daf7960c96ddde6785dba5fac7859655473b59c40d656a127e10c4cf9b8eee50

Analysis

max time kernel
97s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0af8ec462a3dc2ccb3d2a036577ed6ac.exe
Size

184KB
MD5

0af8ec462a3dc2ccb3d2a036577ed6ac
SHA1

83b163042fb8ab08d4df020575feaac7d7576368
SHA256

daf7960c96ddde6785dba5fac7859655473b59c40d656a127e10c4cf9b8eee50
SHA512

b340f099c75429e59e4043d8f26b6b37b7fd478caa735c6958c501db653b83e92a168a5545e7740f7977f94a9722a3a3bbe471d5febe59f9c51d24bf707ac10d
SSDEEP

3072:oJi6oc8hAcEAOjkd8ptUzFbOBR6NJBIswYx8OPbV7lPdpFJ:oJvoxOLAfdwtUzDm/S7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
1976	Unicorn-58916.exe
2748	Unicorn-15205.exe
2724	Unicorn-50338.exe
2040	Unicorn-15439.exe
2660	Unicorn-52772.exe
2844	Unicorn-65195.exe
472	Unicorn-51039.exe
2920	Unicorn-26020.exe
2992	Unicorn-29358.exe
1048	Unicorn-13021.exe
2656	Unicorn-26212.exe
2360	Unicorn-51973.exe
1352	Unicorn-10364.exe
1720	Unicorn-16347.exe
3068	Unicorn-7240.exe
2464	Unicorn-48465.exe
2488	Unicorn-32107.exe
344	Unicorn-36213.exe
1332	Unicorn-44991.exe
2376	Unicorn-36823.exe
2308	Unicorn-38337.exe
2020	Unicorn-46698.exe
560	Unicorn-621.exe
2112	Unicorn-38529.exe
3044	Unicorn-9194.exe
2224	Unicorn-33891.exe
1744	Unicorn-21447.exe
1664	Unicorn-17555.exe
2616	Unicorn-16839.exe
2176	Unicorn-49511.exe
2716	Unicorn-36875.exe
1032	Unicorn-32983.exe
2976	Unicorn-57378.exe
2912	Unicorn-31914.exe
2752	Unicorn-41125.exe
1836	Unicorn-42578.exe
2584	Unicorn-30195.exe
1660	Unicorn-63361.exe
584	Unicorn-16813.exe
2528	Unicorn-38903.exe
2724	Unicorn-55022.exe
1120	Unicorn-7985.exe
1820	Unicorn-16730.exe
2572	Unicorn-44934.exe
2564	Unicorn-5115.exe
1380	Unicorn-32490.exe
2320	Unicorn-46148.exe
1132	Unicorn-22563.exe
2664	Unicorn-47368.exe
1560	Unicorn-27502.exe
1496	Unicorn-4467.exe
1872	Unicorn-12796.exe
2324	Unicorn-44784.exe
2732	Unicorn-24058.exe
2568	Unicorn-6185.exe
2884	Unicorn-35350.exe
2652	Unicorn-4509.exe
1824	Unicorn-46502.exe
2368	Unicorn-16246.exe
2816	Unicorn-25291.exe
1548	Unicorn-26094.exe

Loads dropped DLL 64 IoCs

pid	Process
2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe
2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe
2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe
2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe
1976	Unicorn-58916.exe
1976	Unicorn-58916.exe
2724	Unicorn-50338.exe
1976	Unicorn-58916.exe
2724	Unicorn-50338.exe
1976	Unicorn-58916.exe
2748	Unicorn-15205.exe
2748	Unicorn-15205.exe
2040	Unicorn-15439.exe
2040	Unicorn-15439.exe
2724	Unicorn-50338.exe
2724	Unicorn-50338.exe
2844	Unicorn-65195.exe
2844	Unicorn-65195.exe
2660	Unicorn-52772.exe
2660	Unicorn-52772.exe
2748	Unicorn-15205.exe
2748	Unicorn-15205.exe
2656	Unicorn-26212.exe
472	Unicorn-51039.exe
2656	Unicorn-26212.exe
472	Unicorn-51039.exe
2844	Unicorn-65195.exe
2992	Unicorn-29358.exe
2844	Unicorn-65195.exe
2992	Unicorn-29358.exe
2920	Unicorn-26020.exe
2920	Unicorn-26020.exe
2660	Unicorn-52772.exe
2660	Unicorn-52772.exe
1048	Unicorn-13021.exe
1048	Unicorn-13021.exe
2920	Unicorn-26020.exe
2920	Unicorn-26020.exe
1720	Unicorn-16347.exe
472	Unicorn-51039.exe
1720	Unicorn-16347.exe
472	Unicorn-51039.exe
344	Unicorn-36213.exe
1352	Unicorn-10364.exe
2992	Unicorn-29358.exe
2464	Unicorn-48465.exe
344	Unicorn-36213.exe
2464	Unicorn-48465.exe
1352	Unicorn-10364.exe
2992	Unicorn-29358.exe
1048	Unicorn-13021.exe
1048	Unicorn-13021.exe
3068	Unicorn-7240.exe
3068	Unicorn-7240.exe
2488	Unicorn-32107.exe
2488	Unicorn-32107.exe
2020	Unicorn-46698.exe
2020	Unicorn-46698.exe
1664	Unicorn-17555.exe
1664	Unicorn-17555.exe
3044	Unicorn-9194.exe
3044	Unicorn-9194.exe
1744	Unicorn-21447.exe
1744	Unicorn-21447.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2316	1712	WerFault.exe	91

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe
1976	Unicorn-58916.exe
2748	Unicorn-15205.exe
2724	Unicorn-50338.exe
2040	Unicorn-15439.exe
2844	Unicorn-65195.exe
2660	Unicorn-52772.exe
472	Unicorn-51039.exe
2920	Unicorn-26020.exe
1048	Unicorn-13021.exe
2992	Unicorn-29358.exe
2656	Unicorn-26212.exe
1352	Unicorn-10364.exe
1720	Unicorn-16347.exe
3068	Unicorn-7240.exe
2464	Unicorn-48465.exe
344	Unicorn-36213.exe
2488	Unicorn-32107.exe
3044	Unicorn-9194.exe
1744	Unicorn-21447.exe
2020	Unicorn-46698.exe
1332	Unicorn-44991.exe
1664	Unicorn-17555.exe
2112	Unicorn-38529.exe
2308	Unicorn-38337.exe
560	Unicorn-621.exe
2224	Unicorn-33891.exe
2376	Unicorn-36823.exe
2360	Unicorn-51973.exe
2616	Unicorn-16839.exe
2176	Unicorn-49511.exe
2716	Unicorn-36875.exe
1032	Unicorn-32983.exe
2912	Unicorn-31914.exe
2976	Unicorn-57378.exe
2752	Unicorn-41125.exe
2724	Unicorn-55022.exe
1836	Unicorn-42578.exe
2564	Unicorn-5115.exe
1820	Unicorn-16730.exe
584	Unicorn-16813.exe
1120	Unicorn-7985.exe
2572	Unicorn-44934.exe
1560	Unicorn-27502.exe
2664	Unicorn-47368.exe
1872	Unicorn-12796.exe
2324	Unicorn-44784.exe
1380	Unicorn-32490.exe
2568	Unicorn-6185.exe
2732	Unicorn-24058.exe
1824	Unicorn-46502.exe
1496	Unicorn-4467.exe
1132	Unicorn-22563.exe
2884	Unicorn-35350.exe
2320	Unicorn-46148.exe
2368	Unicorn-16246.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 1976	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	28
PID 2960 wrote to memory of 1976	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	28
PID 2960 wrote to memory of 1976	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	28
PID 2960 wrote to memory of 1976	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	28
PID 2960 wrote to memory of 2748	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	29
PID 2960 wrote to memory of 2748	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	29
PID 2960 wrote to memory of 2748	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	29
PID 2960 wrote to memory of 2748	2960	0af8ec462a3dc2ccb3d2a036577ed6ac.exe	29
PID 1976 wrote to memory of 2724	1976	Unicorn-58916.exe	30
PID 1976 wrote to memory of 2724	1976	Unicorn-58916.exe	30
PID 1976 wrote to memory of 2724	1976	Unicorn-58916.exe	30
PID 1976 wrote to memory of 2724	1976	Unicorn-58916.exe	30
PID 2724 wrote to memory of 2040	2724	Unicorn-50338.exe	33
PID 2724 wrote to memory of 2040	2724	Unicorn-50338.exe	33
PID 2724 wrote to memory of 2040	2724	Unicorn-50338.exe	33
PID 2724 wrote to memory of 2040	2724	Unicorn-50338.exe	33
PID 1976 wrote to memory of 2844	1976	Unicorn-58916.exe	31
PID 1976 wrote to memory of 2844	1976	Unicorn-58916.exe	31
PID 1976 wrote to memory of 2844	1976	Unicorn-58916.exe	31
PID 1976 wrote to memory of 2844	1976	Unicorn-58916.exe	31
PID 2748 wrote to memory of 2660	2748	Unicorn-15205.exe	32
PID 2748 wrote to memory of 2660	2748	Unicorn-15205.exe	32
PID 2748 wrote to memory of 2660	2748	Unicorn-15205.exe	32
PID 2748 wrote to memory of 2660	2748	Unicorn-15205.exe	32
PID 2040 wrote to memory of 472	2040	Unicorn-15439.exe	34
PID 2040 wrote to memory of 472	2040	Unicorn-15439.exe	34
PID 2040 wrote to memory of 472	2040	Unicorn-15439.exe	34
PID 2040 wrote to memory of 472	2040	Unicorn-15439.exe	34
PID 2724 wrote to memory of 2920	2724	Unicorn-50338.exe	35
PID 2724 wrote to memory of 2920	2724	Unicorn-50338.exe	35
PID 2724 wrote to memory of 2920	2724	Unicorn-50338.exe	35
PID 2724 wrote to memory of 2920	2724	Unicorn-50338.exe	35
PID 2844 wrote to memory of 2992	2844	Unicorn-65195.exe	36
PID 2844 wrote to memory of 2992	2844	Unicorn-65195.exe	36
PID 2844 wrote to memory of 2992	2844	Unicorn-65195.exe	36
PID 2844 wrote to memory of 2992	2844	Unicorn-65195.exe	36
PID 2660 wrote to memory of 1048	2660	Unicorn-52772.exe	37
PID 2660 wrote to memory of 1048	2660	Unicorn-52772.exe	37
PID 2660 wrote to memory of 1048	2660	Unicorn-52772.exe	37
PID 2660 wrote to memory of 1048	2660	Unicorn-52772.exe	37
PID 2748 wrote to memory of 2656	2748	Unicorn-15205.exe	38
PID 2748 wrote to memory of 2656	2748	Unicorn-15205.exe	38
PID 2748 wrote to memory of 2656	2748	Unicorn-15205.exe	38
PID 2748 wrote to memory of 2656	2748	Unicorn-15205.exe	38
PID 2656 wrote to memory of 2360	2656	Unicorn-26212.exe	41
PID 2656 wrote to memory of 2360	2656	Unicorn-26212.exe	41
PID 2656 wrote to memory of 2360	2656	Unicorn-26212.exe	41
PID 2656 wrote to memory of 2360	2656	Unicorn-26212.exe	41
PID 472 wrote to memory of 1352	472	Unicorn-51039.exe	47
PID 472 wrote to memory of 1352	472	Unicorn-51039.exe	47
PID 472 wrote to memory of 1352	472	Unicorn-51039.exe	47
PID 472 wrote to memory of 1352	472	Unicorn-51039.exe	47
PID 2844 wrote to memory of 1720	2844	Unicorn-65195.exe	46
PID 2844 wrote to memory of 1720	2844	Unicorn-65195.exe	46
PID 2844 wrote to memory of 1720	2844	Unicorn-65195.exe	46
PID 2844 wrote to memory of 1720	2844	Unicorn-65195.exe	46
PID 2992 wrote to memory of 2464	2992	Unicorn-29358.exe	42
PID 2992 wrote to memory of 2464	2992	Unicorn-29358.exe	42
PID 2992 wrote to memory of 2464	2992	Unicorn-29358.exe	42
PID 2992 wrote to memory of 2464	2992	Unicorn-29358.exe	42
PID 2920 wrote to memory of 3068	2920	Unicorn-26020.exe	45
PID 2920 wrote to memory of 3068	2920	Unicorn-26020.exe	45
PID 2920 wrote to memory of 3068	2920	Unicorn-26020.exe	45
PID 2920 wrote to memory of 3068	2920	Unicorn-26020.exe	45

C:\Users\Admin\AppData\Local\Temp\0af8ec462a3dc2ccb3d2a036577ed6ac.exe
"C:\Users\Admin\AppData\Local\Temp\0af8ec462a3dc2ccb3d2a036577ed6ac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        10⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
        10⤵
        Executes dropped EXE
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        11⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        9⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        10⤵
        Program crash
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        7⤵
        Executes dropped EXE
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        9⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        11⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        6⤵
        Executes dropped EXE
        
        PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        7⤵
        Executes dropped EXE
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        8⤵
        Executes dropped EXE
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        9⤵
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        9⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        8⤵
        Executes dropped EXE
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        10⤵
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe
        7⤵
        
        PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe

Filesize
184KB

MD5
630c8b33a2ebbf95fdb7c707b04f709c

SHA1
7b970e55e7743f6a187432a7db4b86e6384cf330

SHA256
ab555be0d67003a42bf1794cfb751e199d6b5c66aa91140237e803db5f508228

SHA512
1037938d6f720281d8816c67d35d492507f2b3a43fee6f505edf8c03cf0fd9e5024bc35fdee4ae5706670f67d6cfaadc2866989fc59a1fd036dcb297e39d3e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe

Filesize
65KB

MD5
01581fab1a703aab87c7b339b8317817

SHA1
d728ab363e49db3b1290277c046b1b8e479b1a81

SHA256
ed19ebae3e9acfb9894dfefdda27fe0d126b245aeecd525da182214b69857da9

SHA512
94292b17c96c2798e161567326b34acbb71c6cf6c506101d8f5d83dd5ab72e378b57ff1edfe751285ea6f7476e402f497aabdf6197f32b9d6e5b7e705c81da0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe

Filesize
184KB

MD5
61840b2fd0bdce459f41ae01781c3c25

SHA1
64f59ec8ae61fd2b03caccb242857dc474601461

SHA256
9ecf17c9238b3f9a525b9f46841aa5a1222e7fc20e3c441113b733e09f4ca784

SHA512
33c5b3d27d662534103c4e5e27d32608c55d2656f68cf189764440c0a3e15fde48bf79faa9617107fd1c75d08f0bbae4e0c9754c2fc6d3a1b3fe835ac4ba192b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe

Filesize
184KB

MD5
70b3ad92fc44dd947855d9b166a97d80

SHA1
fb5ee40c8c67bed1b7c01e175c8cd777bde8c0ef

SHA256
e651b524526dc2a2d66933b5344b9fab92359aeba23d1887d863cce3570675ff

SHA512
e9e20340c72cfba4c7eaf10811a346e904380a6b0052830fb8f719b2557e905d6876e646e5f4024a0c3c4b6286123ce40954fc57852b6e3e322e422f0bb1d4d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe

Filesize
184KB

MD5
b824b89cea52e9af8e62ac3a108906b1

SHA1
6d9123822f0ee78a9a6475df9e83551114de761c

SHA256
244d9e9807bd3c0b7ebaf2d34cf938d8422939c0784f91860b64379d0811338c

SHA512
91c5bf095927e49543475e23ab81eb2900f197e7666d7989ae438ec14dcd1c3bccccd65c8ec0037267fd78fb656f9e5155abf758cc44a8a79e2c7bae316b6881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe

Filesize
69KB

MD5
f187489eef393f37069d65541f61e39b

SHA1
b4d6206c3c96e57c648a8e805b8924f43a5c4c29

SHA256
6c422bca38c55bbb10cf2b80f7cbd37255f5135b5f47bbbe857d4e7f1f03fcc5

SHA512
5eeffe2c6741987d34598a7f08a2088d713e0f53d03d9a3d211d4ae438c0b7322c1f076e050ed2e0fec842095a84c010a075734ecb01682de605c1fc6f82c518

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe

Filesize
184KB

MD5
25acbf2b37fdd5c2b1c963b19917311e

SHA1
9edbb27746d09d05d47be5883906e0d44b06c309

SHA256
8b813d48cb265cd2f152e6966f66b32411f48ee9d90d15094d74cdd1bfcf11e0

SHA512
0212513136f01524a04ebb691343f7b752adea75fae8d5fc8c9bb1c337b3d67b763cf34826eb7b5b4acb538e66c22670618185e170b40c65f063eeb1558d4450

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe

Filesize
184KB

MD5
d1b89952813bdf99e454c23ae1b12eb2

SHA1
6a3c1016a912283ec12a638bb6a5ed5fb349fe39

SHA256
204978e491f3b449f1cd9f30fd1c3ed76e08992f549f4a4b446f13381999c48f

SHA512
53716cab6ce954cf6d212340434c5688beb019b970ac7713c96cd09e2d72cb10b32d87919dbc4213ccb20e73d33296aadecb0a42f446bc1a0191e4d874b122be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe

Filesize
184KB

MD5
2c196dbfb801cdfcee461298b7ad7517

SHA1
808a84491cdcfb744dc7af8263650bde79944a35

SHA256
519f8e062b91cbdd6f2777d31f9d59f6c17aa8d350a157ffbac9804ec5f3341a

SHA512
4fb8b648a2ac1ea3802c4dfbc2efdbce032d6c36fff9d1d7cc1af0976845784ae19af7ba0a3d6dd2f7ab4eff8b5a0cf7a3f4b91b91b8d07f44dd9f9e70eb8c47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe

Filesize
184KB

MD5
c86b42f8bfbad1d47150f1d897131cb7

SHA1
937ebbacd50a8facc675d546c38f015916b840e4

SHA256
643efe7e5a8ec7e2493ac4225d3f41042fa7b6d0de49d034ceeaff78e8f6e374

SHA512
1d36e57d4b9ede97d78d2b89ff6b44c6e5f8ff9fcfd4fd3b50c22e105eef31072d851fcb3182e9cf39389503d1477e08d754174560d1839b52d6e54d312188d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe

Filesize
184KB

MD5
d5e7bd746f5bf62cd5d84e0b7e5972ca

SHA1
3dbe5b9ceabf4c96ff57eebc8fe6dc2e01c41972

SHA256
2265dc5d4cb0d454b5226471d097217938ba046bb64df19440cea25261dc036d

SHA512
753a692539892863cffa5aa27c588afd5e3d70edcbe198c6eac777afcca7655386737971333dbabb3368156259412cafc9162393c18d7151831d953de84e88bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe

Filesize
129KB

MD5
4b51e65983d0e3a8500cf5e5e6378340

SHA1
ce1c31d4c5a477b01905d62753a6135d4564af43

SHA256
f7fd15593397cb470d149542739171b119322c46daead1ce1c0939ada75fe03b

SHA512
216a0c4ed6390e34db041896415a85d600a7a259329f22af70c546248760c6bdfc6a9841d3640650621e79d53411f99272fb5f4ed93e47a66de20efb0e2f3397

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe

Filesize
148KB

MD5
0e4e284099cc434cc9234de33ca912e6

SHA1
899a0c443dbd35b0cb146dde33f8bc49e9ea15cc

SHA256
ea2f71cc6ad2679e83ae86e1b28ae61c80fc4e3fa56fe3e18f45ef1f8176f8d6

SHA512
1101c5f8f6432352786950c7710680863e6fdb350e15e4150bafdae70a161460b2a05fbfd64a84db5eb85ec853eebe44d40feab67dadaba71bb79325beb82b19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe

Filesize
184KB

MD5
a90bcc103538df3c44a6f0e6629142ba

SHA1
22b6a0150fe5f26e4450693c6129cbfcf75fc31e

SHA256
f01da2cbe465269979b8a315007960cfda0f86d97cb4321a0567df19301d9fa4

SHA512
1380d9b46575ccddcc044413a900808f3331910e4e26ce8183e484197ff44c4945a439af942e1f8be88deb2d302ef9547bf738aa7b2ad5a7ec9a08b80344866d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe

Filesize
184KB

MD5
cf6542f21445ca4e31080caa7d22e4f6

SHA1
34c40a5f9068796088dee0dc460177f8ab3d57be

SHA256
674759634199aa31b71733b100603404a6fe294a5c1f1bfc41a43abc058ebbe7

SHA512
71fd4f98ffc5731aea9444488283998e7920601f55356b9f1b575fefd4ca22d2c69ec58db633aa301a4b368d02e9c422a4864c4e0c44330ba38bb582df704c8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe

Filesize
184KB

MD5
9065c955a8540c2d42300ec65883637c

SHA1
288ac3bcdbdea11ce7ec7da4561c4e2e12864472

SHA256
c7206199d0b102c022434806c04b5507970fe17cca5291e058529da510fdf655

SHA512
02f6b4426fb0a59aa7a8fb53f258cccbb3848052972af5e1619a4c655fd3024dbba4c50b4a879435069f05fd317bdbe59fa56d41d308dc841ceb371a1999e555

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe

Filesize
184KB

MD5
e2007ed0dc375a2647b4ba1f0593868f

SHA1
ea7ddfee60aa574dec9f44982bf25ea3720ab0cf

SHA256
a746790c0d18a071da43e3135af674056bab4122de68345896b9efe7f4279898

SHA512
6a797534d935b77a03cd35f85f64698978a2363b97c18a8c0ea2b685c8873698412e9b6e7d7f7960f01b7ad4ffb4c9e7ff77a607616133c9af4064061d4093d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe

Filesize
184KB

MD5
723d32606a24dfe9be8bd0ed8e823a02

SHA1
fe1025a9921804bd921c88320397512974751968

SHA256
d182a875ea3859acc8bc019f63a83ecf7d83601722f29af75b27a6753f7d2ca8

SHA512
7a46b9125840d1c8d184b7afc4a5fa2dd77520ff9f8e12f548e9a880af4576eb5dd49f51ac00165a4499fdcac2347cdf55522bd24016662ee9afb397c6286415

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe

Filesize
184KB

MD5
4155ec2ce23de864c8b0320ca4326d18

SHA1
0983bf2d7ca950fdb67f255de4630015ded18b59

SHA256
66f93ab33f517cb65937bea2bb3b2d9392ca9361d92745d8574c9e90e25d6dcc

SHA512
d75888613463612b53dd6f7fa969badcefc3aa88b261bcb5ddbdec16b6871ac0ee9721e97a33c98c0ecfc0dab2f2c3225a8000741d7d6eb16b1330953b8ff9b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe

Filesize
184KB

MD5
3e84efe686e511f5feef92abac49c648

SHA1
145c324c49f899aafb432597d7bf9bf9e40b8087

SHA256
fbf741f68bfca5800d737b0b7502292ab41c8921b0dfb3314da409e7dd60bf95

SHA512
fd82e297be53e9fe3ab10cde2b6350bc8c9592f1cd5818436b4158a7570b81163dac8cc61f3fcbcc36e0fddbd5835e9c5b19dc966b36c0b18c570f7194d92ff5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe

Filesize
184KB

MD5
c6d5cb09841e4c90b79b6c7817916ce5

SHA1
7c39d9024a9bb854bda084c402974010377c03d8

SHA256
8700813353914ef8029cf273e5aac673af3fa7035e07275a60e106cef67ae2b8

SHA512
8a5e15ec81e0cef480d5b957b8bca5fca8f60a1aaa6d35e60e111accfdd024287e7ba06fb2cba7d1cfbea8243d405a4ad56f8829553a6fdd46af3441c300393f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe

Filesize
184KB

MD5
c5780dcc296ac3ec2041146483adbe34

SHA1
fcc37aabcc59af9a244e849214e50c1cde1f85e2

SHA256
69caea00f20daffcef80f9d169080c92b54019b254ae5f117d597b1a62bd1169

SHA512
c2e237d46940eb88da452123102951b64a9c65c653949793e2aeb0c21fcd251d2072a91d4d042e07e40f07dfcc0b5415177c153ee2a6da1c963297094be5cdcf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe

Filesize
184KB

MD5
ee29002e2788b87b6a9e3043de3d58e1

SHA1
341788df0ece90bd38d26406ad0c642fe248e6b1

SHA256
c7b6d906eaee4faf96725ff9ecb6a78df49acbba9d910e1eb3ea0ee812b81d27

SHA512
d2055a8d8d3b9d436b662b09c438e829e9cf5b9ece0507d7b49ccb32492c980ada658d633786e3c779d03efcd8568c291e53659073deab1571b5a6ded6e5dd59

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads