
PID 2128 wrote to memory of 2068	2128	Unicorn-2678.exe	43
PID 2128 wrote to memory of 2068	2128	Unicorn-2678.exe	43

C:\Users\Admin\AppData\Local\Temp\53cff891e18072397078e0ee1df565f6.exe
"C:\Users\Admin\AppData\Local\Temp\53cff891e18072397078e0ee1df565f6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        9⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        8⤵
        Executes dropped EXE
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        7⤵
        Executes dropped EXE
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        8⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27043.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        8⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        9⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        7⤵
        Executes dropped EXE
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        7⤵
        Executes dropped EXE
        
        PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        8⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        8⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        7⤵
        Executes dropped EXE
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        6⤵
        Executes dropped EXE
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        7⤵
        
        PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        7⤵
        Executes dropped EXE
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        8⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        6⤵
        Executes dropped EXE
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        6⤵
        Executes dropped EXE
        
        PID:876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        7⤵
        Executes dropped EXE
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        8⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        7⤵
        Executes dropped EXE
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        6⤵
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        7⤵
        Executes dropped EXE
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        8⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        6⤵
        Executes dropped EXE
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        7⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4588.exe
        6⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        7⤵
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        6⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        7⤵
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        5⤵
        
        PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe

Filesize
188KB

MD5
71ea07c96df68e5ebf7e1430a557bc58

SHA1
948e76a5e892c482fff72e0a77fb8739becc1606

SHA256
a1fd59d137e6b7f23322fdffb6b20891b6369d29ccf9aac2b80afe22dadc1812

SHA512
b4587c1d4e6a2eb10758dccc0380c4580f340c242e46cfdcbdfcd205b8dcefa04a20e5f5334d0beff88ac8327817641c56b59a9e8c5dec3f7d5f5ebe4c1d2ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe

Filesize
188KB

MD5
c2d465d796295f4b89d745f57cb6c84a

SHA1
8077ff8d321153eac38808ef25efb1e2a3cf10d7

SHA256
2a0ca7287aa0798d05df88f9b00f3c51caa9e35285ba40428220f551868b5bdd

SHA512
fa8157a105de408cd85eff112eefd682171a6269534792fe8f3effd064dd493543e1c51d572f7d91252fed1f8f72ec97a8470ea567168ae23cd88b4b5ce11c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe

Filesize
188KB

MD5
b50e0732b6f807591af14336671c9d0d

SHA1
6ca5f021b1b93b56b5ea13272aece4dcaa4af1d3

SHA256
46c1c048d1d37e13ece28abe004bd8634e76ca95efcbba51a35d75fc41382a5e

SHA512
3b716352ba3cf8f14c954403c575de76b4f2b3a0e965fda5f990a1acae19a77328edb36099162f339034fb5c62ed45f17f2b623308ef7d084162785d25a520ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe

Filesize
188KB

MD5
790754fd9ac471a086f303eecfaf54ca

SHA1
e29c98c2689edf9de9bb5cb24b424dbab5dd2467

SHA256
b78a3fd326233d28d44061f0a1eaac94d50bb1cfb4dc389fe2ca730581fc4f69

SHA512
c0572eb074b81042605fd02c69e129215d51859dc0d611e670df82601bffac856d37a97b13f56924d83834af5c5c6bdd97ad66c20451d04e744d09c2016f4888

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe

Filesize
188KB

MD5
ce3cb683ab4ff18c6f2c55b651a16661

SHA1
36a62f733e5c6e6acdfcd8bb66bcb141159d67a5

SHA256
6dfcf4e52535f54b59be426d28ca141525be6d972a6bf8093f704e9a320a9370

SHA512
94a40e8fb5413b40a7f16d3feadc772c32231eaebe22c137292ba30f5737c871d5066c2aec9627e74a3ec7d5655b03fc82e341859876a3b337b0c160e6496b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe

Filesize
188KB

MD5
d03a0e14c5753475e6ea2e27e95f0d43

SHA1
62d5cf88dd6c806fcada688271726834b6622e7b

SHA256
c11607d3ddd782fa742d747937f6bb2c0b7a886104f23043a47724ec0c055b96

SHA512
ee7bc724df921cd45d7aaa9930840c9ebfd4d04cd7cd9039b009abdb9304c51139c11291a67fbe121882570d7b1c0359777c90efce69facea48aa33f3dd7be69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe

Filesize
188KB

MD5
e9680e4281078f90af531554c5b37e29

SHA1
0e1b811b9bc87dcf85fc355fd96879470ebdccc4

SHA256
e3a9be8668a86e84ae9f89de121de1ad0a4c9717865d26b3127ee1b90363e51e

SHA512
328e85e9f0e21f20545b9f6664c2e358b11a6fbef042d21cc9c9bdc346d7f91fe68b93abfe3152001a6f5dc7b078648837be1b37412e405967cea4d48b372afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe

Filesize
188KB

MD5
e35e913a345f1f5cff8c247340c618f0

SHA1
966c8dd359219e2773cd8404835ec5708ddfe91e

SHA256
e641a165c52f08e7b57f3208ee959f87b61358ae01baddd074928c0533027748

SHA512
cf0c5be4e39bfac20afd8543343aeab4e4e254d24e18e7b77608db49a6a827ca5bb191bb0ed985fe00b3ee4b2a549caa506cff0de9260f166456d2967c57defb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe

Filesize
188KB

MD5
b61f12bb92dced500ee5e17d14a9c041

SHA1
24a7255386e50863518e0d8c52f70b6dd7b69f61

SHA256
cb5f4651d553206b8dbf64c29780bef7bb8afe81f9cdd0d37e165ee637c08439

SHA512
cc81ad0039753c7e02e1833962c93005c011f7f3c5e62d226a9e93786e9cbfaabd963dfd63e9cf44405589b0854d37508e36cc16eb398a872a8008071bfeb265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe

Filesize
188KB

MD5
cf4c2f889fed6cb56814f3760ef5a813

SHA1
e4686194840e705f2cadc1ee4df2bb67e75dc3e0

SHA256
b0d3076927d77194bef0eb7b9755674ba58395429e73b01dd5da0556fceba8c5

SHA512
0a1879d3939a8149b49f122595d6e0d2ef430206b96a8ff1be08205d12f4414457b655105290f25e7ea1ab04be27db10c7802d072966427fb1d08090b41aec80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe

Filesize
188KB

MD5
5e6d9f50f1f1a9ae179fc34909a5ad94

SHA1
846d1b09845fe106812ac2b87cb227d3225344d2

SHA256
d1e7954a268fc148a268539edbce3ce256b7684e84d7f2bb98e024723b17f694

SHA512
bf87c8f2e9f5daac23af461ca62fbfc08b0bbea9f103d279f52233bbe1e45cc5abeaa1024dcb9abcebec39c2e7a53c3bf0e6e6987e1c5f14b80daf6cbf75dc37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe

Filesize
188KB

MD5
4f151f0160534063cce0d35f4b4c5ae0

SHA1
371b2fe79010206c7116303397fb2c76cb29a5d8

SHA256
aef09a8b021f65a0da7cbd0bcd2a1808f7c6629c483b0b0f56076e141c14ec64

SHA512
2d7716380172a1bae7a4cd8edf9c2e3bf7f078a8984f7dbfad38fb6a5c500b77217b3c03a7c7cbea16b3fe63ee5171d274d11d3f9e28e81c5b0c80954b08317a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe

Filesize
188KB

MD5
94631c60541e4ddb3c9fda9a490c88c4

SHA1
7c650ee410044aed5508e8d4bcd61477374a9611

SHA256
c007bef269f6eaf7f46d061c70af009176d8d03b7971f38ad7c5511bbf3b0aeb

SHA512
29cb57506260f6b2839712779976516c67e3afd69778dd1017e30ffbd35448406a1c998ebed7a30613ebad06da55ebce005605c6b1c876465fc2834a6a1c29d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe

Filesize
188KB

MD5
e09302e3db35716eb54513d25f87d657

SHA1
55dc82a9db81ff8c3415a1236896341c0600776a

SHA256
a819c77283b02cc72eaa461241d66478c5947d1cef598a6fe405b232628367a2

SHA512
a5c123404ce1da19d544cf460a46f0b2b1e01a800197367b7d7e5d7d5ed2dbb844792e091a903722f91d634f7cabd141d33efa3f91f6c84f48741552a5eeeb73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe

Filesize
188KB

MD5
880befe157cce4020a921da617927bb5

SHA1
85fc4cea01e2f4e272e7682adab097dc3e9c89e9

SHA256
09ffcd22cb1f81c42caf14f49b8d3cecba24b780f3d3597dce39abd3c3070017

SHA512
a40d64aefcd1bde3cdd0af1a74d50e512ce58ad86a49ba0c4ca991967d8c3582ff35b4299586a0f73771c5b99a5c098fefb9b59fe22ecb06e5ddc1bb02f9f4f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe

Filesize
188KB

MD5
51c2a9719f4c59bb9bb48d8b22ac89b5

SHA1
3793d36180518ed1d854e36fccf8385cc8194c23

SHA256
7a848c8c00d51f59fa6fea9e1d554fa15111d6cacf26c1d36e25be876d5cac72

SHA512
66d8c1895c72d8aefafe121894226984826629435db9955aecce1eacf88b8ad76cfbd8af771a71d3ba6d108ac091c2ef73f1c8d819de2864ba9d1fa14e832e1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe

Filesize
188KB

MD5
160d904f95242b8789596d398b9317be

SHA1
076e097a2765eb47b35b34904ea4b8e5d74bbfe2

SHA256
636db46e65d0f4ac0b019ddef089eb57415e363eeb93d1e1839760be0b7e09e0

SHA512
ab66924b3cd4ca6a2fbabec4525baa598af2dca63f92348c69cb4fd569fc733ac320d48d109be9030d2b32bf1a6ecf5f1b4763a03d9ea980df2c0672debe5eb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe

Filesize
188KB

MD5
ca3a1131207c39c8da0c2efc40a87b27

SHA1
1a426910f343a3319278eb031d9461108aab13bf

SHA256
d6abf83bba9593e09503c6d2f8ab17652e3035c25466092869e797c4d96f2b24

SHA512
26ea83c92864b598a79bcc5ec2b3da9dc447f2d44476f6a8ada32760752de209f0755d71a1ed7758437997e1035aa4d4bdd84d98b002d1062ba1434b833e71b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe

Filesize
188KB

MD5
b7eb60885011078fbea4d7144dfde8af

SHA1
3ad0920f3e0e376e20acef3d951bb10c02330d6f

SHA256
3da0e8a10875327884b70014266a47dae6e90cdda44dab69ad287904a54bc55e

SHA512
13e3b0b0431a056f4b55f76c4495ab26d228d7caa4897c116312790d65d7d58127c49698346dd46726ed8095940f1f221f616e6fc227cf92dbc6bedb649324f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe

Filesize
188KB

MD5
b0714e4adab30eb0a9d2bb832591fc69

SHA1
7daae87f8a85e321dd83a7b7d69f637c2c2709de

SHA256
01d5cf7027b5f50babf42fd9c546fde9a048fa2d69947fbe02315f32ab84ae44

SHA512
a5cdf4d9826a25f8d5ede4071a015e0b13e84a9f0a2da54ba34edaec3d0faa6debcf3e7302f9bc5c9daf7f43b54671e424f3b0b38c1e50828243567b294db670

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads