5376c1c37715b9f2dcf1254779406a91aca41327be07c30caad3856c0ac3b903

Analysis

max time kernel
48s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c8afa46adc5addc6dcb1aab3750e33.exe
Size

184KB
MD5

03c8afa46adc5addc6dcb1aab3750e33
SHA1

bcb0de87940784140480a78b2f7e323383b6f91a
SHA256

5376c1c37715b9f2dcf1254779406a91aca41327be07c30caad3856c0ac3b903
SHA512

a4b978e8810d3c9aeeb4b5c3b08b0968ce942d308d90bfbbf07c2c5507fac6b85a7ce1120bdf9afee0d1bd922933540a7bbf87a01bc5ac6f13b6c284f5fd18f4
SSDEEP

3072:WLeBoT4TPD8PnzCJMhGzk84p3YdMxuElUG3x5n/KZglPvpF/:WLkoYgPnEM4zk8/kNGglPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 27 IoCs

pid	Process
2844	Unicorn-48897.exe
2764	Unicorn-34312.exe
2604	Unicorn-53149.exe
1972	Unicorn-33359.exe
2332	Unicorn-47536.exe
2112	Unicorn-48076.exe
2264	Unicorn-9829.exe
2968	Unicorn-8298.exe
2880	Unicorn-44417.exe
3012	Unicorn-32653.exe
584	Unicorn-50426.exe
860	Unicorn-4621.exe
1040	Unicorn-4901.exe
2348	Unicorn-35644.exe
1860	Unicorn-36241.exe
2060	Unicorn-54798.exe
1776	Unicorn-38004.exe
908	Unicorn-14167.exe
560	Unicorn-23908.exe
2024	Unicorn-11305.exe
1936	Unicorn-49406.exe
2312	Unicorn-43341.exe
1728	Unicorn-65295.exe
1408	Unicorn-7239.exe
2500	Unicorn-50895.exe
888	Unicorn-4662.exe
2408	Unicorn-17764.exe

Loads dropped DLL 54 IoCs

pid	Process
2720	03c8afa46adc5addc6dcb1aab3750e33.exe
2720	03c8afa46adc5addc6dcb1aab3750e33.exe
2844	Unicorn-48897.exe
2844	Unicorn-48897.exe
2720	03c8afa46adc5addc6dcb1aab3750e33.exe
2720	03c8afa46adc5addc6dcb1aab3750e33.exe
2764	Unicorn-34312.exe
2764	Unicorn-34312.exe
2844	Unicorn-48897.exe
2844	Unicorn-48897.exe
2604	Unicorn-53149.exe
2604	Unicorn-53149.exe
1972	Unicorn-33359.exe
1972	Unicorn-33359.exe
2764	Unicorn-34312.exe
2764	Unicorn-34312.exe
2112	Unicorn-48076.exe
2112	Unicorn-48076.exe
2332	Unicorn-47536.exe
2332	Unicorn-47536.exe
2604	Unicorn-53149.exe
2604	Unicorn-53149.exe
2264	Unicorn-9829.exe
2264	Unicorn-9829.exe
1972	Unicorn-33359.exe
1972	Unicorn-33359.exe
2968	Unicorn-8298.exe
2968	Unicorn-8298.exe
3012	Unicorn-32653.exe
3012	Unicorn-32653.exe
584	Unicorn-50426.exe
584	Unicorn-50426.exe
2332	Unicorn-47536.exe
2332	Unicorn-47536.exe
1776	Unicorn-38004.exe
1776	Unicorn-38004.exe
1860	Unicorn-36241.exe
1860	Unicorn-36241.exe
2880	Unicorn-44417.exe
2112	Unicorn-48076.exe
2880	Unicorn-44417.exe
2112	Unicorn-48076.exe
2968	Unicorn-8298.exe
584	Unicorn-50426.exe
2348	Unicorn-35644.exe
3012	Unicorn-32653.exe
584	Unicorn-50426.exe
1040	Unicorn-4901.exe
2968	Unicorn-8298.exe
3012	Unicorn-32653.exe
2348	Unicorn-35644.exe
1040	Unicorn-4901.exe
2060	Unicorn-54798.exe
2060	Unicorn-54798.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
2720	03c8afa46adc5addc6dcb1aab3750e33.exe
2844	Unicorn-48897.exe
2764	Unicorn-34312.exe
2604	Unicorn-53149.exe
1972	Unicorn-33359.exe
2112	Unicorn-48076.exe
2332	Unicorn-47536.exe
2264	Unicorn-9829.exe
2968	Unicorn-8298.exe
2880	Unicorn-44417.exe
3012	Unicorn-32653.exe
584	Unicorn-50426.exe
860	Unicorn-4621.exe
1040	Unicorn-4901.exe
2348	Unicorn-35644.exe
1860	Unicorn-36241.exe
1776	Unicorn-38004.exe
2060	Unicorn-54798.exe
2024	Unicorn-11305.exe
560	Unicorn-23908.exe
908	Unicorn-14167.exe
2312	Unicorn-43341.exe
1408	Unicorn-7239.exe
2408	Unicorn-17764.exe
2500	Unicorn-50895.exe
1936	Unicorn-49406.exe
1728	Unicorn-65295.exe
888	Unicorn-4662.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2844	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	28
PID 2720 wrote to memory of 2844	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	28
PID 2720 wrote to memory of 2844	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	28
PID 2720 wrote to memory of 2844	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	28
PID 2844 wrote to memory of 2764	2844	Unicorn-48897.exe	31
PID 2844 wrote to memory of 2764	2844	Unicorn-48897.exe	31
PID 2844 wrote to memory of 2764	2844	Unicorn-48897.exe	31
PID 2844 wrote to memory of 2764	2844	Unicorn-48897.exe	31
PID 2720 wrote to memory of 2604	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	32
PID 2720 wrote to memory of 2604	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	32
PID 2720 wrote to memory of 2604	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	32
PID 2720 wrote to memory of 2604	2720	03c8afa46adc5addc6dcb1aab3750e33.exe	32
PID 2764 wrote to memory of 1972	2764	Unicorn-34312.exe	35
PID 2764 wrote to memory of 1972	2764	Unicorn-34312.exe	35
PID 2764 wrote to memory of 1972	2764	Unicorn-34312.exe	35
PID 2764 wrote to memory of 1972	2764	Unicorn-34312.exe	35
PID 2844 wrote to memory of 2332	2844	Unicorn-48897.exe	33
PID 2844 wrote to memory of 2332	2844	Unicorn-48897.exe	33
PID 2844 wrote to memory of 2332	2844	Unicorn-48897.exe	33
PID 2844 wrote to memory of 2332	2844	Unicorn-48897.exe	33
PID 2604 wrote to memory of 2112	2604	Unicorn-53149.exe	34
PID 2604 wrote to memory of 2112	2604	Unicorn-53149.exe	34
PID 2604 wrote to memory of 2112	2604	Unicorn-53149.exe	34
PID 2604 wrote to memory of 2112	2604	Unicorn-53149.exe	34
PID 1972 wrote to memory of 2264	1972	Unicorn-33359.exe	36
PID 1972 wrote to memory of 2264	1972	Unicorn-33359.exe	36
PID 1972 wrote to memory of 2264	1972	Unicorn-33359.exe	36
PID 1972 wrote to memory of 2264	1972	Unicorn-33359.exe	36
PID 2764 wrote to memory of 2968	2764	Unicorn-34312.exe	37
PID 2764 wrote to memory of 2968	2764	Unicorn-34312.exe	37
PID 2764 wrote to memory of 2968	2764	Unicorn-34312.exe	37
PID 2764 wrote to memory of 2968	2764	Unicorn-34312.exe	37
PID 2112 wrote to memory of 2880	2112	Unicorn-48076.exe	40
PID 2112 wrote to memory of 2880	2112	Unicorn-48076.exe	40
PID 2112 wrote to memory of 2880	2112	Unicorn-48076.exe	40
PID 2112 wrote to memory of 2880	2112	Unicorn-48076.exe	40
PID 2332 wrote to memory of 3012	2332	Unicorn-47536.exe	39
PID 2332 wrote to memory of 3012	2332	Unicorn-47536.exe	39
PID 2332 wrote to memory of 3012	2332	Unicorn-47536.exe	39
PID 2332 wrote to memory of 3012	2332	Unicorn-47536.exe	39
PID 2604 wrote to memory of 584	2604	Unicorn-53149.exe	38
PID 2604 wrote to memory of 584	2604	Unicorn-53149.exe	38
PID 2604 wrote to memory of 584	2604	Unicorn-53149.exe	38
PID 2604 wrote to memory of 584	2604	Unicorn-53149.exe	38
PID 2264 wrote to memory of 860	2264	Unicorn-9829.exe	41
PID 2264 wrote to memory of 860	2264	Unicorn-9829.exe	41
PID 2264 wrote to memory of 860	2264	Unicorn-9829.exe	41
PID 2264 wrote to memory of 860	2264	Unicorn-9829.exe	41
PID 1972 wrote to memory of 1040	1972	Unicorn-33359.exe	42
PID 1972 wrote to memory of 1040	1972	Unicorn-33359.exe	42
PID 1972 wrote to memory of 1040	1972	Unicorn-33359.exe	42
PID 1972 wrote to memory of 1040	1972	Unicorn-33359.exe	42
PID 2968 wrote to memory of 2348	2968	Unicorn-8298.exe	43
PID 2968 wrote to memory of 2348	2968	Unicorn-8298.exe	43
PID 2968 wrote to memory of 2348	2968	Unicorn-8298.exe	43
PID 2968 wrote to memory of 2348	2968	Unicorn-8298.exe	43
PID 3012 wrote to memory of 2060	3012	Unicorn-32653.exe	44
PID 3012 wrote to memory of 2060	3012	Unicorn-32653.exe	44
PID 3012 wrote to memory of 2060	3012	Unicorn-32653.exe	44
PID 3012 wrote to memory of 2060	3012	Unicorn-32653.exe	44
PID 584 wrote to memory of 1860	584	Unicorn-50426.exe	46
PID 584 wrote to memory of 1860	584	Unicorn-50426.exe	46
PID 584 wrote to memory of 1860	584	Unicorn-50426.exe	46
PID 584 wrote to memory of 1860	584	Unicorn-50426.exe	46

C:\Users\Admin\AppData\Local\Temp\03c8afa46adc5addc6dcb1aab3750e33.exe
"C:\Users\Admin\AppData\Local\Temp\03c8afa46adc5addc6dcb1aab3750e33.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        7⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        7⤵
        
        PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        7⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        7⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        7⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32052.exe
        7⤵
        
        PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
        8⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6425.exe
        7⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        6⤵
        
        PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        8⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        8⤵
        
        PID:1048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        7⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        7⤵
        
        PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        6⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        7⤵
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        5⤵
        
        PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        7⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        6⤵
        
        PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36203.exe
        5⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        6⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        5⤵
        
        PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe

Filesize
184KB

MD5
4105576478a5cdf60b219f76790770f4

SHA1
b0e9070ac2758751444e49f18b58aa46d8035ab8

SHA256
5b74a5f1126425b2d1f6cf6b37e720a5d76be1bff51a687d9001052d29431da2

SHA512
4a476e157666028fd2137ebcd3ea224a2285ecbbaaef470f4adbe609f1044ca2fb76730b29f7c485b2ee6b8ac54747ba86b5d43d6b30c28db75bf86b048d43dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe

Filesize
184KB

MD5
157141cac645b3f19dc12f54fd3b9cef

SHA1
020c7f3bbac659875b78cd4679e2f4d805c8f9c3

SHA256
f37de91b6008d1e697e75cac82cf8b7ba617e939941972e0accc822e408d70fd

SHA512
b3ed9af14beefe908304f0bd255a7ebc0535ce2a93b64a17a97dc74b160555ef39f0d096ef874f0ed7462032f503d4fe0d2ee8e842b4bef7956a221e7748df22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe

Filesize
182KB

MD5
8dbde001c2fb3f0b1798934ee7477f71

SHA1
dfd2a3a725b98c9cfdb20a8118fdb37d81448eb4

SHA256
ff3d7f42759d48b1e4b3c674a7d350f8efe741d3b0c7ae45ba0917b62bd984c7

SHA512
81de9bd712348fbab373ef95c8c628b6a25738e85bdd25a2671fdbdd5d55b14aede6360f6e5772e48ea923221ebc3f8e8b19282255558e1b64223679a2027cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe

Filesize
184KB

MD5
c6b7f7c8d34f5cfb304f3be459081a56

SHA1
29a40dece848219d265aaf930bca89366d8533c9

SHA256
45b4d18b4fa706e28c9b6e6c8b8daef100cdce219fae188a12c954e3a3133466

SHA512
5c0e9398763d87382b1d752f361b3012d19c931f72efba0252d35aceeffb58ed32debc47c11d4ea129de132bde75ff99476e04e76bbb4a2b69118ec62b305adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe

Filesize
184KB

MD5
ed3af875f2837d9083f139779d8c39a2

SHA1
5e4bd218da176ec9e8a8650de8ff608f3855f27b

SHA256
5d995086354efd963b10e03a2eb76fabff4bccc3277d61440e1039d1d641efac

SHA512
96f983587142be1c75e867ed9d3bdc9459368bb1a582a18696d57e032253ea8b098f5bcad2ae1a20dd30b260deeeb25c3bb41b93416a3a0f901cc11ff0f1351c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe

Filesize
184KB

MD5
ba7c08a96074b591d2000f4e2f83c2ce

SHA1
9553f8029ce45e46d29968cb6dbf45b3fcee8e28

SHA256
31e3e3c0c743283a21caa19d636f7d80d0a05e46919c390baab0021342f29a2f

SHA512
92d08f47ea0d4fc3decac52bd78ae1190e9b80b66625df7827f2429a12656bac173ab6561ff5f826eef076c41126bbb3773b5e25f57014d845cb4d7e27c23e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe

Filesize
184KB

MD5
36adb4a7cf1ec0270407d062ee3b0c0b

SHA1
07f8422870ef661aaf8024443230267eb226e460

SHA256
2774128c5589c1be770a8b67b1c719311a97cb190af382682b214a89c5dc0d2b

SHA512
c02b5e3485c69b476f807217dd7f31d5d72278cdc51b779c94b4299c968f12d583eff9b90637a483c73f7bbaa920f7a286043a4237c85de2ac8febf435be63fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe

Filesize
184KB

MD5
c4ee4869f46e0be17a6a4d0056870cb8

SHA1
f364e610fee558d18164f1726574a9f4901bb469

SHA256
e9055f90db24298cd953b27743b7f4a35a9769af0fcbbe38cc621844426bb587

SHA512
bede7406a47e9bad17d597dae1b2021485cc817b31a493330ad9094a045b26bbff9f10d4eb6b2fc81e38b6031db605dae431c7e2264338fff588d07157cb13ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe

Filesize
184KB

MD5
a400274162de1a56a1a10d1b3965b001

SHA1
81ed120513d1792e48ccef1cabd95579d7d7442c

SHA256
31fde07cbd5de1767f0fd2e9618acec2cf79badde660f9fd03f1fef812d1c621

SHA512
9ea6a94c1e49bfa94152db7a7b84a8e703067080ec752f4fb8ab85547a0e29d07f1178fa757d78039957efba55153cc1aba2ba99470b1156b6a1265c71744614

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe

Filesize
184KB

MD5
2a804ae9ed1848b21af13215af81bd5d

SHA1
0a090e77214ec3ec3d56b0dbbee81f594b5f6309

SHA256
498c43f55f6215b83b7b22d16baf9558f1d4bb2bf1556782d12427e00f1a0fbb

SHA512
1bc19385f8e716cfe3a030f9895012556e3d4ba6153ec2fde35f243c90d92c68486b04039b7b892ce5b0ba75658ddc0d012ff6f881d6c17cefa55243bffbe001

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6425.exe

Filesize
184KB

MD5
fa72674df13de683cc408061e262069c

SHA1
4e290ad6d243b07859239bd25455ee3dff83402d

SHA256
7950946fceb32b1e89c5517b5e4260b61ca7f19375a1133901de11638f5b138f

SHA512
42a73f277c1857af06c3fef5a79192c802783d56f8a1485d13afef3dfe2990a4bfb7d2171f5c42a39b495262f3e780870acbd97b4adeef3ef7b9480c466394be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe

Filesize
184KB

MD5
240064bc13bcee48124f2231d8beb8f7

SHA1
c21ef1d1afb9e9784025a931cbda6b2f2ecb4792

SHA256
785a8b5c113971d47cfcb8e2f49f63792517f14674d70ebcca8fbec73f2dd762

SHA512
f5190cf23c01bd054cc3208435dae1fd1b9c65548186baf052c7dd06c43aa429228ed1e3b411495366eebe4ee8fe1581359684ffec323c736f95b6d0a2643822

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe

Filesize
164KB

MD5
76bb72a280fa2d1cbb37d07561dff0ef

SHA1
e03496cca8a31000364cca120b178fe14e66af07

SHA256
1f9415d8d0846fb80edaca414472b5c39d75d760638ac158ce9db268186112d8

SHA512
17922c1002952f0b4d6a745d05d077980d2dd2265a60b77c54c6a458c72d005d5070279cfd2befc61e424e632bdc2bd236117268985381b8f33580a3f6be715f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe

Filesize
184KB

MD5
ca55a6eea2edadce547d84fee948045f

SHA1
a2808c96f1350ab70b2d3712474a7f8f7bf3aac7

SHA256
3bb3378e745e5d047cf498c9bba3f3c635839429cab9dc4dd0bb2eb59c4f408d

SHA512
9e273ee30f9f5499636637f58f0764723b2a05a7ba166099120b45dee25fe5f807af25a90fc19298e15a2b596cf677a8b5218b20d7dd2abc3e60d05daece3718

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe

Filesize
184KB

MD5
f7a06da68f04ac249142c21fcc3a7807

SHA1
efd139a9d2a7e49bd9e886bf63977fa8e7ce826b

SHA256
f69aac1300096dc8f155d8757ca9ab0ef017de414800d08c86aea9586158a9bd

SHA512
b4e3458e5f21c3559cc37c8f1b1713781c93b3593f8661fb018c957e5c67120129e883f733b8f2103b3ef17d9ecb8878922440139a00e796491eb951621ef0ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe

Filesize
184KB

MD5
58801288c1e0ec300bbac1a77613e732

SHA1
4d101f99dba303a9a2365b3c167c232ae7c5d904

SHA256
e1b26e6962ebfd202121c9c408e52bf87bba873c9f492db9aebf8801189f17bc

SHA512
842b0c433b6fd6350f081561f6b428c8dd12ac8c705c7a470789735e3639872e6584e2309c2b57098cbe686a8bb27856b710a013689f9b1038899293f3e1a512

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe

Filesize
184KB

MD5
c1b691b049716ce99b322e99cb9ff558

SHA1
435dd2bfa9660efd572f17a8519c7eff43a8e8e0

SHA256
346ec78bca4a42152187cd608b5270ab46fb4c8acd92f101ff978194b6cb31bf

SHA512
e7cfb566e1ee12e207ae0ce336ccdc2621652f7a8d8f0543d038925c8fe9f528413e155dd747fc11b0d22562f68da42b2909a33ab9917bd5e45254eb31f9d160

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe

Filesize
184KB

MD5
c8b41d2d61b953a0a354fd98723dee46

SHA1
ae5ac6ba8bafb0b2cbd15e1884bb3ef8c16e08a5

SHA256
a65be3d8c493b9bdcb44bfa0133336e4a32219f424ce12976669b81fcea746e8

SHA512
9caf4986fcb79034ef477e5ac87201d2a2d4d46bcc7a7774f640fc0f894236146aa88155910a6869aa723e24c30bb173ef86ff4b833ba667b31f1f96d4b250d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe

Filesize
184KB

MD5
6d78241f7cccc04293d4f206b27ae4a5

SHA1
d1bb25941ecaa75ee272e62a289698f70ba67ecd

SHA256
7983c00178b44ba80bf0242661076726ab02966ab6fa3d188f6ca395f65a89d9

SHA512
7a123f8d5512e9a1886da0dc2be1f42b971ae29e5ef4bd0af2c776c5195be519cdeac7576ddb3076b0fd69f0fb7cddc9d3258788a505ca8dfe00603844ce46ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe

Filesize
184KB

MD5
694c5c3d8108df42e00c83c0728cd880

SHA1
0ab99eb55cb240e8a5ac780c74fc7b4cf71bedf7

SHA256
aaae8d9d37d521044853b7b63098bd1a8278996fdf7d256ce207a1fde263d2c7

SHA512
b54e637e553edca188f35c71708522e4bc91a4e9a2034827d7c39e15ff062dd5c51ea18145c7bb296f832ae55862788c86850010f9858da9876c8d2df4ee99e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe

Filesize
184KB

MD5
ca7e88ba7b7641d6964683fc570890dd

SHA1
b29f665391a6084412bb7a2e473e407217a77170

SHA256
fb85b99079c0f5d5d6a38a1babfc31ecf77b1da67494594568c7d72b8cb64d0a

SHA512
094cc980f37ae556ffc0073996b5e5ce7af4cfad4abf888d8cb08db52535c4fcd5c94a8d32a3c74a5878a7d3352b9b8a4f542fc01005067850ff05f25978ec73

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads