c7fe196515f0d31049494519be781c6a76d9062322e7e350e9d2bce39f0780f8

Analysis

max time kernel
28s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

044f376ec60a9c87b1791ae8f604ef8d.exe
Size

184KB
MD5

044f376ec60a9c87b1791ae8f604ef8d
SHA1

66a7f13e46cc08ed23d4cc04ad695967ffa9e3ff
SHA256

c7fe196515f0d31049494519be781c6a76d9062322e7e350e9d2bce39f0780f8
SHA512

144c6b18a6ffd23c9fcde86c55399c346656ce122edf80d2f8d16654f656e85d58d2d95ff6eb00879b70a6693bad9dc68a6948f87c0a196f87ad826b3398383e
SSDEEP

3072:oJ16ocsNAcEAOjZu8pcUzFMOBR6vHYIsUYx8QPbV7lPdpFJ:oJsoB6LAquwcUzklbU7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 50 IoCs

pid	Process
2960	Unicorn-21833.exe
3064	Unicorn-39664.exe
2800	Unicorn-35257.exe
2708	Unicorn-1732.exe
1132	Unicorn-47212.exe
2484	Unicorn-34789.exe
2508	Unicorn-37545.exe
3024	Unicorn-33103.exe
3032	Unicorn-15375.exe
2756	Unicorn-10682.exe
2020	Unicorn-31356.exe
2676	Unicorn-35867.exe
1988	Unicorn-16769.exe
1592	Unicorn-58617.exe
856	Unicorn-64113.exe
2032	Unicorn-59515.exe
592	Unicorn-12307.exe
960	Unicorn-32375.exe
1904	Unicorn-86.exe
1092	Unicorn-3464.exe
384	Unicorn-45758.exe
2008	Unicorn-56770.exe
2212	Unicorn-46646.exe
1852	Unicorn-24986.exe
692	Unicorn-12380.exe
2232	Unicorn-25571.exe
2160	Unicorn-61088.exe
2376	Unicorn-59552.exe
896	Unicorn-46218.exe
1596	Unicorn-1890.exe
2128	Unicorn-51973.exe
2996	Unicorn-32643.exe
2356	Unicorn-12777.exe
952	Unicorn-62456.exe
2648	Unicorn-567.exe
2512	Unicorn-14334.exe
2456	Unicorn-22550.exe
1984	Unicorn-15643.exe
2340	Unicorn-9311.exe
1696	Unicorn-46966.exe
2904	Unicorn-43519.exe
1688	Unicorn-63193.exe
940	Unicorn-25773.exe
1764	Unicorn-25773.exe
2348	Unicorn-25773.exe
1816	Unicorn-25773.exe
2892	Unicorn-25773.exe
2544	Unicorn-5907.exe
2840	Unicorn-5907.exe
632	Unicorn-25367.exe

Loads dropped DLL 64 IoCs

pid	Process
952	044f376ec60a9c87b1791ae8f604ef8d.exe
952	044f376ec60a9c87b1791ae8f604ef8d.exe
2960	Unicorn-21833.exe
2960	Unicorn-21833.exe
952	044f376ec60a9c87b1791ae8f604ef8d.exe
952	044f376ec60a9c87b1791ae8f604ef8d.exe
3064	Unicorn-39664.exe
3064	Unicorn-39664.exe
2960	Unicorn-21833.exe
2960	Unicorn-21833.exe
2800	Unicorn-35257.exe
2800	Unicorn-35257.exe
1132	Unicorn-47212.exe
1132	Unicorn-47212.exe
2484	Unicorn-34789.exe
2484	Unicorn-34789.exe
2800	Unicorn-35257.exe
2800	Unicorn-35257.exe
2508	Unicorn-37545.exe
2508	Unicorn-37545.exe
1132	Unicorn-47212.exe
1132	Unicorn-47212.exe
3032	Unicorn-15375.exe
3032	Unicorn-15375.exe
2484	Unicorn-34789.exe
2484	Unicorn-34789.exe
3024	Unicorn-33103.exe
3024	Unicorn-33103.exe
2756	Unicorn-10682.exe
2756	Unicorn-10682.exe
2508	Unicorn-37545.exe
2508	Unicorn-37545.exe
2020	Unicorn-31356.exe
2020	Unicorn-31356.exe
1592	Unicorn-58617.exe
1592	Unicorn-58617.exe
2676	Unicorn-35867.exe
2676	Unicorn-35867.exe
3032	Unicorn-15375.exe
3032	Unicorn-15375.exe
3024	Unicorn-33103.exe
3024	Unicorn-33103.exe
1988	Unicorn-16769.exe
1988	Unicorn-16769.exe
2756	Unicorn-10682.exe
2756	Unicorn-10682.exe
2032	Unicorn-59515.exe
2032	Unicorn-59515.exe
592	Unicorn-12307.exe
592	Unicorn-12307.exe
2020	Unicorn-31356.exe
2020	Unicorn-31356.exe
1092	Unicorn-3464.exe
1092	Unicorn-3464.exe
960	Unicorn-32375.exe
960	Unicorn-32375.exe
1592	Unicorn-58617.exe
1592	Unicorn-58617.exe
2008	Unicorn-56770.exe
2008	Unicorn-56770.exe
1988	Unicorn-16769.exe
1988	Unicorn-16769.exe
2936	WerFault.exe
2936	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2936	1904	WerFault.exe	46

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
952	044f376ec60a9c87b1791ae8f604ef8d.exe
2960	Unicorn-21833.exe
3064	Unicorn-39664.exe
2800	Unicorn-35257.exe
2708	Unicorn-1732.exe
1132	Unicorn-47212.exe
2484	Unicorn-34789.exe
2508	Unicorn-37545.exe
3032	Unicorn-15375.exe
3024	Unicorn-33103.exe
2756	Unicorn-10682.exe
2020	Unicorn-31356.exe
2676	Unicorn-35867.exe
1592	Unicorn-58617.exe
1988	Unicorn-16769.exe
856	Unicorn-64113.exe
2032	Unicorn-59515.exe
592	Unicorn-12307.exe
960	Unicorn-32375.exe
1092	Unicorn-3464.exe
1904	Unicorn-86.exe
2008	Unicorn-56770.exe
384	Unicorn-45758.exe
2212	Unicorn-46646.exe
1852	Unicorn-24986.exe
692	Unicorn-12380.exe
2232	Unicorn-25571.exe
2160	Unicorn-61088.exe
2376	Unicorn-59552.exe
896	Unicorn-46218.exe
1596	Unicorn-1890.exe
2996	Unicorn-32643.exe
2356	Unicorn-12777.exe
2128	Unicorn-51973.exe
952	Unicorn-62456.exe
2648	Unicorn-567.exe
2512	Unicorn-14334.exe
2456	Unicorn-22550.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 2960	952	044f376ec60a9c87b1791ae8f604ef8d.exe	28
PID 952 wrote to memory of 2960	952	044f376ec60a9c87b1791ae8f604ef8d.exe	28
PID 952 wrote to memory of 2960	952	044f376ec60a9c87b1791ae8f604ef8d.exe	28
PID 952 wrote to memory of 2960	952	044f376ec60a9c87b1791ae8f604ef8d.exe	28
PID 2960 wrote to memory of 3064	2960	Unicorn-21833.exe	29
PID 2960 wrote to memory of 3064	2960	Unicorn-21833.exe	29
PID 2960 wrote to memory of 3064	2960	Unicorn-21833.exe	29
PID 2960 wrote to memory of 3064	2960	Unicorn-21833.exe	29
PID 952 wrote to memory of 2800	952	044f376ec60a9c87b1791ae8f604ef8d.exe	30
PID 952 wrote to memory of 2800	952	044f376ec60a9c87b1791ae8f604ef8d.exe	30
PID 952 wrote to memory of 2800	952	044f376ec60a9c87b1791ae8f604ef8d.exe	30
PID 952 wrote to memory of 2800	952	044f376ec60a9c87b1791ae8f604ef8d.exe	30
PID 3064 wrote to memory of 2708	3064	Unicorn-39664.exe	31
PID 3064 wrote to memory of 2708	3064	Unicorn-39664.exe	31
PID 3064 wrote to memory of 2708	3064	Unicorn-39664.exe	31
PID 3064 wrote to memory of 2708	3064	Unicorn-39664.exe	31
PID 2960 wrote to memory of 1132	2960	Unicorn-21833.exe	32
PID 2960 wrote to memory of 1132	2960	Unicorn-21833.exe	32
PID 2960 wrote to memory of 1132	2960	Unicorn-21833.exe	32
PID 2960 wrote to memory of 1132	2960	Unicorn-21833.exe	32
PID 2800 wrote to memory of 2484	2800	Unicorn-35257.exe	33
PID 2800 wrote to memory of 2484	2800	Unicorn-35257.exe	33
PID 2800 wrote to memory of 2484	2800	Unicorn-35257.exe	33
PID 2800 wrote to memory of 2484	2800	Unicorn-35257.exe	33
PID 1132 wrote to memory of 2508	1132	Unicorn-47212.exe	34
PID 1132 wrote to memory of 2508	1132	Unicorn-47212.exe	34
PID 1132 wrote to memory of 2508	1132	Unicorn-47212.exe	34
PID 1132 wrote to memory of 2508	1132	Unicorn-47212.exe	34
PID 2484 wrote to memory of 3024	2484	Unicorn-34789.exe	36
PID 2484 wrote to memory of 3024	2484	Unicorn-34789.exe	36
PID 2484 wrote to memory of 3024	2484	Unicorn-34789.exe	36
PID 2484 wrote to memory of 3024	2484	Unicorn-34789.exe	36
PID 2800 wrote to memory of 3032	2800	Unicorn-35257.exe	35
PID 2800 wrote to memory of 3032	2800	Unicorn-35257.exe	35
PID 2800 wrote to memory of 3032	2800	Unicorn-35257.exe	35
PID 2800 wrote to memory of 3032	2800	Unicorn-35257.exe	35
PID 2508 wrote to memory of 2756	2508	Unicorn-37545.exe	37
PID 2508 wrote to memory of 2756	2508	Unicorn-37545.exe	37
PID 2508 wrote to memory of 2756	2508	Unicorn-37545.exe	37
PID 2508 wrote to memory of 2756	2508	Unicorn-37545.exe	37
PID 1132 wrote to memory of 2020	1132	Unicorn-47212.exe	38
PID 1132 wrote to memory of 2020	1132	Unicorn-47212.exe	38
PID 1132 wrote to memory of 2020	1132	Unicorn-47212.exe	38
PID 1132 wrote to memory of 2020	1132	Unicorn-47212.exe	38
PID 3032 wrote to memory of 2676	3032	Unicorn-15375.exe	39
PID 3032 wrote to memory of 2676	3032	Unicorn-15375.exe	39
PID 3032 wrote to memory of 2676	3032	Unicorn-15375.exe	39
PID 3032 wrote to memory of 2676	3032	Unicorn-15375.exe	39
PID 2484 wrote to memory of 1988	2484	Unicorn-34789.exe	40
PID 2484 wrote to memory of 1988	2484	Unicorn-34789.exe	40
PID 2484 wrote to memory of 1988	2484	Unicorn-34789.exe	40
PID 2484 wrote to memory of 1988	2484	Unicorn-34789.exe	40
PID 3024 wrote to memory of 1592	3024	Unicorn-33103.exe	41
PID 3024 wrote to memory of 1592	3024	Unicorn-33103.exe	41
PID 3024 wrote to memory of 1592	3024	Unicorn-33103.exe	41
PID 3024 wrote to memory of 1592	3024	Unicorn-33103.exe	41
PID 2756 wrote to memory of 856	2756	Unicorn-10682.exe	42
PID 2756 wrote to memory of 856	2756	Unicorn-10682.exe	42
PID 2756 wrote to memory of 856	2756	Unicorn-10682.exe	42
PID 2756 wrote to memory of 856	2756	Unicorn-10682.exe	42
PID 2508 wrote to memory of 2032	2508	Unicorn-37545.exe	43
PID 2508 wrote to memory of 2032	2508	Unicorn-37545.exe	43
PID 2508 wrote to memory of 2032	2508	Unicorn-37545.exe	43
PID 2508 wrote to memory of 2032	2508	Unicorn-37545.exe	43

C:\Users\Admin\AppData\Local\Temp\044f376ec60a9c87b1791ae8f604ef8d.exe
"C:\Users\Admin\AppData\Local\Temp\044f376ec60a9c87b1791ae8f604ef8d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        5⤵
        
        PID:856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        7⤵
        Executes dropped EXE
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        9⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        9⤵
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        7⤵
        
        PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        6⤵
        Executes dropped EXE
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        6⤵
        Executes dropped EXE
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        8⤵
        
        PID:2664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        8⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        12⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        7⤵
        Executes dropped EXE
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        8⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        7⤵
        Executes dropped EXE
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        7⤵
        Executes dropped EXE
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        8⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        6⤵
        Executes dropped EXE
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        7⤵
        Executes dropped EXE
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        6⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        6⤵
        Executes dropped EXE
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        7⤵
        
        PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        6⤵
        Executes dropped EXE
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        9⤵
        
        PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
        6⤵
        Executes dropped EXE
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        5⤵
        Executes dropped EXE
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        6⤵
        
        PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe

Filesize
184KB

MD5
2c0bd872aaf4609981c1ae0636041444

SHA1
57e3926f481c8bcfd221566a8316abe6b248cfbd

SHA256
6e9d657b5f0de339bb24e41ab78e4056566927ac2d46ad7df7014ea8462cae15

SHA512
a705bf9560488ae41b479ec833d4f2a85e84bf1f20d21eae3de04224e80d26fbd98713a0036ed506033855c8a3ddd606b7432f5df0eb601764ea3ffbd4fff684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe

Filesize
184KB

MD5
a6538e507199919fe93c39c235aaffd1

SHA1
263390801e6688c93e87546b9f7ab35cad6866e3

SHA256
9e28e48e71c8a160efa5b8ffae7ed4177ffd00511b055e85c026d76ea8b1ded0

SHA512
5d1cdcd0403b158b5bf49030646478ea645d14f5b0a3a7ecde74fc68127a764821476236cbcc749456fe69cc2f656c16c78f4be8545f8d7a57adbabdd3ea1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe

Filesize
184KB

MD5
b794442aa385e925e9db2be7ea28dc9d

SHA1
e682afcdc1b155a16577aedaa98ffc227b351680

SHA256
553766729d2d16178d4edc54d26d5d2e372dcc0534f9da464eedb96634a37012

SHA512
c54fb352cf96c3e56613e9f0702a39531752009bbfd6c6c4be554cc600dc998ea22b6b42e93f409d8cba1b2a320f1a09165041b48564eded6e13a1fec6a9073c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe

Filesize
184KB

MD5
4b00ce5c5e8e8c71800593167e2b7486

SHA1
6d88ae9a4e8e8bdaeacf45d3cba896b92236a549

SHA256
bece26e05b0a87444ea5bc3a5521bf52608f82ab0f51e7c4430fc0c4762be97f

SHA512
a57b34828b8786f5f83caba5445eb9c73ad8a743ec5aad1e08c1d441cd72bfcccbd5c6ee6492690a4c7e5ca320654a9cb36566246beadaa944c8d4cbf182a5ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe

Filesize
184KB

MD5
2af7985169c6cfa9fc102dc2d130767c

SHA1
a8870a301db5dbe6a2841799b92f660ac40d3abd

SHA256
1ca869d89752328a2143cd716bdf39cf4e20fc5ad64d6e8d7024fd04fa83b0d7

SHA512
e963dabe0797cde47e80f1e450471314d49d5e6192acd539b8dbe392a1960f041de5b78b57d6aa90933c68ec47431a7b8037aa36393c5554cbc350e5487ca6db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe

Filesize
184KB

MD5
e8a6694a72dd262fc31458ede10d7e68

SHA1
3e642d121841017a58d7d3f5764aeac9cba23f88

SHA256
ffa4908f6597a86a5cb7bdacb2a80d4d19b46f84e28a7b978fa690185218e0c1

SHA512
b8591f7c6ad8e3f5401297ac860e2bd7fd925cbb8abf86e05e4ada0d0f06458419e582e332bd66e3771adc29f06d91f9d2840bdeb39f1c14b50723c25983d637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe

Filesize
184KB

MD5
21d17db84e50f24459fdac0bf9175b48

SHA1
fb065c92b3c61fc8359247524701de867b5cb674

SHA256
ded81a47ace6f8f1b8a46b2520904bb9d5bfbd4fb7987c7c3ea2a16d8452d475

SHA512
4087d98c617785059d936dd50cbbb39c2c696c21551a3e6895a72ca1e0dcc86663ea7dafcb28075614ae5d85c6be1a647a476f0795119149cea791037ef345b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe

Filesize
184KB

MD5
a0175bdb6c8c765963cf002d23d21d60

SHA1
3ae1259bbf40304a6de0dcda7a267f22a798d5f0

SHA256
677ae4080dac3d5b0c7f34e8847cb8bf64381c5d660dcfef8e169436252f9e72

SHA512
4e44743098d900f7708d23ea74b2fbd4106ad6b9c081da39148f0360dc216a6a7d824fedb78b2ef60db5a39c833f2906ca71e25c2bd4203eb7d84ea4c2661b57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe

Filesize
184KB

MD5
3e1788f06bc9a5754b27ea17a2352588

SHA1
7b689f4ddb962f7d97502ae58d6290180e6dee28

SHA256
a5f0b458397eddcde52d587fdd2660721f6e92c5175e49dba205f6b3a2785138

SHA512
3a847d2073a1ae6b76391d1aea8b33a7dea8f84e8da0e721183b065aead4c52cf0b56e16ec11aa4aadcd8816e9ed5340dfa69f51a10165b48c6ebc89b5ffde65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe

Filesize
184KB

MD5
6638b5f3c5f8b92216b9b23b5249ace7

SHA1
7e46b16602df304515c2e961637eb1e874a8c259

SHA256
7eb97fe56b0ee337dab64da54a835dbaa01250a1f1fb74453102e7d9a08dea30

SHA512
d88a95255fd48b847962919c52c0cbcfdedc848317c002de00508e3ece916f50e8fc17de62c775360ffd6a387e8c7d87c00d6e334f1c2ee950bae5531f459d0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe

Filesize
184KB

MD5
84e1bac31be6adc92b7a206014cceb85

SHA1
7e6d72c64131679ae19a0940974b3b5270e274b4

SHA256
c67b89b9b0a4829f023a45c50bf9fdde566596dfc95c23a8c4ffbf3b6e745802

SHA512
31576dcaad0159677e784347a43e8b43c36d9b2258d853b5c5bc939cddf835ab4d7f914dee379c8a8d2f325522fe76a87bb47496f2c8ee3f0ed8b5f003925ea4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe

Filesize
184KB

MD5
a5bde0508a08ffa98b0922da4a2cc7ba

SHA1
abf046e6300018a48fc946b156e7e6e680944341

SHA256
a9e5bac3039d9ff96ad7f51ad2f4dfae128eb3ae24ced690165e365b7ecb8717

SHA512
86330273aec1bd504e92290c4ab0a3d002f41a4430d71eb4dd6657f4747b74291fbcf812dd1b638fa90bc90eff2a2a8f573b08645f82151b0d380599f7eeff01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe

Filesize
184KB

MD5
73933d1abb576541bdb0b6a0d8453b41

SHA1
0d8ae1ba79ea81f5d82ce3ef4169f264f58948d9

SHA256
daa3cba4fe93d34ece16cbf5e2f487e0121bc9995d63a4428d48abd1a67bcc82

SHA512
1b8aa8ef6ca73b19cfb7cbe636be85ed760532eaed4af3aa48c4d5241c41bc31274875ec9eb80b48292d66aba41ce069caa103998ac39ce631d69901d418d940

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe

Filesize
184KB

MD5
e564b137dbf493cd82e96549b61092d8

SHA1
c24ee5ec13b75ed4fe73d19d6580a1cd75d6729a

SHA256
2ea41e835ab93474f57b3bb4ca581e9dabc3744c490df76f1c80a7927fc495b2

SHA512
3f0b99af01d9073b33e0715a7855c8f7d9fe435a6dd3935c0c6fb1bd69306156c85afc586e16b9f4c72cb4cc33ee3d81967db65352235f71aa606f1bcf34dc9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe

Filesize
184KB

MD5
1850c4d9104d484a48ee80731186a8c6

SHA1
71eab0569bc530dc86c7a0edebb609ed9a010b8a

SHA256
e58f995e26d9f4248d5a747940b513fa335ace8614585112aa938af8af8b883f

SHA512
3bf8d7597776ab3031e0eeba5041a741baba0590f222711c17e2d9af96729ab6a385e97111b1f67dac8ad712f884bfad43cee0888cdb2c48c438119e1d81fef7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe

Filesize
184KB

MD5
7f2e04ea93c4566505b32e8bc332d3fe

SHA1
679ddf8d92bf03bf99e73c1b4aadfaf8991ed139

SHA256
b474ba4e26fd144bd262b09221b74373b9e9e4e124d8d042e2d2ded5c5446b33

SHA512
9812bde5fcd1135fdc94681679307667256221b781ea7d6cbf3840ff08e8f12dbe6a155533e19a3c598dfea124862edd954bf415fc54b59594b1636809a531d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe

Filesize
184KB

MD5
9519f6ec19403ddf6dec1575530095ea

SHA1
e9d5b242b802384a424fd0c7f01111f2586ceeb3

SHA256
d723c3b1cc434e53eee8cea0b483f18390fd6869d8a82a225079f2052f44b060

SHA512
49ae15422c689af5adea7d584eb854d785db646b777842af522d8288dbe154f7c3f2b3497b772e5d6f6a92e85ff8e2b9ef1e6ab95e493d9e461d8f631a064a8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe

Filesize
184KB

MD5
fa54b05e8d93415b081686904e4f9d78

SHA1
57baa9d098c273b52793f7b61059e8ebbb802595

SHA256
a39bfd90c17d9fde3b860ca32cf926316b715a15fae9790ae07d6783556d4f7e

SHA512
2b706264ce05a6af10380d52179aff75cd2291feeb0f84784ac41e78d6cd85cb0e5026bd017a367ff5afdbe509b4541d7bca7c5230070145ddb95fbdfab6df34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads