19847c08ef482e83339b53e13c72b6e7065357a60da1c845e533b250b652be97

Analysis

max time kernel
40s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66c7e15823d08f66602d088e4b4ca4ca.exe
Size

184KB
MD5

66c7e15823d08f66602d088e4b4ca4ca
SHA1

14603533a7a2d4492790e31abe3d3c746b3e51bb
SHA256

19847c08ef482e83339b53e13c72b6e7065357a60da1c845e533b250b652be97
SHA512

b5b5dea9e96ef87e1817c83cd05926fcce934d65ec745d16b880019a99dd4bdc1700e1779b98da367f8c987e56eca18362700b5c8dec4bb08bd977efa722fc99
SSDEEP

3072:opf8onzeC+ptmLzNM7VVS8cYgTHWDwilE+SxVAP+GylY32Fa:opUoHqtmNMxVS8m+SUylY32F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 53 IoCs

pid	Process
1988	Unicorn-34010.exe
1856	Unicorn-49080.exe
2508	Unicorn-4710.exe
2724	Unicorn-15705.exe
2348	Unicorn-56737.exe
2932	Unicorn-4199.exe
2588	Unicorn-6270.exe
3056	Unicorn-18200.exe
1704	Unicorn-62762.exe
1160	Unicorn-38258.exe
580	Unicorn-18392.exe
484	Unicorn-22171.exe
2636	Unicorn-15263.exe
2788	Unicorn-30723.exe
2004	Unicorn-10857.exe
2012	Unicorn-6218.exe
2928	Unicorn-27385.exe
1968	Unicorn-28331.exe
2176	Unicorn-60058.exe
1136	Unicorn-29073.exe
332	Unicorn-17567.exe
1036	Unicorn-39161.exe
1932	Unicorn-27655.exe
2412	Unicorn-4651.exe
900	Unicorn-62020.exe
2992	Unicorn-26010.exe
2460	Unicorn-13203.exe
2084	Unicorn-21564.exe
2352	Unicorn-27340.exe
1248	Unicorn-40338.exe
312	Unicorn-35975.exe
1468	Unicorn-42341.exe
2000	Unicorn-44994.exe
2416	Unicorn-61522.exe
2708	Unicorn-49825.exe
2984	Unicorn-61714.exe
2576	Unicorn-44226.exe
2840	Unicorn-2508.exe
2612	Unicorn-16576.exe
2860	Unicorn-48180.exe
1988	Unicorn-4620.exe
2624	Unicorn-29317.exe
2736	Unicorn-24635.exe
968	Unicorn-3852.exe
772	Unicorn-44693.exe
1728	Unicorn-4646.exe
588	Unicorn-24512.exe
2660	Unicorn-41891.exe
832	Unicorn-48642.exe
2264	Unicorn-2970.exe
1348	Unicorn-24604.exe
1080	Unicorn-60998.exe
2120	Unicorn-47843.exe

Loads dropped DLL 64 IoCs

pid	Process
1640	66c7e15823d08f66602d088e4b4ca4ca.exe
1640	66c7e15823d08f66602d088e4b4ca4ca.exe
1988	Unicorn-34010.exe
1988	Unicorn-34010.exe
1640	66c7e15823d08f66602d088e4b4ca4ca.exe
1640	66c7e15823d08f66602d088e4b4ca4ca.exe
2508	Unicorn-4710.exe
2508	Unicorn-4710.exe
1856	Unicorn-49080.exe
1856	Unicorn-49080.exe
1988	Unicorn-34010.exe
1988	Unicorn-34010.exe
2724	Unicorn-15705.exe
2724	Unicorn-15705.exe
2508	Unicorn-4710.exe
2508	Unicorn-4710.exe
2348	Unicorn-56737.exe
2348	Unicorn-56737.exe
1856	Unicorn-49080.exe
1856	Unicorn-49080.exe
2932	Unicorn-4199.exe
2932	Unicorn-4199.exe
3056	Unicorn-18200.exe
3056	Unicorn-18200.exe
1160	Unicorn-38258.exe
1160	Unicorn-38258.exe
2588	Unicorn-6270.exe
2588	Unicorn-6270.exe
2932	Unicorn-4199.exe
2932	Unicorn-4199.exe
1704	Unicorn-62762.exe
1704	Unicorn-62762.exe
2348	Unicorn-56737.exe
2724	Unicorn-15705.exe
2348	Unicorn-56737.exe
580	Unicorn-18392.exe
580	Unicorn-18392.exe
2724	Unicorn-15705.exe
484	Unicorn-22171.exe
484	Unicorn-22171.exe
3056	Unicorn-18200.exe
3056	Unicorn-18200.exe
2636	Unicorn-15263.exe
2636	Unicorn-15263.exe
1160	Unicorn-38258.exe
1160	Unicorn-38258.exe
2004	Unicorn-10857.exe
2004	Unicorn-10857.exe
2788	Unicorn-30723.exe
2788	Unicorn-30723.exe
2588	Unicorn-6270.exe
2588	Unicorn-6270.exe
2176	Unicorn-60058.exe
2176	Unicorn-60058.exe
2928	Unicorn-27385.exe
2928	Unicorn-27385.exe
1968	Unicorn-28331.exe
1968	Unicorn-28331.exe
580	Unicorn-18392.exe
580	Unicorn-18392.exe
1136	Unicorn-29073.exe
1136	Unicorn-29073.exe
484	Unicorn-22171.exe
484	Unicorn-22171.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
1640	66c7e15823d08f66602d088e4b4ca4ca.exe
1988	Unicorn-34010.exe
1856	Unicorn-49080.exe
2508	Unicorn-4710.exe
2724	Unicorn-15705.exe
2348	Unicorn-56737.exe
2932	Unicorn-4199.exe
3056	Unicorn-18200.exe
2588	Unicorn-6270.exe
580	Unicorn-18392.exe
1160	Unicorn-38258.exe
1704	Unicorn-62762.exe
484	Unicorn-22171.exe
2636	Unicorn-15263.exe
2788	Unicorn-30723.exe
2928	Unicorn-27385.exe
2176	Unicorn-60058.exe
2004	Unicorn-10857.exe
1968	Unicorn-28331.exe
1136	Unicorn-29073.exe
332	Unicorn-17567.exe
1036	Unicorn-39161.exe
1932	Unicorn-27655.exe
2412	Unicorn-4651.exe
900	Unicorn-62020.exe
2992	Unicorn-26010.exe
2460	Unicorn-13203.exe
2084	Unicorn-21564.exe
2352	Unicorn-27340.exe
1248	Unicorn-40338.exe
1468	Unicorn-42341.exe
312	Unicorn-35975.exe
2708	Unicorn-49825.exe
2000	Unicorn-44994.exe
2416	Unicorn-61522.exe
2576	Unicorn-44226.exe
2840	Unicorn-2508.exe
2984	Unicorn-61714.exe
1988	Unicorn-4620.exe
2612	Unicorn-16576.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1988	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	28
PID 1640 wrote to memory of 1988	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	28
PID 1640 wrote to memory of 1988	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	28
PID 1640 wrote to memory of 1988	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	28
PID 1988 wrote to memory of 1856	1988	Unicorn-34010.exe	29
PID 1988 wrote to memory of 1856	1988	Unicorn-34010.exe	29
PID 1988 wrote to memory of 1856	1988	Unicorn-34010.exe	29
PID 1988 wrote to memory of 1856	1988	Unicorn-34010.exe	29
PID 1640 wrote to memory of 2508	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	30
PID 1640 wrote to memory of 2508	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	30
PID 1640 wrote to memory of 2508	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	30
PID 1640 wrote to memory of 2508	1640	66c7e15823d08f66602d088e4b4ca4ca.exe	30
PID 2508 wrote to memory of 2724	2508	Unicorn-4710.exe	31
PID 2508 wrote to memory of 2724	2508	Unicorn-4710.exe	31
PID 2508 wrote to memory of 2724	2508	Unicorn-4710.exe	31
PID 2508 wrote to memory of 2724	2508	Unicorn-4710.exe	31
PID 1856 wrote to memory of 2348	1856	Unicorn-49080.exe	32
PID 1856 wrote to memory of 2348	1856	Unicorn-49080.exe	32
PID 1856 wrote to memory of 2348	1856	Unicorn-49080.exe	32
PID 1856 wrote to memory of 2348	1856	Unicorn-49080.exe	32
PID 1988 wrote to memory of 2932	1988	Unicorn-34010.exe	33
PID 1988 wrote to memory of 2932	1988	Unicorn-34010.exe	33
PID 1988 wrote to memory of 2932	1988	Unicorn-34010.exe	33
PID 1988 wrote to memory of 2932	1988	Unicorn-34010.exe	33
PID 2724 wrote to memory of 2588	2724	Unicorn-15705.exe	34
PID 2724 wrote to memory of 2588	2724	Unicorn-15705.exe	34
PID 2724 wrote to memory of 2588	2724	Unicorn-15705.exe	34
PID 2724 wrote to memory of 2588	2724	Unicorn-15705.exe	34
PID 2508 wrote to memory of 3056	2508	Unicorn-4710.exe	35
PID 2508 wrote to memory of 3056	2508	Unicorn-4710.exe	35
PID 2508 wrote to memory of 3056	2508	Unicorn-4710.exe	35
PID 2508 wrote to memory of 3056	2508	Unicorn-4710.exe	35
PID 2348 wrote to memory of 1704	2348	Unicorn-56737.exe	38
PID 2348 wrote to memory of 1704	2348	Unicorn-56737.exe	38
PID 2348 wrote to memory of 1704	2348	Unicorn-56737.exe	38
PID 2348 wrote to memory of 1704	2348	Unicorn-56737.exe	38
PID 1856 wrote to memory of 580	1856	Unicorn-49080.exe	37
PID 1856 wrote to memory of 580	1856	Unicorn-49080.exe	37
PID 1856 wrote to memory of 580	1856	Unicorn-49080.exe	37
PID 1856 wrote to memory of 580	1856	Unicorn-49080.exe	37
PID 2932 wrote to memory of 1160	2932	Unicorn-4199.exe	36
PID 2932 wrote to memory of 1160	2932	Unicorn-4199.exe	36
PID 2932 wrote to memory of 1160	2932	Unicorn-4199.exe	36
PID 2932 wrote to memory of 1160	2932	Unicorn-4199.exe	36
PID 3056 wrote to memory of 484	3056	Unicorn-18200.exe	39
PID 3056 wrote to memory of 484	3056	Unicorn-18200.exe	39
PID 3056 wrote to memory of 484	3056	Unicorn-18200.exe	39
PID 3056 wrote to memory of 484	3056	Unicorn-18200.exe	39
PID 1160 wrote to memory of 2636	1160	Unicorn-38258.exe	40
PID 1160 wrote to memory of 2636	1160	Unicorn-38258.exe	40
PID 1160 wrote to memory of 2636	1160	Unicorn-38258.exe	40
PID 1160 wrote to memory of 2636	1160	Unicorn-38258.exe	40
PID 2588 wrote to memory of 2788	2588	Unicorn-6270.exe	41
PID 2588 wrote to memory of 2788	2588	Unicorn-6270.exe	41
PID 2588 wrote to memory of 2788	2588	Unicorn-6270.exe	41
PID 2588 wrote to memory of 2788	2588	Unicorn-6270.exe	41
PID 2932 wrote to memory of 2004	2932	Unicorn-4199.exe	46
PID 2932 wrote to memory of 2004	2932	Unicorn-4199.exe	46
PID 2932 wrote to memory of 2004	2932	Unicorn-4199.exe	46
PID 2932 wrote to memory of 2004	2932	Unicorn-4199.exe	46
PID 1704 wrote to memory of 2012	1704	Unicorn-62762.exe	45
PID 1704 wrote to memory of 2012	1704	Unicorn-62762.exe	45
PID 1704 wrote to memory of 2012	1704	Unicorn-62762.exe	45
PID 1704 wrote to memory of 2012	1704	Unicorn-62762.exe	45

C:\Users\Admin\AppData\Local\Temp\66c7e15823d08f66602d088e4b4ca4ca.exe
"C:\Users\Admin\AppData\Local\Temp\66c7e15823d08f66602d088e4b4ca4ca.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        6⤵
        Executes dropped EXE
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        7⤵
        Executes dropped EXE
        
        PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        7⤵
        Executes dropped EXE
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        8⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4646.exe
        6⤵
        Executes dropped EXE
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
        6⤵
        Executes dropped EXE
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        7⤵
        
        PID:1908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        8⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        7⤵
        Executes dropped EXE
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21287.exe
        8⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        7⤵
        Executes dropped EXE
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        7⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        5⤵
        Executes dropped EXE
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        6⤵
        
        PID:2888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
        8⤵
        Executes dropped EXE
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        7⤵
        Executes dropped EXE
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        9⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        7⤵
        
        PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        6⤵
        Executes dropped EXE
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        5⤵
        Executes dropped EXE
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        7⤵
        
        PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        8⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        6⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        7⤵
        
        PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe

Filesize
184KB

MD5
6e88e4c54213ebbb80aca30861f881cd

SHA1
75f4046feb7a3813c6919fb1d62cfacc08cc70c1

SHA256
882b19d6976f635ad664201f8a419c414271b69ee0291187c6a6c1295542d63b

SHA512
a7655eaf57512f8d29e3af1412f71e02e37e9e4d9149149e9547caa96beaf94ca2d99c2c7cf01a36ded8cb9e9ec4e506726b68e0b7886fe0d81e1784263292ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe

Filesize
184KB

MD5
7ece829ba7028385124435c3e9aa6569

SHA1
e0a046be74710125a907a7a1aacc071a5ee1de99

SHA256
cd0f60b25e133236be66bf505c902b17b51222b622015fb44f4e550c0a38c132

SHA512
444ce992b081e337ed602d50c9d51493cb9d4f630fac4285418cf4eca24c3dcd59182dbc62d269682daf07d65f4a44db825e517e8d311c8124ae48e7af12a664

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe

Filesize
184KB

MD5
368fa9b182ded499cb007c632eb14713

SHA1
1bf5ccc60f85649619762d8f59e35b958f166b7d

SHA256
37ed3f78f0a1d4e0f56b22c2670bb63b7f6062f8a74c68667ab8989f19e541f3

SHA512
627ce8b4eb39271eadd7331afb32de252d58ba707456d769c00e42af4f4dd0a215c84c202bd6e410e8005b8626b4152dfe215fd931a9ebc1fdda0df792cdbf50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe

Filesize
64KB

MD5
57ea6c25b8902e3522c00c08e7ee1d54

SHA1
623f4b1e33f29534e598ffb2889197f6d5641b75

SHA256
b75498f243556bfb410e8661e1bd7a67d1bdd75885b5c98adfdbfedb54e4c33c

SHA512
0dde6fb0c24ffaeee727f792f4fff1a3d7590329c94bab48c8ebfc9074ca283b51b960aa900a38c4b272764f97d508eab88150372810bf7d365bec7d1a7eef74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe

Filesize
184KB

MD5
055b244e01042b906536dae728203acf

SHA1
21e95a3f3faa455a3de15966289bbac7e4236a0d

SHA256
1e0f53da83fb10dbc955b4e4c320fae3db606827db37c99fa021bf98394d9ee8

SHA512
6fcbf2d713f824f8bb6d0a72b33d3b9d93be7b0075295345a10331ee9ca27f0b0d64dc5395d39e6605944c872d7c26714cc0190d732b7c7f6dbd9d3243bd1aed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe

Filesize
184KB

MD5
87a1d64df65627d6dee3023ed090faee

SHA1
5894c895cbe482de8ec653b5f4ca83e196a8bad1

SHA256
a569c66cdef45f6eb5fec65d4c56dd83da440f24f40b17f9094a2411bf2f8913

SHA512
6e8fb75e04bf1065bd4dbfff65a38b40ecef5915fc0f4c4595b91c39378330b8044266a19db4cfc33b97fc8eae0ce9be77259adf9443b50b6fc4d7f1f6c6092a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe

Filesize
184KB

MD5
65bda69075e2993d506ed3c9a0e9181b

SHA1
bde0c98acf62fc38260231f7d7ae6d40d8729672

SHA256
9d19fb0301975cc3a8ca46460e0149800822dbea517ecb68edec9b04f0cbc3a3

SHA512
f279b0a6bb6f028179a9670558343440e2eb8c95fcc8966152b192e88772fa08ebdb0673f3a656c49f78dc66d9ba813f4685fc4665f4963bfd77ee74da69fa68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe

Filesize
184KB

MD5
f55fe4abc6726164ba3d0e0d9c0957e7

SHA1
dd5fb64bded263377bfd4d881f2469f193c7c14c

SHA256
312c2d7eeff997b4b4151de2bbf90cb42ea02707c483fa2cd20119c32eb07394

SHA512
da0fe5d6eca7ca0477eb5e650d5520c3e03cdfc3211dc70e16a6d737d13797fb1700769de343e30e35b48c05e1322236725d93fbe20ba049247063a7ad2e8bd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe

Filesize
184KB

MD5
67b8935f4e2e770f7a446ea46f2b661c

SHA1
eb343943546df5e881b0e3f53e0873e124b05ace

SHA256
59e7727d2ce66e56bdbd6debf09ae7952ad0b46fb67599019210e15254e873ef

SHA512
650667e04d6a65ba651c0adf27c1db65745fd9a31fa2097a8e45087fbf10caa8fdf11d4cf91a6b496f11401d512e699b74f6b99e8e0f6e6bccc2a11bb79b7718

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe

Filesize
105KB

MD5
cebef64aa847a6d1564ab157e1cb1bbf

SHA1
9224655764601448335db47d11486a74ab80880f

SHA256
306ebc2fb474fe2aac8603e95848a82e5852c93f3fff189e8bd7ae9f6950f00f

SHA512
37d7f37d258350cd12f0ed18ae5fd01988a11692d3be0f1608d6e6412a4a46f07b8da25a05332916f28061ce7cb93beaae6537b065e43e50e1de9c793f8b2aa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe

Filesize
184KB

MD5
151005a69691ac8ed9e1da548826907f

SHA1
7ba1e04e357e6985c4f430d5bac0b8e2096074a3

SHA256
dc743c3e47979b9c26659730a251457f2437a446eacc7b0a42f6e3f7003a80a4

SHA512
eed3cf0564567fefb6f0784a4e2ca397f25020fdbbda81c06dcc83fbbe49e8a24675be55968770983cfc3d26f040b074b193241b7e82847a7fdb397de93769b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe

Filesize
184KB

MD5
6e0cd52da803e691ec255d17e0b53f01

SHA1
b360b9291e5354cf84a175d7c808e16d1fb948e7

SHA256
ca63190a78a14144ec32ada05ed8fc699bba301a66979a98ff38f76809f0e0ac

SHA512
45a6964f759893d090388fbcb6e4f4934f235964b661e19376f50d023ef68ae56b338982244aa997b26a472ef59ef769b1f198c7433a7c06bb0df9ecbeb7a6dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe

Filesize
184KB

MD5
daef5db6e617d84f237ca7d6f6709cc8

SHA1
9c1db2197141d8c380448db196f94ae00a46a8f7

SHA256
83a469b2c3831390b262c80cc145289a90db11caad4cd168f4cc8ac277158870

SHA512
5e5e694579c6a34b2d554e855de5fd3a14fd2d30b5afbd6ee7e207e61249ee6acac24edb9179393dfbd75e375f792441a6447437a5094b1d124a72145b89044e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe

Filesize
184KB

MD5
ddd08c3aef62f832ff785015f68ff1ee

SHA1
b5484b1ae1d77e0ed36fbfd6630181debb03e047

SHA256
435b01699397b570f5164e253d2f906989945e9da84abc6c0497162b274657d8

SHA512
42f865129e364cab9173378f5714c249cc425223e44abdc85c3a01715bbb9f4edbb32fc65382907ca992e23f88525e0c6085a4ad655d5099cec64a12186cc4f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe

Filesize
184KB

MD5
2eaf4c82287e96e4a0a75a65d8bad374

SHA1
e85604b1306dee1b194ee5f36ea9c9125f667c1e

SHA256
355175fb9d9a471d13487d658648d21f17ce54d4d92a6d19e0e296e0b710e750

SHA512
3aa4a9f23ae34765da62b4dce5972c1724e7165982b9275b3a2679d3c1e566ff8a3a4c946b7e3487534d7414be1f556483a882da5c687e322e113b3584b446ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe

Filesize
59KB

MD5
feb2ddd5602ecaa713aad09b9d33f4cf

SHA1
06d1f3c7fab1c2c45339d088d88259ec1f575e84

SHA256
24a489c169b3ff2b5d2357636e54b17586f1071694383dc6b7a41776b2846068

SHA512
e9841d1f531ec48c4badf0d74dec1783ef38eb3307104ecddeb3b6a9c53c3dc31664a5fc57b335e25fe6211466e7ae783b86534f522d6ddec45eb2b7abb35d06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe

Filesize
184KB

MD5
9e426f1c5f736b39b19a2fc226f32d19

SHA1
d6888ed9fe3a975bb43e8f0cf232ba64f25679f5

SHA256
247fb96757c19bfb21bf708d1091ee6110dc01865df984989f13ebbd698814b9

SHA512
45109aec5c632743d4afed6c4a24d8384a36914325eb6e2c7032a0fb676bdbddd43862b200702fbc83c300e968779c7fdf14a7f4a0e5551f2792d829d2d5234a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe

Filesize
184KB

MD5
8c52c023b976c688f6b5a85e014f3a2c

SHA1
70d8f251b8d4d9370d5304bbb018c252129243a2

SHA256
d9e34848803d892f38d92c19ab8964f6955c185eeabf2e4238011e83479e686f

SHA512
c1ad56900df605d118f203797a25f81cdf3700dfe50b3ba6e0fffbc83b96b78884dfcb03c8e632b02fa6d988cee7feae6281ddd5d3e075635504582581c9a21e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe

Filesize
184KB

MD5
078ef4a486e2567c55124eff22aa4223

SHA1
fe985bc6e42687e0e95d224fcaea9f0d66b85ee8

SHA256
c052f1703208b94a451fe19f0e384faa169d3e543b8307c5ab8ac22b9e985a63

SHA512
b008635a28161492dc9539110b4a32424b55f48b443c891792bf9600990fe4f5c1ac58ae2ead7c52a89fea93a576b7f01422b4a4f65921732635096881b7f7ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe

Filesize
184KB

MD5
84510ec1010f320d6298f6333c5fd4e4

SHA1
3665b7ff1b1afb8609259af51f31b1f146c29e8a

SHA256
bb724a2d913350cdf7fc251bef75dde4aa63659a0088475185299bf49e05c178

SHA512
d701dbf0a6c64a54ce704d0d32c281cb820e3c4edb7e4715e1b3661c188581e94a8b7a6f5dfa23c50b8203914fefa14d660b8b919fcbf3c9343f9132898f8d28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe

Filesize
184KB

MD5
9ba71b70c629274b9e3b3aa2333c3211

SHA1
01453d0c9c52a85466e7127a6307060f11780413

SHA256
0b3c0317c4bf407efe2f8b6dacd420601b9ac86a17e45f7f2fcfcef1ebdf233d

SHA512
0d4f234c49d9f63a6abdd850df0461ed5c208d1e8fc0ab875eb546d7e7dd4b1a92e3c47e03e7afd1eaa523974b58b631962cde37c6a50b1257b088e742b4d227

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe

Filesize
184KB

MD5
047c7002d338b9bc396c4ca957d1fabc

SHA1
5784885159cd3224f2077e250e17a95a73013fb7

SHA256
16e6f56ef4c38cd9c75cde8e6e76a908f170f642deb15d1c3e56f0132d9801ea

SHA512
136085da38238fe806ceba20bd511c399d493a8acc07fc8ea7bd136a9dacd5858c0639476ab93c2adc924d449cdc2ef66646a93891e7e8502ab05ad4986eb01d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe

Filesize
184KB

MD5
7a51ed1ae7ee4d7d2954333c19018aa9

SHA1
3528e8398fc5996482befef06434f80db42fe2af

SHA256
721447367ad8651819a5d061a60c7045772bbf3d5185d069325e9af7c9a9818a

SHA512
bf6ba571ac49b2e2b30e346c41f2f993a4dd0329cdee6dd23883e82ea2adf93ab0f5eb09126d694e6875431d9195e32aa2908f35036c21438c8e34586075c529

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads