cafdded63242a6c113bad9ae0754b899b475a4c3f6e0fc58d2527f934e3926ac

Analysis

max time kernel
29s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8cf24b38157a0d3ee8807be1a02f5ed.exe
Size

184KB
MD5

c8cf24b38157a0d3ee8807be1a02f5ed
SHA1

520a7bc0b13673ed8a6d57f0a5822b01ba6be7d9
SHA256

cafdded63242a6c113bad9ae0754b899b475a4c3f6e0fc58d2527f934e3926ac
SHA512

4a86571161860be78189c328959f3ac472915c285da155bcc58f292e2f9fee6525b87c3815e12d6bcbe7da643b2a0127d5e44d5b61bf9602fbca7b32d4257919
SSDEEP

3072:0K6toqTfEAYXljfdxK5qzRbBeq6NTJI+xrlJkXce7lPdppuQ:0KEooVYXRdk5qzAesG7lPdp8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 53 IoCs

pid	Process
2928	Unicorn-57178.exe
1332	Unicorn-32400.exe
2936	Unicorn-33831.exe
2812	Unicorn-33649.exe
2572	Unicorn-26824.exe
2764	Unicorn-7603.exe
2528	Unicorn-56792.exe
2932	Unicorn-18561.exe
800	Unicorn-62822.exe
2744	Unicorn-45033.exe
1804	Unicorn-46605.exe
2748	Unicorn-8539.exe
2392	Unicorn-52099.exe
1268	Unicorn-29069.exe
2856	Unicorn-63059.exe
2108	Unicorn-42233.exe
2128	Unicorn-48586.exe
1508	Unicorn-14543.exe
544	Unicorn-60215.exe
1076	Unicorn-45297.exe
2216	Unicorn-55914.exe
1544	Unicorn-49905.exe
984	Unicorn-7920.exe
2156	Unicorn-24942.exe
1092	Unicorn-33882.exe
1364	Unicorn-15901.exe
2816	Unicorn-23406.exe
2376	Unicorn-54324.exe
2804	Unicorn-29986.exe
2792	Unicorn-10120.exe
2160	Unicorn-57396.exe
1600	Unicorn-50380.exe
2548	Unicorn-9763.exe
2612	Unicorn-62363.exe
2588	Unicorn-20920.exe
2728	Unicorn-41423.exe
2768	Unicorn-41746.exe
2568	Unicorn-52187.exe
2452	Unicorn-57755.exe
2624	Unicorn-43535.exe
3036	Unicorn-15186.exe
2236	Unicorn-35052.exe
1676	Unicorn-6071.exe
940	Unicorn-59805.exe
1988	Unicorn-39939.exe
1628	Unicorn-59805.exe
1980	Unicorn-25937.exe
956	Unicorn-6071.exe
1700	Unicorn-25937.exe
944	Unicorn-44707.exe
1232	Unicorn-34416.exe
1868	Unicorn-54282.exe
2068	Unicorn-3123.exe

Loads dropped DLL 64 IoCs

pid	Process
2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe
2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe
2928	Unicorn-57178.exe
2928	Unicorn-57178.exe
2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe
2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe
1332	Unicorn-32400.exe
1332	Unicorn-32400.exe
2928	Unicorn-57178.exe
2928	Unicorn-57178.exe
2936	Unicorn-33831.exe
2936	Unicorn-33831.exe
2812	Unicorn-33649.exe
2812	Unicorn-33649.exe
1332	Unicorn-32400.exe
1332	Unicorn-32400.exe
2572	Unicorn-26824.exe
2572	Unicorn-26824.exe
2764	Unicorn-7603.exe
2764	Unicorn-7603.exe
2936	Unicorn-33831.exe
2936	Unicorn-33831.exe
2528	Unicorn-56792.exe
2528	Unicorn-56792.exe
2812	Unicorn-33649.exe
2812	Unicorn-33649.exe
2932	Unicorn-18561.exe
2932	Unicorn-18561.exe
800	Unicorn-62822.exe
800	Unicorn-62822.exe
2744	Unicorn-45033.exe
2744	Unicorn-45033.exe
2572	Unicorn-26824.exe
2572	Unicorn-26824.exe
2764	Unicorn-7603.exe
2764	Unicorn-7603.exe
1804	Unicorn-46605.exe
1804	Unicorn-46605.exe
2748	Unicorn-8539.exe
2748	Unicorn-8539.exe
2528	Unicorn-56792.exe
2528	Unicorn-56792.exe
2392	Unicorn-52099.exe
2392	Unicorn-52099.exe
2856	Unicorn-63059.exe
2856	Unicorn-63059.exe
1268	Unicorn-29069.exe
1268	Unicorn-29069.exe
800	Unicorn-62822.exe
800	Unicorn-62822.exe
2932	Unicorn-18561.exe
2932	Unicorn-18561.exe
544	Unicorn-60215.exe
544	Unicorn-60215.exe
1508	Unicorn-14543.exe
1508	Unicorn-14543.exe
2108	Unicorn-42233.exe
1804	Unicorn-46605.exe
2108	Unicorn-42233.exe
1804	Unicorn-46605.exe
2128	Unicorn-48586.exe
2128	Unicorn-48586.exe
2744	Unicorn-45033.exe
2744	Unicorn-45033.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2860	1092	WerFault.exe	52

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe
2928	Unicorn-57178.exe
1332	Unicorn-32400.exe
2936	Unicorn-33831.exe
2812	Unicorn-33649.exe
2572	Unicorn-26824.exe
2764	Unicorn-7603.exe
2528	Unicorn-56792.exe
2932	Unicorn-18561.exe
800	Unicorn-62822.exe
2744	Unicorn-45033.exe
1804	Unicorn-46605.exe
2748	Unicorn-8539.exe
2392	Unicorn-52099.exe
1268	Unicorn-29069.exe
2856	Unicorn-63059.exe
2108	Unicorn-42233.exe
2128	Unicorn-48586.exe
544	Unicorn-60215.exe
1508	Unicorn-14543.exe
1076	Unicorn-45297.exe
2216	Unicorn-55914.exe
1544	Unicorn-49905.exe
984	Unicorn-7920.exe
2156	Unicorn-24942.exe
1092	Unicorn-33882.exe
1364	Unicorn-15901.exe
2816	Unicorn-23406.exe
2376	Unicorn-54324.exe
2804	Unicorn-29986.exe
2160	Unicorn-57396.exe
2792	Unicorn-10120.exe
1600	Unicorn-50380.exe
2548	Unicorn-9763.exe
2568	Unicorn-52187.exe
2728	Unicorn-41423.exe
2768	Unicorn-41746.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2928	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	28
PID 2536 wrote to memory of 2928	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	28
PID 2536 wrote to memory of 2928	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	28
PID 2536 wrote to memory of 2928	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	28
PID 2928 wrote to memory of 1332	2928	Unicorn-57178.exe	29
PID 2928 wrote to memory of 1332	2928	Unicorn-57178.exe	29
PID 2928 wrote to memory of 1332	2928	Unicorn-57178.exe	29
PID 2928 wrote to memory of 1332	2928	Unicorn-57178.exe	29
PID 2536 wrote to memory of 2936	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	30
PID 2536 wrote to memory of 2936	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	30
PID 2536 wrote to memory of 2936	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	30
PID 2536 wrote to memory of 2936	2536	c8cf24b38157a0d3ee8807be1a02f5ed.exe	30
PID 1332 wrote to memory of 2812	1332	Unicorn-32400.exe	31
PID 1332 wrote to memory of 2812	1332	Unicorn-32400.exe	31
PID 1332 wrote to memory of 2812	1332	Unicorn-32400.exe	31
PID 1332 wrote to memory of 2812	1332	Unicorn-32400.exe	31
PID 2928 wrote to memory of 2572	2928	Unicorn-57178.exe	32
PID 2928 wrote to memory of 2572	2928	Unicorn-57178.exe	32
PID 2928 wrote to memory of 2572	2928	Unicorn-57178.exe	32
PID 2928 wrote to memory of 2572	2928	Unicorn-57178.exe	32
PID 2936 wrote to memory of 2764	2936	Unicorn-33831.exe	33
PID 2936 wrote to memory of 2764	2936	Unicorn-33831.exe	33
PID 2936 wrote to memory of 2764	2936	Unicorn-33831.exe	33
PID 2936 wrote to memory of 2764	2936	Unicorn-33831.exe	33
PID 2812 wrote to memory of 2528	2812	Unicorn-33649.exe	34
PID 2812 wrote to memory of 2528	2812	Unicorn-33649.exe	34
PID 2812 wrote to memory of 2528	2812	Unicorn-33649.exe	34
PID 2812 wrote to memory of 2528	2812	Unicorn-33649.exe	34
PID 1332 wrote to memory of 2932	1332	Unicorn-32400.exe	35
PID 1332 wrote to memory of 2932	1332	Unicorn-32400.exe	35
PID 1332 wrote to memory of 2932	1332	Unicorn-32400.exe	35
PID 1332 wrote to memory of 2932	1332	Unicorn-32400.exe	35
PID 2572 wrote to memory of 800	2572	Unicorn-26824.exe	36
PID 2572 wrote to memory of 800	2572	Unicorn-26824.exe	36
PID 2572 wrote to memory of 800	2572	Unicorn-26824.exe	36
PID 2572 wrote to memory of 800	2572	Unicorn-26824.exe	36
PID 2764 wrote to memory of 2744	2764	Unicorn-7603.exe	38
PID 2764 wrote to memory of 2744	2764	Unicorn-7603.exe	38
PID 2764 wrote to memory of 2744	2764	Unicorn-7603.exe	38
PID 2764 wrote to memory of 2744	2764	Unicorn-7603.exe	38
PID 2936 wrote to memory of 1804	2936	Unicorn-33831.exe	37
PID 2936 wrote to memory of 1804	2936	Unicorn-33831.exe	37
PID 2936 wrote to memory of 1804	2936	Unicorn-33831.exe	37
PID 2936 wrote to memory of 1804	2936	Unicorn-33831.exe	37
PID 2528 wrote to memory of 2748	2528	Unicorn-56792.exe	39
PID 2528 wrote to memory of 2748	2528	Unicorn-56792.exe	39
PID 2528 wrote to memory of 2748	2528	Unicorn-56792.exe	39
PID 2528 wrote to memory of 2748	2528	Unicorn-56792.exe	39
PID 2812 wrote to memory of 2392	2812	Unicorn-33649.exe	40
PID 2812 wrote to memory of 2392	2812	Unicorn-33649.exe	40
PID 2812 wrote to memory of 2392	2812	Unicorn-33649.exe	40
PID 2812 wrote to memory of 2392	2812	Unicorn-33649.exe	40
PID 2932 wrote to memory of 1268	2932	Unicorn-18561.exe	41
PID 2932 wrote to memory of 1268	2932	Unicorn-18561.exe	41
PID 2932 wrote to memory of 1268	2932	Unicorn-18561.exe	41
PID 2932 wrote to memory of 1268	2932	Unicorn-18561.exe	41
PID 800 wrote to memory of 2856	800	Unicorn-62822.exe	42
PID 800 wrote to memory of 2856	800	Unicorn-62822.exe	42
PID 800 wrote to memory of 2856	800	Unicorn-62822.exe	42
PID 800 wrote to memory of 2856	800	Unicorn-62822.exe	42
PID 2744 wrote to memory of 2128	2744	Unicorn-45033.exe	43
PID 2744 wrote to memory of 2128	2744	Unicorn-45033.exe	43
PID 2744 wrote to memory of 2128	2744	Unicorn-45033.exe	43
PID 2744 wrote to memory of 2128	2744	Unicorn-45033.exe	43

C:\Users\Admin\AppData\Local\Temp\c8cf24b38157a0d3ee8807be1a02f5ed.exe
"C:\Users\Admin\AppData\Local\Temp\c8cf24b38157a0d3ee8807be1a02f5ed.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30587.exe
        9⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        8⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        9⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        7⤵
        Executes dropped EXE
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        6⤵
        Executes dropped EXE
        
        PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        7⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        8⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        6⤵
        Executes dropped EXE
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
        7⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        6⤵
        Executes dropped EXE
        
        PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        8⤵
        Executes dropped EXE
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        6⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        7⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        6⤵
        Program crash
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
        6⤵
        Executes dropped EXE
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        7⤵
        
        PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        5⤵
        Executes dropped EXE
        
        PID:1676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        7⤵
        Executes dropped EXE
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        6⤵
        Executes dropped EXE
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        6⤵
        Executes dropped EXE
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        7⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        6⤵
        Executes dropped EXE
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        5⤵
        Executes dropped EXE
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        7⤵
        
        PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        6⤵
        Executes dropped EXE
        
        PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        5⤵
        Executes dropped EXE
        
        PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe

Filesize
184KB

MD5
421843579d0c9debedc040564bf94b6e

SHA1
32f78c1be81b1a83ec1c488627f498a32c8e7892

SHA256
bb750f502cf2be36fc111b71e5d94746dd60fa42e8d7a85a69a2a52231ba039c

SHA512
39be0404ce91e7fa26f3011c2ca9c995d28176700bcec4ee6dcd6908ab983a3584244bed6d22d6890f532428653f25038ecb0999455f769973b96360375847d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe

Filesize
184KB

MD5
52de978377acbcd106cbaec9710c9600

SHA1
34da061d1e6cb05880295899fcac0a644d9bf1c2

SHA256
c5632268cfc056cd9bb9e6ff8a80f062acb39c480c1848e4f74e685d421770f8

SHA512
60baa9fe1b9be0791e8dc914eb8a422c49c21d07dff0dd02dcff91898f15d8ca3fd5dab868ed1447ae9d485d6a42e8dd0678fad51a780e335d641d0ced34c8ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe

Filesize
37KB

MD5
4f8be9426639fc59619c74bf439c662f

SHA1
36f52cd290fbdc426fd9d0248c6ceb57c283d0f2

SHA256
8c3575272d605694313b9e773a9944e02b3f2c8a2bfa53c5ca00e7e63d31ff1f

SHA512
de7a719dcd2a46e0e5c3d991547568ce89d45d7caa2e664794ea15921bbd226dc461085bae8992b12a034e2c650b652fe24513596807a49833a46a8f8130412f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe

Filesize
2KB

MD5
c5425e5f29ec85184c592f290f1e159c

SHA1
208ea0abfcd49f99197297618053fa4d673ca9c2

SHA256
d1c47391f467944ea2f9c5ba0bc07ed34b0f4588aa1e89a47dae9854f7343f4a

SHA512
76527734c0069ae680bba0d359378c883d522c9303ece98f92da13c2055772f557a0d437a438a53c6ed0cc75149fd5e18ce10fd496a8653964dbe41934261458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe

Filesize
184KB

MD5
bb8dcb098dbb19ab4c694e81bf655f91

SHA1
0805abe4032cab0ca174672789c3689fcf3f630e

SHA256
376a0cc44a25d66570aa6cd2a68651721cdce06cc669a388afff9a8eef66a2f1

SHA512
956d40f8aa648502488af333be5091854ca570764ef7806ee084cc4178338b8173c0b3ec65fdac1d737bb459f97769c78e3e7218dff0776d8910493ca8f47a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe

Filesize
184KB

MD5
d4ab2493b7d92e938e8473fea681c217

SHA1
09dcc4a958430c0cec6626db54c8731bda5ff00f

SHA256
2654920393ac8cd1898435cec089d8c7e0b8b3bb62e2ed4c151ff98acb0ad088

SHA512
871d187fe9fd43ea180425fed43eaf82e4275f1c07abe91fd32ceb21f9d93889d13716c061fa13d6389022d35176e32c92ac341b09fe0b965916edba54578008

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe

Filesize
155KB

MD5
ec80d2a9db3904a9d5918b2a5a6a79b3

SHA1
c1f6444121528bff311b3538009f863852466fcc

SHA256
cbe151f271409e26a0e2f4e4a0bf07862203351d7caa17c228f9b1651f1c1073

SHA512
664184be387c518aa1d49c24d78becc36d82a4e246f85be03a5422798a779dc240729a412aa25c380bbabb8e8fba67ad16c60887882ce36053047a3fda7c31f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe

Filesize
184KB

MD5
21ab455607a42cdbd7bbc2623f9d43a6

SHA1
572f2381032446bc41e35a0064a4f31df9ffcb74

SHA256
6388f01fd3f3e0c26bee379aa781548cf203c591e0ebb1647dee91aa9d721248

SHA512
e1801d49f090a2f6bdee738f22b57a94d10228e4287f4702b4c9d7db1412022c5fc691b47e71284da947225047b9f96813a526c320526f42bf5d0abfa8f468e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe

Filesize
184KB

MD5
72d3e575cda40bbe9741a7a7c351ea0e

SHA1
f539aeba2b548b80f1c54e6e8145593b2812091a

SHA256
341ed6dd9481ae3e851336f4d90bd01c673339213a64eceecfda5c5ff0a2fbce

SHA512
988baccf3e6aea882189cea7b27bd1eafc574b0cec187918cb54e5a1cf49ac846438f2e3b8bbd24dfa0506f0b5b95a82dda885e854e50be6ea266f0afe101d29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe

Filesize
184KB

MD5
836bd28fe5f2504f0cfbd5b6640d155e

SHA1
9fd0c0a9aff88a287f29befaa68dbaee691dfa1e

SHA256
a4efde34b5221acea4aa5b84f18fac4c491237072136ab7849b079ec8008070d

SHA512
9a64ed8b58397da5586d463c67acd40ca99fd5ca24d3eef1b436da31d96b8b026ea068dc1421b09b19060fe63ac82bbb651b379470079d21acf792fcf909bba5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe

Filesize
184KB

MD5
67133a4ae3c8d76b2b2ce40cf0dac81f

SHA1
92681df83c7404704cea0e9c8daf668a48b06eb3

SHA256
0d1ddaeda353f84db4e8beb0d421cb4b0810be9e3e97d51dbc499344b4967b23

SHA512
b4aa1d91b03976ad0ef7485aeba9d99793ceec16df73d695024e73d4e95634bdb1688c4296882b86f713d19b9cb1731e7bd1bcb177ecf0a7e90e2bafa679917d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe

Filesize
184KB

MD5
ad4be0e10ea7ac041e304cf8d9e2c4b6

SHA1
01828285b2ea966221e492858b018d5d5107da5d

SHA256
2c06d1876a7752569ce74192bd82792be4517940048202e6f425e77a209b6a38

SHA512
73c46508814720dd62eeaf7b1c18416efb0f3ca0ca228702f77c1ab0b264c4365b6488d181a5447b4c7fe8be71358a02e45648b6247d4826b93eb85a31f4d455

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe

Filesize
184KB

MD5
ed8f54d77238781c7522f0ecb0f6bebf

SHA1
bc6ec10d1c99059e852739ca08e78324c6090bf1

SHA256
0e94a5c7b4edf3f775ea5230996a751d13efbf93c05deae66f69c4278581f582

SHA512
9e28945bfc5b4ed946100485d1cdf87896cc6a14b49cbb5d17c7f5478839d1983789f6b6e7bb6a56118f30dbdb9d9d526309694b3f13aa897606469f058341b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe

Filesize
8KB

MD5
9eeb073a66cbbed63b688cf259c1017d

SHA1
cc2761e1ab8e4a508a40df57f1e628c475e935ef

SHA256
f999c7e20a57de4d08a25c8fb3d02e3bdac05b553376a017ad15a919a78ff86b

SHA512
8b9840479920a38508f43f7196386bd31fdc79be3c28234bd2fded507056759942bc86408678d14a5462b76bd0e907e5a03a0072323c35230829c645126b16ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe

Filesize
184KB

MD5
1121263bb8310d003a6f42940af36f39

SHA1
7cfb75aa693672792f1a366b3a313d0c6c34646a

SHA256
f92fa522401289d66ec125586ba6c2d12d81cb0eeddd2c814e0e9e654eac7ff0

SHA512
763ff337599bbad3dd6421a7bd22b12d26e73e4a47c1218046726d6f614b2f9fb33d08d3eec9fa4a911d8a94f8e522938e01395f08a7c50e4f0ae3337bdfd5d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe

Filesize
184KB

MD5
d268f37fb50cec4c20d6b68cc49cddf3

SHA1
70e843029f7b5f7d6ccdd64ce534421e395dc0f3

SHA256
8b5b694095a73ce6b9f6591681b4863fd32ac62b4bf6b6ec0fe0662d36b82f98

SHA512
cfce6039a10f9df22b8dee660163c8ad0362b92bff628029c6293e4dd9a9b0b13a708bfa88b76e854efabb470356df078363f4fcd8549a10a342506117eb354c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe

Filesize
184KB

MD5
be278b33a62d91c35c32aca09e18c732

SHA1
ccc925c8f5e4cbfce7c3a36b65e4aa2939a31bcc

SHA256
e25028939afa82d046471b2c112e9fe1a65ed26dd911e5741af88b7087e5cc3e

SHA512
780dff760a81693bfa1d1e95ab0dfa98a6e698898d7a57ecb78f9afaa5797055305d7dac8811454fc73c94d2e0e30b0507baec65e731c76ef87dee48cbe3fd92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe

Filesize
184KB

MD5
1851997f9834814d4bf19925945caad5

SHA1
2fdec08af32c9d23f3de3a763510da93ee53884f

SHA256
7cc4c2b8c190dda015ee6ad18fcbbe1ff2ea7be4351306334feddd96d56b3694

SHA512
781b88eb763503885174be8883c60bab27b5424f2942b97ed0c415211e3cb33cb4d3f4ab931ff8167f147ab6d6bdd6316ba2a7bb34384a86aa6b5c0fc5e8c6e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe

Filesize
184KB

MD5
03af4a41d49c11efc687752ffc8139d9

SHA1
c81de05fac065acbbe33e19534b33240437285de

SHA256
aa741e05d813fddd67aa446ce578dbd9d937dfb9678c19b6cdcc82af1f5ad5f6

SHA512
9b78d645a607509d9d901579e28ee0a12bf983a4f6ec6ef60be26d9d5debea92d719340eea98915976d0bcbe30d3c202fe4b56bd8f2250fef2c79bc59709916f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe

Filesize
184KB

MD5
17f8c1368ca34a5aff4e5d971fe11393

SHA1
a8537a11c943ccc1005d96f39e422fcddf170567

SHA256
df5c5dfbdd8d4a286111ebda76012e71cef22976af1201ebbf017bcf897ebc71

SHA512
1be3255393140e8a436ef31baa20a4ff4d4d1a29fda632853b51847d6f42475ab3eb6b079b32cfd3fed0684f0b5c094ac72bca3f0a9c5cff390ffdd868910b7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe

Filesize
184KB

MD5
8e8a497bfa68dd9f0e386c17cfb995ad

SHA1
c9776bf443dc231c5efab3f6e17120cf6c316198

SHA256
7c79af396b022e3e2ebbf17e882bd7ee084fb669292397811da9b3fe5d54fce2

SHA512
175167c103a7045d27f1bbcec669a1da6c14de184a9dbd4781144850191ca408336396c785fee006ae58d034b099b17de4275206a9cdbb9fb8f115711c636772

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe

Filesize
184KB

MD5
cf682e374ea55c3c588d4790337354a8

SHA1
f7a47daa38915c2dfe3157a63167ca08a5543632

SHA256
c5dc67adabdb394aa2a698e4300a31a4a09284582a489101ad8986be33e2abaf

SHA512
69fcd59e7bdb2825c246e12187bd02d54bd682672d7a603b9c56289d35dc33aeef13ac78a42ba870882ca07017c1a448c049737440afc7aa7a4ec514bd8f1bfb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads