968b9a343972d6b465bf16e138710772ce164cf398cc42549a679c119bfbb2a0

Analysis

max time kernel
76s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

092490e3b63d81b9dd0a14cd36199286.exe
Size

184KB
MD5

092490e3b63d81b9dd0a14cd36199286
SHA1

9780954b7e8475edcc3b868ab75395e015d08015
SHA256

968b9a343972d6b465bf16e138710772ce164cf398cc42549a679c119bfbb2a0
SHA512

343ca9306165096abd15b644e3c1a8e6cf404adb3a90ee336e23238bfa8a4c661457827271d45c8179a649f625dc781c807aa33304e1d63a7bd9f50367a98400
SSDEEP

3072:pnD2oz/PuJA0urj3dP60w8H5FXd6xffh2cUx8xI6XNlPvpFL:pn6oqm0undi0w8mJplNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2988	Unicorn-3145.exe
2764	Unicorn-11396.exe
2668	Unicorn-31001.exe
2740	Unicorn-42782.exe
1668	Unicorn-47982.exe
1964	Unicorn-35168.exe
1960	Unicorn-40560.exe
2924	Unicorn-50950.exe
1904	Unicorn-64593.exe
1772	Unicorn-810.exe
2292	Unicorn-29591.exe
2108	Unicorn-37218.exe
2300	Unicorn-22466.exe
2336	Unicorn-4079.exe
1052	Unicorn-7608.exe
916	Unicorn-17287.exe
1336	Unicorn-2896.exe
1676	Unicorn-62559.exe
1508	Unicorn-11796.exe
2952	Unicorn-36493.exe
1620	Unicorn-42331.exe
3052	Unicorn-39892.exe
2660	Unicorn-63581.exe
2644	Unicorn-4266.exe
2688	Unicorn-44744.exe
2720	Unicorn-45730.exe
2640	Unicorn-31100.exe
2544	Unicorn-41214.exe
588	Unicorn-18765.exe
2520	Unicorn-46498.exe
2932	Unicorn-44168.exe
472	Unicorn-34438.exe
584	Unicorn-42392.exe
1368	Unicorn-13690.exe
2984	Unicorn-3768.exe
2372	Unicorn-45678.exe
2768	Unicorn-29150.exe
2536	Unicorn-37318.exe
2528	Unicorn-56368.exe
1484	Unicorn-29726.exe
592	Unicorn-9305.exe
1764	Unicorn-5221.exe
2444	Unicorn-49954.exe
396	Unicorn-63706.exe
556	Unicorn-16850.exe
2220	Unicorn-41354.exe
1512	Unicorn-46830.exe
2936	Unicorn-10976.exe
1728	Unicorn-36524.exe
2696	Unicorn-48392.exe
1592	Unicorn-49378.exe
2916	Unicorn-45595.exe
2596	Unicorn-15959.exe
2760	Unicorn-47048.exe
2504	Unicorn-54614.exe
436	Unicorn-5652.exe
2568	Unicorn-24127.exe
1260	Unicorn-14567.exe
368	Unicorn-61651.exe
2532	Unicorn-44355.exe
3088	Unicorn-40271.exe
2352	Unicorn-8729.exe
2036	Unicorn-65522.exe
3332	Unicorn-2227.exe

Loads dropped DLL 64 IoCs

pid	Process
2608	092490e3b63d81b9dd0a14cd36199286.exe
2608	092490e3b63d81b9dd0a14cd36199286.exe
2988	Unicorn-3145.exe
2988	Unicorn-3145.exe
2608	092490e3b63d81b9dd0a14cd36199286.exe
2608	092490e3b63d81b9dd0a14cd36199286.exe
2764	Unicorn-11396.exe
2764	Unicorn-11396.exe
2668	Unicorn-31001.exe
2988	Unicorn-3145.exe
2668	Unicorn-31001.exe
2988	Unicorn-3145.exe
2740	Unicorn-42782.exe
2764	Unicorn-11396.exe
2740	Unicorn-42782.exe
2764	Unicorn-11396.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
808	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
808	WerFault.exe
2460	WerFault.exe
2904	WerFault.exe
1964	Unicorn-35168.exe
1964	Unicorn-35168.exe
1960	Unicorn-40560.exe
1960	Unicorn-40560.exe
2924	Unicorn-50950.exe
2924	Unicorn-50950.exe
1964	Unicorn-35168.exe
1964	Unicorn-35168.exe
1904	Unicorn-64593.exe
1904	Unicorn-64593.exe
2740	Unicorn-42782.exe
2740	Unicorn-42782.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
1668	Unicorn-47982.exe
1668	Unicorn-47982.exe
2868	WerFault.exe

Program crash 51 IoCs

pid	pid_target	Process	procid_target
2824	2608	WerFault.exe	17
808	2988	WerFault.exe	28
2904	2764	WerFault.exe	29
2460	2668	WerFault.exe	30
2868	1960	WerFault.exe	35
2320	2924	WerFault.exe	33
332	1668	WerFault.exe	34
1688	2740	WerFault.exe	32
1376	1964	WerFault.exe	36
2564	1904	WerFault.exe	40
1948	916	WerFault.exe	52
2624	2292	WerFault.exe	42
2420	1336	WerFault.exe	53
2148	2336	WerFault.exe	47
1644	1508	WerFault.exe	56
2124	2952	WerFault.exe	57
2344	2300	WerFault.exe	46
1828	1620	WerFault.exe	58
1220	1772	WerFault.exe	41
2068	1676	WerFault.exe	55
2332	1052	WerFault.exe	48
2512	584	WerFault.exe	68
3164	2108	WerFault.exe	45
3216	2984	WerFault.exe	85
3356	2536	WerFault.exe	88
3548	2768	WerFault.exe	87
3540	3052	WerFault.exe	60
3532	2520	WerFault.exe	65
3572	472	WerFault.exe	69
3664	1368	WerFault.exe	82
3964	588	WerFault.exe	66
4036	2544	WerFault.exe	64
4064	1764	WerFault.exe	92
4056	1484	WerFault.exe	90
4048	2372	WerFault.exe	86
3108	2220	WerFault.exe	98
3096	592	WerFault.exe	91
2104	1512	WerFault.exe	96
544	2660	WerFault.exe	61
2340	2720	WerFault.exe	70
2848	2528	WerFault.exe	89
2272	2688	WerFault.exe	71
3244	2696	WerFault.exe	102
3284	2444	WerFault.exe	93
3388	1728	WerFault.exe	94
4028	556	WerFault.exe	97
3888	2936	WerFault.exe	95
3916	2932	WerFault.exe	67
2852	2352	WerFault.exe	114
3428	2640	WerFault.exe	63
4120	3508	WerFault.exe	119

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2608	092490e3b63d81b9dd0a14cd36199286.exe
2988	Unicorn-3145.exe
2764	Unicorn-11396.exe
2668	Unicorn-31001.exe
2740	Unicorn-42782.exe
1964	Unicorn-35168.exe
2924	Unicorn-50950.exe
1960	Unicorn-40560.exe
1668	Unicorn-47982.exe
1904	Unicorn-64593.exe
1772	Unicorn-810.exe
2292	Unicorn-29591.exe
2300	Unicorn-22466.exe
2108	Unicorn-37218.exe
2336	Unicorn-4079.exe
1052	Unicorn-7608.exe
916	Unicorn-17287.exe
1336	Unicorn-2896.exe
1676	Unicorn-62559.exe
1508	Unicorn-11796.exe
2952	Unicorn-36493.exe
1620	Unicorn-42331.exe
3052	Unicorn-39892.exe
2660	Unicorn-63581.exe
584	Unicorn-42392.exe
2520	Unicorn-46498.exe
472	Unicorn-34438.exe
2688	Unicorn-44744.exe
2932	Unicorn-44168.exe
2720	Unicorn-45730.exe
588	Unicorn-18765.exe
2544	Unicorn-41214.exe
2640	Unicorn-31100.exe
1368	Unicorn-13690.exe
2984	Unicorn-3768.exe
2372	Unicorn-45678.exe
2768	Unicorn-29150.exe
2536	Unicorn-37318.exe
2528	Unicorn-56368.exe
1484	Unicorn-29726.exe
1764	Unicorn-5221.exe
592	Unicorn-9305.exe
2444	Unicorn-49954.exe
1728	Unicorn-36524.exe
2220	Unicorn-41354.exe
396	Unicorn-63706.exe
1512	Unicorn-46830.exe
556	Unicorn-16850.exe
2916	Unicorn-45595.exe
1592	Unicorn-49378.exe
2036	Unicorn-65522.exe
2696	Unicorn-48392.exe
2352	Unicorn-8729.exe
2532	Unicorn-44355.exe
1260	Unicorn-14567.exe
2760	Unicorn-47048.exe
2596	Unicorn-15959.exe
3088	Unicorn-40271.exe
368	Unicorn-61651.exe
436	Unicorn-5652.exe
2504	Unicorn-54614.exe
2568	Unicorn-24127.exe
3332	Unicorn-2227.exe
3508	Unicorn-2611.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2988	2608	092490e3b63d81b9dd0a14cd36199286.exe	28
PID 2608 wrote to memory of 2988	2608	092490e3b63d81b9dd0a14cd36199286.exe	28
PID 2608 wrote to memory of 2988	2608	092490e3b63d81b9dd0a14cd36199286.exe	28
PID 2608 wrote to memory of 2988	2608	092490e3b63d81b9dd0a14cd36199286.exe	28
PID 2988 wrote to memory of 2764	2988	Unicorn-3145.exe	29
PID 2988 wrote to memory of 2764	2988	Unicorn-3145.exe	29
PID 2988 wrote to memory of 2764	2988	Unicorn-3145.exe	29
PID 2988 wrote to memory of 2764	2988	Unicorn-3145.exe	29
PID 2608 wrote to memory of 2668	2608	092490e3b63d81b9dd0a14cd36199286.exe	30
PID 2608 wrote to memory of 2668	2608	092490e3b63d81b9dd0a14cd36199286.exe	30
PID 2608 wrote to memory of 2668	2608	092490e3b63d81b9dd0a14cd36199286.exe	30
PID 2608 wrote to memory of 2668	2608	092490e3b63d81b9dd0a14cd36199286.exe	30
PID 2608 wrote to memory of 2824	2608	092490e3b63d81b9dd0a14cd36199286.exe	31
PID 2608 wrote to memory of 2824	2608	092490e3b63d81b9dd0a14cd36199286.exe	31
PID 2608 wrote to memory of 2824	2608	092490e3b63d81b9dd0a14cd36199286.exe	31
PID 2608 wrote to memory of 2824	2608	092490e3b63d81b9dd0a14cd36199286.exe	31
PID 2764 wrote to memory of 2740	2764	Unicorn-11396.exe	32
PID 2764 wrote to memory of 2740	2764	Unicorn-11396.exe	32
PID 2764 wrote to memory of 2740	2764	Unicorn-11396.exe	32
PID 2764 wrote to memory of 2740	2764	Unicorn-11396.exe	32
PID 2668 wrote to memory of 2924	2668	Unicorn-31001.exe	33
PID 2668 wrote to memory of 2924	2668	Unicorn-31001.exe	33
PID 2668 wrote to memory of 2924	2668	Unicorn-31001.exe	33
PID 2668 wrote to memory of 2924	2668	Unicorn-31001.exe	33
PID 2988 wrote to memory of 1964	2988	Unicorn-3145.exe	36
PID 2988 wrote to memory of 1964	2988	Unicorn-3145.exe	36
PID 2988 wrote to memory of 1964	2988	Unicorn-3145.exe	36
PID 2988 wrote to memory of 1964	2988	Unicorn-3145.exe	36
PID 2740 wrote to memory of 1668	2740	Unicorn-42782.exe	34
PID 2740 wrote to memory of 1668	2740	Unicorn-42782.exe	34
PID 2740 wrote to memory of 1668	2740	Unicorn-42782.exe	34
PID 2740 wrote to memory of 1668	2740	Unicorn-42782.exe	34
PID 2764 wrote to memory of 1960	2764	Unicorn-11396.exe	35
PID 2764 wrote to memory of 1960	2764	Unicorn-11396.exe	35
PID 2764 wrote to memory of 1960	2764	Unicorn-11396.exe	35
PID 2764 wrote to memory of 1960	2764	Unicorn-11396.exe	35
PID 2988 wrote to memory of 808	2988	Unicorn-3145.exe	37
PID 2988 wrote to memory of 808	2988	Unicorn-3145.exe	37
PID 2988 wrote to memory of 808	2988	Unicorn-3145.exe	37
PID 2988 wrote to memory of 808	2988	Unicorn-3145.exe	37
PID 2764 wrote to memory of 2904	2764	Unicorn-11396.exe	38
PID 2764 wrote to memory of 2904	2764	Unicorn-11396.exe	38
PID 2764 wrote to memory of 2904	2764	Unicorn-11396.exe	38
PID 2764 wrote to memory of 2904	2764	Unicorn-11396.exe	38
PID 2668 wrote to memory of 2460	2668	Unicorn-31001.exe	39
PID 2668 wrote to memory of 2460	2668	Unicorn-31001.exe	39
PID 2668 wrote to memory of 2460	2668	Unicorn-31001.exe	39
PID 2668 wrote to memory of 2460	2668	Unicorn-31001.exe	39
PID 1964 wrote to memory of 1904	1964	Unicorn-35168.exe	40
PID 1964 wrote to memory of 1904	1964	Unicorn-35168.exe	40
PID 1964 wrote to memory of 1904	1964	Unicorn-35168.exe	40
PID 1964 wrote to memory of 1904	1964	Unicorn-35168.exe	40
PID 1960 wrote to memory of 1772	1960	Unicorn-40560.exe	41
PID 1960 wrote to memory of 1772	1960	Unicorn-40560.exe	41
PID 1960 wrote to memory of 1772	1960	Unicorn-40560.exe	41
PID 1960 wrote to memory of 1772	1960	Unicorn-40560.exe	41
PID 2924 wrote to memory of 2292	2924	Unicorn-50950.exe	42
PID 2924 wrote to memory of 2292	2924	Unicorn-50950.exe	42
PID 2924 wrote to memory of 2292	2924	Unicorn-50950.exe	42
PID 2924 wrote to memory of 2292	2924	Unicorn-50950.exe	42
PID 1960 wrote to memory of 2868	1960	Unicorn-40560.exe	43
PID 1960 wrote to memory of 2868	1960	Unicorn-40560.exe	43
PID 1960 wrote to memory of 2868	1960	Unicorn-40560.exe	43
PID 1960 wrote to memory of 2868	1960	Unicorn-40560.exe	43

C:\Users\Admin\AppData\Local\Temp\092490e3b63d81b9dd0a14cd36199286.exe
"C:\Users\Admin\AppData\Local\Temp\092490e3b63d81b9dd0a14cd36199286.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        11⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 380
        11⤵
        Program crash
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 376
        10⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        9⤵
        Executes dropped EXE
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52196.exe
        10⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 380
        10⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 376
        9⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 376
        8⤵
        Program crash
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 380
        8⤵
        Program crash
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 376
        7⤵
        Program crash
        
        PID:2332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 368
        6⤵
        Program crash
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 372
        9⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 380
        8⤵
        Program crash
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 376
        7⤵
        Program crash
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 380
        8⤵
        Program crash
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 368
        7⤵
        Program crash
        
        PID:544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 368
        6⤵
        Program crash
        
        PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 360
        5⤵
        Program crash
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39892.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
        10⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 372
        10⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 376
        9⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        9⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        9⤵
        Program crash
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 376
        8⤵
        Program crash
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 376
        7⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 380
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        8⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 380
        8⤵
        Program crash
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 384
        7⤵
        Program crash
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 376
        6⤵
        Program crash
        
        PID:1220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 368
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 380
        9⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 372
        8⤵
        Program crash
        
        PID:3916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 376
        7⤵
        Program crash
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 380
        8⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 380
        7⤵
        Program crash
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 376
        6⤵
        Program crash
        
        PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 372
        5⤵
        Program crash
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 372
        9⤵
        Program crash
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 376
        8⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        9⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 380
        9⤵
        Program crash
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 380
        8⤵
        Program crash
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 376
        7⤵
        Program crash
        
        PID:3532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 368
        6⤵
        Program crash
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        5⤵
        Executes dropped EXE
        
        PID:2644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 380
        5⤵
        Program crash
        
        PID:3164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 376
      4⤵
      Program crash
      PID:1376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 376
        8⤵
        Program crash
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 380
        7⤵
        Program crash
        
        PID:2340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 368
        6⤵
        Program crash
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 380
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 380
        6⤵
        Program crash
        
        PID:2512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 376
        5⤵
        Program crash
        
        PID:2624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:2320
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 372
  2⤵
  - Program crash
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe

Filesize
184KB

MD5
40c9e58a0a96f7e613f3b1e301feeb14

SHA1
f8816e54b3cf306a28cb31b46cc664f247537db9

SHA256
b63fa76dc18051a10f0c6b096ce894ab40e1e133c8a3f359857f6300574dd723

SHA512
411796a444fa5f60297b23ed53d7e6c906ceec57e48106b002812065f15b862dac4e45602495b75fbdf8ee4eae95cb628adab83f5027b40d31b2e73cdc4610ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe

Filesize
184KB

MD5
53a6f5ef25303178d16a17d070b0995c

SHA1
e368cb134612c6c91449f34d1f6117ed2e86771e

SHA256
d1be424a8cf9aff8e7f2801f4387d661a2d85bbf1aaa1a25a96d80aa5d8cdbb4

SHA512
8c53acafb14bdc6ee0d5d1715e4269e2cff98ce0082c735f45417e93f0b0734566141ed4b0650b80da0f2c31233686ec2387c3121cffd5e93e79a13aea397e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe

Filesize
184KB

MD5
a58174df42b767db2e6dc1138894f680

SHA1
c5b090ce7102d617f4a2cc2958144694caf4d3ba

SHA256
35d710ae8b1668df98ac0119caa966443e6ff14cca6dce9d5b8b8d52009a4c37

SHA512
c05f038dea4b5aac0af5eb51fdd8451c49f5894efc98c868896d7089226836276f012ab78dace8229dabe72714bce46f346c018e5125dfd42dbcc14e31279fef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe

Filesize
184KB

MD5
f40623e99db3bd8fd908812aeac8f60d

SHA1
29938777ed47a93e83df06f0779f30678169b478

SHA256
99d1c39f6aca2ae9aa665fa60b832ee2e368c2538ee4d203ca9419800a759848

SHA512
e08c3be43e168004ae455253396cce766699f3c046725e0d354381ddb003954e0a2e23a8b69431d235aab403b54ebff91299f0d635c9ac8f8224e7b59076643c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe

Filesize
146KB

MD5
c8069f5cbb8573fcd481dc11c5b992b7

SHA1
aa8e41751e0af61c53d8c066d8562cb92a59cfc1

SHA256
f77af3b694c90880f92088c5b7f92452559b826d194e42923031bab454a88149

SHA512
f0b9e0a5e5133ee8691040cb56633952714086ba870f589217d099a993d289bba7caf0ea57bde4aeb74e94a67abda431e03f2ad6de0bd6a6fa21559edaf4fe56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe

Filesize
125KB

MD5
56102291f81ba790eb69c9b4cdcecf42

SHA1
a4d78b7e43ceb575f5aff6f5e2b8135388068f90

SHA256
2c36f6f232309c8348c8527e12ed876220c6479dfb17396da1c5500783d605ff

SHA512
224b0068f9de5c861d7684e51b9bafb3c0675dcce612bb61d4ffc6211bc2725184925284de06652cec190df76b8f83e3261460788977693a59a713a31354c0da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe

Filesize
184KB

MD5
7d9b3f9bdc9728b6765ac09090603f22

SHA1
4d7eeca16549c79b1e09282fc874779a04c9d3a3

SHA256
43d366758878626a28ea98e6d831a8a033e0ca50a59795519c2e67f8a1751fd5

SHA512
bacb21a5af71fb7e58914d9974f046a56007bb24f94dc069083f3c59b70552179c15495963fbfdab95e3a8ccdca18469c2f45d7e8f65f6d7ab1e1eff73a310e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe

Filesize
184KB

MD5
0587dfd359691c5910aaae9fd3039d7a

SHA1
e693a2ea6b977b52c39749aac82d0ac7fe498db7

SHA256
624f18189f7fe63c1d1b4682894b1cb1cb993432903ee75893609f8b3c5278ef

SHA512
1bd2d8a6d99754ab6e69722cbfcbab017a3e5e6d785ea76a41e060902421bc3522200de4c8f3d369d8acebd168689343b47bd8e8fd4f03163af0bb2c7c7c3703

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe

Filesize
184KB

MD5
b716956febad1bb2d4b9c9e613a1e19d

SHA1
93547d8724e194b97d57175b9883d135f9e0d2fe

SHA256
c6d94c065bd19c369ffbdf5b2e9bd5cf231818b2e58c05181fa1177b099e42cb

SHA512
3aaacce60242a05bc74592492920e6e56a87c1fa510edd674da01ddff0f7007330731683bd0ba9ecafe9967068c5c97b02128bf72d268bdb4a009dd41aec9364

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe

Filesize
184KB

MD5
cd5b2f0d762b0b6b747db607e036b01c

SHA1
7c2c9349411d4938d0bba4c3a3e54b18a88ba000

SHA256
5d64f22778f53d9f1064484ace699efeaecd07e5a70ba77bdfe6d9931f04c61b

SHA512
4a47641984e97ddc23433fd4775925fa1d5c50cb3a448bc66169181a21e04598dc66b60ec6ff8eb3d7a607e5cafb64d0a16549c586cf06225d6ed8723ec83a0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe

Filesize
184KB

MD5
23d564a7899a5516f9aa844622eccf29

SHA1
6f9443b33afbc2314564e7badd537194180d143d

SHA256
7b9a8e735c7178083e3cea03bc847cad76ca21ac55beb8f373e7f6ad13310165

SHA512
840503d84b1fc8fd0c9b3eb7b485e6a543aa84fef00a77dd8b0b8b5e5acfac4dbdaf262cd2068b04265a78c3f38be53f7d2de68d33c1a00108df7ac8920775b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe

Filesize
184KB

MD5
ae65e1ab9923248a17f7685b1d64401d

SHA1
b98585c4a1c6c933e425e57e374cce5e11a4fd0a

SHA256
23d17d5681dc93fe0cfccb8eae7c74a7ed686ff755d1d5d9f3e8f287bccddb6c

SHA512
fa30eb92a1a8dc10eb8d0e3997a5c2de8eddc3d5e10e50eacf28790674ef15708485dc71be60ff24f9ce5f2adc2212d87e218a6b40a87cfbfe60978b6c20db13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-810.exe

Filesize
184KB

MD5
c56bd75c42a39ce5be82dc1ff63a5850

SHA1
92f9d718b29ea962ea0954bddd17de5428dfc38f

SHA256
b955873f1eaf28aeec72e5cba3f95ba3f7908b5bb4a5d5942ef1ee4a73baf78e

SHA512
0fd03f22c34eee9180490f8aa5c1b208232f93cda5d34d9a9dd5859192e324dd21c78edb2d921019997340fa4120289f71bfef75ebfa39efb4508cb42c065985

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads