b4cc2a03d8460939d970e5636c8612cac4d83aa5a646af342017376e54337e15

Analysis

max time kernel
12s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a8838c58f5117e7dc098d014fbec104.exe
Size

184KB
MD5

0a8838c58f5117e7dc098d014fbec104
SHA1

4e54d9c9747696e19c306a22391208ae87d03ec6
SHA256

b4cc2a03d8460939d970e5636c8612cac4d83aa5a646af342017376e54337e15
SHA512

fc4a587cba165d81da6c543c5bd180958a5d07214da8a500924cb24741977fab50b362fcdeb320540b7a3d965b7aa597388f4ba34fadc153982daa7b4d4bf37c
SSDEEP

3072:EhEuonm9VvAmAgjZMF9Rl8SZKOlWbrSlPQSxcfPnHylY5pF6:EhRom4mAgMfRl8NO+3ylY5pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2996	Unicorn-32021.exe
2732	Unicorn-30371.exe
2756	Unicorn-19742.exe
2720	Unicorn-37958.exe
2556	Unicorn-9924.exe
1692	Unicorn-21622.exe
2760	Unicorn-20117.exe

Loads dropped DLL 16 IoCs

pid	Process
2892	0a8838c58f5117e7dc098d014fbec104.exe
2892	0a8838c58f5117e7dc098d014fbec104.exe
2996	Unicorn-32021.exe
2996	Unicorn-32021.exe
2892	0a8838c58f5117e7dc098d014fbec104.exe
2892	0a8838c58f5117e7dc098d014fbec104.exe
2732	Unicorn-22537.exe
2732	Unicorn-22537.exe
2996	Unicorn-32021.exe
2996	Unicorn-32021.exe
2756	Unicorn-19742.exe
2756	Unicorn-19742.exe
2556	Unicorn-9924.exe
2556	Unicorn-9924.exe
2720	Unicorn-37958.exe
2720	Unicorn-37958.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
780	1564	WerFault.exe	94
1516	572	WerFault.exe	125

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2892	0a8838c58f5117e7dc098d014fbec104.exe
2996	Unicorn-32021.exe
2732	Unicorn-30371.exe
2756	Unicorn-19742.exe
2556	Unicorn-9924.exe
2720	Unicorn-37958.exe
1692	Unicorn-21622.exe
2760	Unicorn-20117.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2996	2892	0a8838c58f5117e7dc098d014fbec104.exe	28
PID 2892 wrote to memory of 2996	2892	0a8838c58f5117e7dc098d014fbec104.exe	28
PID 2892 wrote to memory of 2996	2892	0a8838c58f5117e7dc098d014fbec104.exe	28
PID 2892 wrote to memory of 2996	2892	0a8838c58f5117e7dc098d014fbec104.exe	28
PID 2996 wrote to memory of 2732	2996	Unicorn-32021.exe	30
PID 2996 wrote to memory of 2732	2996	Unicorn-32021.exe	30
PID 2996 wrote to memory of 2732	2996	Unicorn-32021.exe	30
PID 2996 wrote to memory of 2732	2996	Unicorn-32021.exe	30
PID 2892 wrote to memory of 2756	2892	0a8838c58f5117e7dc098d014fbec104.exe	29
PID 2892 wrote to memory of 2756	2892	0a8838c58f5117e7dc098d014fbec104.exe	29
PID 2892 wrote to memory of 2756	2892	0a8838c58f5117e7dc098d014fbec104.exe	29
PID 2892 wrote to memory of 2756	2892	0a8838c58f5117e7dc098d014fbec104.exe	29
PID 2732 wrote to memory of 2720	2732	Unicorn-22537.exe	33
PID 2732 wrote to memory of 2720	2732	Unicorn-22537.exe	33
PID 2732 wrote to memory of 2720	2732	Unicorn-22537.exe	33
PID 2732 wrote to memory of 2720	2732	Unicorn-22537.exe	33
PID 2996 wrote to memory of 2556	2996	Unicorn-32021.exe	32
PID 2996 wrote to memory of 2556	2996	Unicorn-32021.exe	32
PID 2996 wrote to memory of 2556	2996	Unicorn-32021.exe	32
PID 2996 wrote to memory of 2556	2996	Unicorn-32021.exe	32
PID 2756 wrote to memory of 1692	2756	Unicorn-19742.exe	31
PID 2756 wrote to memory of 1692	2756	Unicorn-19742.exe	31
PID 2756 wrote to memory of 1692	2756	Unicorn-19742.exe	31
PID 2756 wrote to memory of 1692	2756	Unicorn-19742.exe	31
PID 2556 wrote to memory of 2760	2556	Unicorn-9924.exe	38
PID 2556 wrote to memory of 2760	2556	Unicorn-9924.exe	38
PID 2556 wrote to memory of 2760	2556	Unicorn-9924.exe	38
PID 2556 wrote to memory of 2760	2556	Unicorn-9924.exe	38
PID 2720 wrote to memory of 2236	2720	Unicorn-37958.exe	37
PID 2720 wrote to memory of 2236	2720	Unicorn-37958.exe	37
PID 2720 wrote to memory of 2236	2720	Unicorn-37958.exe	37
PID 2720 wrote to memory of 2236	2720	Unicorn-37958.exe	37

C:\Users\Admin\AppData\Local\Temp\0a8838c58f5117e7dc098d014fbec104.exe
"C:\Users\Admin\AppData\Local\Temp\0a8838c58f5117e7dc098d014fbec104.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        7⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33486.exe
        10⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
        13⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        12⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        10⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        11⤵
        Program crash
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        9⤵
        
        PID:572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 220
        10⤵
        Program crash
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
        8⤵
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        5⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        6⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64779.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        11⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        11⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        10⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        6⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        8⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        8⤵
        
        PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
        5⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
        10⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        11⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        11⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        9⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        10⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        9⤵
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51669.exe
        8⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        10⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        13⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        12⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        12⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        10⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        11⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        13⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        11⤵
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        10⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        9⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        10⤵
        
        PID:2456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        6⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        10⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        10⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        10⤵
        
        PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56450.exe
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        5⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        6⤵
        
        PID:580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16395.exe
    3⤵
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        9⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        6⤵
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        9⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        11⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        10⤵
        
        PID:2916

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads