564d6f4f5c755f1ef48a30fd25677194602d605aef430544a91c2fa9e36fd6ea

Analysis

max time kernel
26s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a0e9fca13ee115c46a12ebe5ec03789.exe
Size

184KB
MD5

0a0e9fca13ee115c46a12ebe5ec03789
SHA1

a0a8a434cc2e2b1c7d271e4c2279579e056e78e2
SHA256

564d6f4f5c755f1ef48a30fd25677194602d605aef430544a91c2fa9e36fd6ea
SHA512

9061a691a21629b311f964a9d7d7e61fc54234e31f6081495e98f1547e02a1bf4eb7c9e0736e32c440453e53d3ea1572da7fd858e83553cf8d865da642fac693
SSDEEP

3072:yTkMomALPXf0nOj4Mo+6vJ01fX0ME8ln8SxKiatSNlPvpFl:yTXorP0n7ML6vJRMcCNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 51 IoCs

pid	Process
2000	Unicorn-60569.exe
1976	Unicorn-28364.exe
2628	Unicorn-60714.exe
2272	Unicorn-65442.exe
2872	Unicorn-16988.exe
3024	Unicorn-49106.exe
2600	Unicorn-62785.exe
2804	Unicorn-18415.exe
2192	Unicorn-42365.exe
2948	Unicorn-50533.exe
3008	Unicorn-2079.exe
276	Unicorn-15011.exe
2120	Unicorn-39708.exe
1388	Unicorn-16526.exe
2020	Unicorn-15972.exe
2624	Unicorn-48322.exe
1308	Unicorn-60019.exe
1772	Unicorn-2650.exe
676	Unicorn-49391.exe
640	Unicorn-48102.exe
2100	Unicorn-40488.exe
1736	Unicorn-39934.exe
1344	Unicorn-416.exe
1808	Unicorn-61314.exe
1768	Unicorn-32918.exe
1324	Unicorn-23982.exe
960	Unicorn-57401.exe
3036	Unicorn-52762.exe
2364	Unicorn-12476.exe
3060	Unicorn-32342.exe
1964	Unicorn-24833.exe
2448	Unicorn-50852.exe
3056	Unicorn-42129.exe
2716	Unicorn-46960.exe
2468	Unicorn-34153.exe
2732	Unicorn-42321.exe
2572	Unicorn-58636.exe
2652	Unicorn-58273.exe
2660	Unicorn-58273.exe
2096	Unicorn-17686.exe
2780	Unicorn-17686.exe
2672	Unicorn-17686.exe
2728	Unicorn-37552.exe
1616	Unicorn-17686.exe
2476	Unicorn-37552.exe
2808	Unicorn-37552.exe
2568	Unicorn-37552.exe
2176	Unicorn-37552.exe
2972	Unicorn-51859.exe
2776	Unicorn-6187.exe
2996	Unicorn-6187.exe

Loads dropped DLL 64 IoCs

pid	Process
1792	0a0e9fca13ee115c46a12ebe5ec03789.exe
1792	0a0e9fca13ee115c46a12ebe5ec03789.exe
2000	Unicorn-60569.exe
2000	Unicorn-60569.exe
1792	0a0e9fca13ee115c46a12ebe5ec03789.exe
1792	0a0e9fca13ee115c46a12ebe5ec03789.exe
1976	Unicorn-28364.exe
1976	Unicorn-28364.exe
2000	Unicorn-60569.exe
2000	Unicorn-60569.exe
2628	Unicorn-60714.exe
2628	Unicorn-60714.exe
2272	Unicorn-65442.exe
2272	Unicorn-65442.exe
1976	Unicorn-28364.exe
1976	Unicorn-28364.exe
2872	Unicorn-16988.exe
2872	Unicorn-16988.exe
3024	Unicorn-49106.exe
3024	Unicorn-49106.exe
2628	Unicorn-60714.exe
2628	Unicorn-60714.exe
2804	Unicorn-18415.exe
2804	Unicorn-18415.exe
2600	Unicorn-62785.exe
2600	Unicorn-62785.exe
2272	Unicorn-65442.exe
2272	Unicorn-65442.exe
2948	Unicorn-50533.exe
2948	Unicorn-50533.exe
2192	Unicorn-42365.exe
2192	Unicorn-42365.exe
3008	Unicorn-2079.exe
3008	Unicorn-2079.exe
3024	Unicorn-49106.exe
3024	Unicorn-49106.exe
2872	Unicorn-16988.exe
2872	Unicorn-16988.exe
276	Unicorn-15011.exe
276	Unicorn-15011.exe
2804	Unicorn-18415.exe
2804	Unicorn-18415.exe
2120	Unicorn-39708.exe
2120	Unicorn-39708.exe
2600	Unicorn-62785.exe
2600	Unicorn-62785.exe
1388	Unicorn-16526.exe
1388	Unicorn-16526.exe
2624	Unicorn-48322.exe
2624	Unicorn-48322.exe
1308	Unicorn-60019.exe
1308	Unicorn-60019.exe
2948	Unicorn-50533.exe
2948	Unicorn-50533.exe
1772	Unicorn-2650.exe
1772	Unicorn-2650.exe
3008	Unicorn-2079.exe
676	Unicorn-49391.exe
3008	Unicorn-2079.exe
676	Unicorn-49391.exe
640	Unicorn-48102.exe
640	Unicorn-48102.exe
276	Unicorn-15011.exe
276	Unicorn-15011.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3048	2988	WerFault.exe	87

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
1792	0a0e9fca13ee115c46a12ebe5ec03789.exe
2000	Unicorn-60569.exe
1976	Unicorn-28364.exe
2628	Unicorn-60714.exe
2272	Unicorn-65442.exe
2872	Unicorn-16988.exe
3024	Unicorn-49106.exe
2804	Unicorn-18415.exe
2600	Unicorn-62785.exe
2192	Unicorn-42365.exe
2948	Unicorn-50533.exe
3008	Unicorn-2079.exe
276	Unicorn-15011.exe
2120	Unicorn-39708.exe
1388	Unicorn-16526.exe
2624	Unicorn-48322.exe
676	Unicorn-49391.exe
1308	Unicorn-60019.exe
1772	Unicorn-2650.exe
640	Unicorn-48102.exe
1736	Unicorn-39934.exe
2100	Unicorn-40488.exe
1344	Unicorn-416.exe
1808	Unicorn-61314.exe
1324	Unicorn-23982.exe
1768	Unicorn-32918.exe
960	Unicorn-57401.exe
3036	Unicorn-52762.exe
2364	Unicorn-12476.exe
3060	Unicorn-32342.exe
1964	Unicorn-24833.exe
2448	Unicorn-50852.exe
2716	Unicorn-46960.exe
2468	Unicorn-34153.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2000	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	28
PID 1792 wrote to memory of 2000	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	28
PID 1792 wrote to memory of 2000	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	28
PID 1792 wrote to memory of 2000	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	28
PID 2000 wrote to memory of 1976	2000	Unicorn-60569.exe	29
PID 2000 wrote to memory of 1976	2000	Unicorn-60569.exe	29
PID 2000 wrote to memory of 1976	2000	Unicorn-60569.exe	29
PID 2000 wrote to memory of 1976	2000	Unicorn-60569.exe	29
PID 1792 wrote to memory of 2628	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	30
PID 1792 wrote to memory of 2628	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	30
PID 1792 wrote to memory of 2628	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	30
PID 1792 wrote to memory of 2628	1792	0a0e9fca13ee115c46a12ebe5ec03789.exe	30
PID 1976 wrote to memory of 2272	1976	Unicorn-28364.exe	31
PID 1976 wrote to memory of 2272	1976	Unicorn-28364.exe	31
PID 1976 wrote to memory of 2272	1976	Unicorn-28364.exe	31
PID 1976 wrote to memory of 2272	1976	Unicorn-28364.exe	31
PID 2000 wrote to memory of 2872	2000	Unicorn-60569.exe	32
PID 2000 wrote to memory of 2872	2000	Unicorn-60569.exe	32
PID 2000 wrote to memory of 2872	2000	Unicorn-60569.exe	32
PID 2000 wrote to memory of 2872	2000	Unicorn-60569.exe	32
PID 2628 wrote to memory of 3024	2628	Unicorn-60714.exe	33
PID 2628 wrote to memory of 3024	2628	Unicorn-60714.exe	33
PID 2628 wrote to memory of 3024	2628	Unicorn-60714.exe	33
PID 2628 wrote to memory of 3024	2628	Unicorn-60714.exe	33
PID 2272 wrote to memory of 2600	2272	Unicorn-65442.exe	34
PID 2272 wrote to memory of 2600	2272	Unicorn-65442.exe	34
PID 2272 wrote to memory of 2600	2272	Unicorn-65442.exe	34
PID 2272 wrote to memory of 2600	2272	Unicorn-65442.exe	34
PID 1976 wrote to memory of 2804	1976	Unicorn-28364.exe	35
PID 1976 wrote to memory of 2804	1976	Unicorn-28364.exe	35
PID 1976 wrote to memory of 2804	1976	Unicorn-28364.exe	35
PID 1976 wrote to memory of 2804	1976	Unicorn-28364.exe	35
PID 2872 wrote to memory of 2192	2872	Unicorn-16988.exe	38
PID 2872 wrote to memory of 2192	2872	Unicorn-16988.exe	38
PID 2872 wrote to memory of 2192	2872	Unicorn-16988.exe	38
PID 2872 wrote to memory of 2192	2872	Unicorn-16988.exe	38
PID 3024 wrote to memory of 2948	3024	Unicorn-49106.exe	36
PID 3024 wrote to memory of 2948	3024	Unicorn-49106.exe	36
PID 3024 wrote to memory of 2948	3024	Unicorn-49106.exe	36
PID 3024 wrote to memory of 2948	3024	Unicorn-49106.exe	36
PID 2628 wrote to memory of 3008	2628	Unicorn-60714.exe	37
PID 2628 wrote to memory of 3008	2628	Unicorn-60714.exe	37
PID 2628 wrote to memory of 3008	2628	Unicorn-60714.exe	37
PID 2628 wrote to memory of 3008	2628	Unicorn-60714.exe	37
PID 2804 wrote to memory of 276	2804	Unicorn-18415.exe	39
PID 2804 wrote to memory of 276	2804	Unicorn-18415.exe	39
PID 2804 wrote to memory of 276	2804	Unicorn-18415.exe	39
PID 2804 wrote to memory of 276	2804	Unicorn-18415.exe	39
PID 2600 wrote to memory of 2120	2600	Unicorn-62785.exe	40
PID 2600 wrote to memory of 2120	2600	Unicorn-62785.exe	40
PID 2600 wrote to memory of 2120	2600	Unicorn-62785.exe	40
PID 2600 wrote to memory of 2120	2600	Unicorn-62785.exe	40
PID 2272 wrote to memory of 1388	2272	Unicorn-65442.exe	41
PID 2272 wrote to memory of 1388	2272	Unicorn-65442.exe	41
PID 2272 wrote to memory of 1388	2272	Unicorn-65442.exe	41
PID 2272 wrote to memory of 1388	2272	Unicorn-65442.exe	41
PID 2948 wrote to memory of 1308	2948	Unicorn-50533.exe	42
PID 2948 wrote to memory of 1308	2948	Unicorn-50533.exe	42
PID 2948 wrote to memory of 1308	2948	Unicorn-50533.exe	42
PID 2948 wrote to memory of 1308	2948	Unicorn-50533.exe	42
PID 2192 wrote to memory of 2020	2192	Unicorn-42365.exe	46
PID 2192 wrote to memory of 2020	2192	Unicorn-42365.exe	46
PID 2192 wrote to memory of 2020	2192	Unicorn-42365.exe	46
PID 2192 wrote to memory of 2020	2192	Unicorn-42365.exe	46

C:\Users\Admin\AppData\Local\Temp\0a0e9fca13ee115c46a12ebe5ec03789.exe
"C:\Users\Admin\AppData\Local\Temp\0a0e9fca13ee115c46a12ebe5ec03789.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        8⤵
        Executes dropped EXE
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
        10⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        7⤵
        Executes dropped EXE
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        8⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        6⤵
        Executes dropped EXE
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        7⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        8⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        7⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        9⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        7⤵
        Executes dropped EXE
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        8⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        6⤵
        Executes dropped EXE
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        7⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        8⤵
        Program crash
        
        PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        5⤵
        Executes dropped EXE
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        6⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        6⤵
        Executes dropped EXE
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        8⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        5⤵
        Executes dropped EXE
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        7⤵
        
        PID:2292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        7⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        10⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        6⤵
        Executes dropped EXE
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        7⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        6⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe
        7⤵
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        6⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        7⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        5⤵
        Executes dropped EXE
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        7⤵
        
        PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        6⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        8⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        5⤵
        Executes dropped EXE
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        7⤵
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        5⤵
        Executes dropped EXE
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        7⤵
        
        PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe

Filesize
92KB

MD5
68b06944d729e35c5395749e18c31f7b

SHA1
7450506e33c4a818bda4e3f5cad6586297b9bd1f

SHA256
d1d63c22052552ed855ad747951bf2fb24998e8d78932128aa71422df23a985a

SHA512
e6a7696127e6ddb62d02176c7bdf3ea25f62ce0657818d2366347f3de411d242c65c6cc2ca3d9fb46992c242bec5578a358d8bfdb080911c1cf3d84112b137fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe

Filesize
184KB

MD5
16647c21faf5bc7f43fe9750feb28445

SHA1
f82c1150b6b9d90033f90c5795fc6ec01afe5e3c

SHA256
d0bf7372647ca2cfbc0acffcfcb9c7d76a8b33769d160f6f05d88a4f81095328

SHA512
e6e2adf65215c9d319cec662fc00781cc28de2266cd12b628971bd83770ea7ecb9034b34767027bd938d2a42c0bb29f6bc27c76f8d1c27b62cebdba310caf4ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe

Filesize
184KB

MD5
c14141a56047d194f424c327f93a8621

SHA1
a8315080ec6f64cab9e340af4b1c1b8dcd71cb98

SHA256
b8890f4e5f942e83b9ad5572cd0f8193220735d487d2127410de4ce47bdce7b1

SHA512
5ffaa9ac0478fa37be7c94d07db551a838a2b5e387eef6c27a22be0ca84f0d74e120f41b831e07ece1ab0ff9124c7c392b291e174a162330a846edf7657e8c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe

Filesize
128KB

MD5
eb3d992d9189e72e5f5c487dbd974a1b

SHA1
d3099045452ca3c4912e4fdae820439b51e761b0

SHA256
7928d4840710663e6af13f1804752e92286d3133dd6f2087fe6ff5021d74fdd9

SHA512
137093b671a0da9a461e4398f317baa241f8584f819764e59793c334ad6f2676f90c00e18e91b16bdbcb5ba231983a30240f47a6d5965c9afa2eba7cf5e1831c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe

Filesize
184KB

MD5
d4cc1f5319e5e7e7d715c8f10acae9b1

SHA1
81f6e04157b20baa6bec80d1230e73e71cd3a1aa

SHA256
aad261925c8d677ee44d04aa084328624e4d8d58e195d4b2baad88b81323f01c

SHA512
07d10426e14247ada09e6062f7d399f359133ab48508bbe0f8bece1b409e04f74576321c3980f86b37ddeb9c2119a8b69d790f36d66ce8ab904750aa1b9e265d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe

Filesize
184KB

MD5
d1b8a87fa0fca190aaadfe74194fc3c4

SHA1
f8efb5839724181e5a938be32b74e83569779687

SHA256
f66b711e28e86e041fdf037361e6a7aca4c16b3e941afe1de6e26ec4903d45c5

SHA512
e4ef358092777a2047fce2e4c92367f887cac4b44884359e3e7aba774fce2ae539f23be84c5495735f6ab2af5911048f5eb9d162f26814cce9a63da21af04ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe

Filesize
184KB

MD5
52885034783d7b367ec9d361b2f3dfb7

SHA1
aa2f424815680886db859b3bdaa00892f81fc57a

SHA256
2924dc92d848f91c44358265a7f3bf4ffe3a122c7211c3d734f072a7864fb102

SHA512
8e02cd176a9970ddbd56aa27c159d42e22103359565ea9d8464deb3887e190bbe562fa3cdf40beb10f2365659c086775e059265a9fa63be67b9873f09f63c1c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe

Filesize
184KB

MD5
b533e204c93469e0565df54342f83ea6

SHA1
09c388b2cde4e4b9f175ebce5913522818681923

SHA256
9d46a695e06fe36da224aadda0b454b7b64a55fad15eee17e3f306dc68dd3851

SHA512
9795911af8b7dfcacab95550585b93f7e299126c6fdf3774da20ac59bcb40b1905e9e54d354850f48f5d7499dacf0378df4321287b3d1c89c6725b2b62d64bc8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe

Filesize
184KB

MD5
af81ef44fb7156188fc8c4d28305ba71

SHA1
cf36db603081c59edfed1cac19a9cd36e58b1c65

SHA256
7e180d02ba3677b1a870841c821543d03950f433c7589c137237230cc4a50864

SHA512
14498e3260ab2be53fca52c7bf1abe74ebc93b9db840a0ab55033db8b31da051fa358e3b874142e7ce6d465be3beffbf04a98f612bcd5c555966c5e18bacd325

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe

Filesize
184KB

MD5
9795b13d4e6bc32dc0cabecd44173178

SHA1
0cc42ade33ee6813a6e8807488c7e5fb492183cc

SHA256
3926ffdb7812320286b5d8932fbcd908e5dc8ce61a51ffdcede7fde3c5591ff9

SHA512
b88a9fefd05ecfc83123c602df74ed7c37f3d956e6e5c5f21980552ae2141cc619f577f7b7b2f519efce163a0f1906fbce8767b38e28d49e541a9ec51144bef1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe

Filesize
184KB

MD5
b526bd35defc4a1d58a3ab4fcba7c8f2

SHA1
3b27fd01f57248b0f4c314f0380bbffbbfcca9dd

SHA256
b51d9935cf37945dca34ff9a0c061e833fe3ba225c3b09c10843b8dacb85c104

SHA512
3f0453804d0b37d9a6290a0e2d177694f6de6438a3219faf9ad7ff074bb1b3adb4e13f25961ac96f2dd46489e9f03349f1bfaeb0cec5d07c3545cdd1086c638b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe

Filesize
184KB

MD5
58763f4256025a4c9802ec502d2c76b2

SHA1
a490aec1867e2f496c90fcf328cb7de87397ad73

SHA256
5222d2bbd991eedd6e7067e44899c794ba32fc9767cbf6a04f30263636ee7607

SHA512
d68f60c8b1c0952ae8dfaa9a4f7c33700a30f15ce038cabb5113f356a35491a34d935a925fae1a33a50c53491131d66582917b7a9f9fb27abc1c6e553556a602

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe

Filesize
184KB

MD5
4077ec1326157943aaf07afba57d5f6f

SHA1
d934d08ae9fe34bdeac0a8c93c4a9db68a2f0179

SHA256
ffed14d1bb6164b71ba8babc10b1c5fcd070d418209bd25994ea7b8b3aba62b7

SHA512
b73252d6ec86e82d8947bba85315c68df8a87ac426fc118caac52b423f40442dcd2f6343bd80bc007b837756a90715f9956f2a4c901d43842ec76bd25b2c4236

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe

Filesize
184KB

MD5
ca054bac5808b72fb35a6113fdbab872

SHA1
424fbdbaf8a2acee48f44a03181b012c27620549

SHA256
c9856df5c33548cdaf23f8ad4035b600ac4cbf3bbf87ef0e170b314a7922e323

SHA512
b838bae329010cad154c372299d2e9d88e53b6a8d93e167a9df9232cd2616c47128be127350081c2e2874c5a372faf9554b5abf73ab01f4aefe1a95b2aa4ff7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe

Filesize
184KB

MD5
5bb1899a321edc25b8c9ced770ecd5ea

SHA1
1982a72752cf5b3e9a3d33a20e337945cff0b7ff

SHA256
4a8ad7d2d863fb373e24aa7ed6bb8594570621ab141580d96e727c23addb3810

SHA512
2229a840eb8b09854ad587d905f190d53c684f27d420f64d5e9d8414578a491c6f6190f7a1afbee285ba4a9e7f42d7dd0eae520a2e20a255297380a2fa88217a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe

Filesize
184KB

MD5
fb0e9088466bc66fef51f84469463649

SHA1
f121a61756ebf704fe96563b1f089e34f9b2ed7f

SHA256
4912a9f31fcaf9dbf198717d245532dcfa8c7ab68fbf3a761b22b4045c532c8f

SHA512
044718152064a6373e027b6069c0f7f0aca212e2d73bf3f1b09efb7d7d406d30ea667daac5a41476a23c53141c4445e7dafc9358062315e5f483b90c305a877e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe

Filesize
184KB

MD5
119887d9a9f8f4bddd8d27da250a04c1

SHA1
5d6dcf8f63dd09c39440c5186e8c94ece8f72664

SHA256
cbd627924e59d0abe552b8f0a9b427a0577026fafd7f4c91bbdc3e9ae9640d9c

SHA512
e54c40f783275a28818d7e454a6a1dbc3519637a03e7475446b31786e9d50b2fb36d00ac6796b88a01d8e481f82ca39a552fda5975810e76a0a7b0ab0628bdbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe

Filesize
184KB

MD5
b70ee60b2dbfcc4bbf7449062c8a20e0

SHA1
aa4aa975b70f08c8400882099f7c59effc7b7cfe

SHA256
784f8eb176d4c180cbe83f9c82b8d6d85f396cc63765591a24e0bf550d6c1edf

SHA512
926ef9d11b8986109798fbf96c41384d608461ad8857e0250736fb3394b64d5ee4e108194d20563a5341960bb4c641acfde7cc86c8aad538c0224023779de18d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe

Filesize
184KB

MD5
380a0c6ba3bff14591852d2fca67b948

SHA1
59b43cac0d5c1c99cc16907ce02451dc36a74fc2

SHA256
9f4e0e4e7edd2fd5ff695beb60a4530acaaad05c61d00752c42ae08c0f837862

SHA512
1e26a98508d58794ccbfb05af62c2da3ddd7459bc38e4333cc6e9d013e530b1c9aa3a705fd2e3e220d6f5e738f8be831e61389816182f4c6702d912b856a95db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads