c6cb38318859973d2e7f26570e2116199c95c47cb3d087fddec15fec879f9c8b

Analysis

max time kernel
12s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d8efc2871fa141f843108d014d8636f.exe
Size

184KB
MD5

0d8efc2871fa141f843108d014d8636f
SHA1

8292b9297d3132c04ed35c656d9ae59409201c3d
SHA256

c6cb38318859973d2e7f26570e2116199c95c47cb3d087fddec15fec879f9c8b
SHA512

3a00155fb78b8d1861aa526f2e8a7b82b2480f989dc5f11fc842252bffbeea55e73a3309409aa3ab310187486784bedb8c608a6276b8c9bc89ab63ba8b8a6cb6
SSDEEP

3072:ilESo4ryrNwooqjpoarKvJcCDLNMsE2Y26xvxEnNNlvvpFy:iltoPOoo2o0KvJpLgQNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
1824	Unicorn-8161.exe
2164	Unicorn-53361.exe
2844	Unicorn-64222.exe
2720	Unicorn-15619.exe
2912	Unicorn-26479.exe
2600	Unicorn-11534.exe
1276	Unicorn-15702.exe
1664	Unicorn-46428.exe

Loads dropped DLL 16 IoCs

pid	Process
2992	0d8efc2871fa141f843108d014d8636f.exe
2992	0d8efc2871fa141f843108d014d8636f.exe
1824	Unicorn-8161.exe
1824	Unicorn-8161.exe
2992	Unicorn-27333.exe
2992	Unicorn-27333.exe
2164	Unicorn-53361.exe
2164	Unicorn-53361.exe
1824	Unicorn-8161.exe
1824	Unicorn-8161.exe
2844	Unicorn-64222.exe
2844	Unicorn-64222.exe
2720	Unicorn-15619.exe
2720	Unicorn-15619.exe
2912	Unicorn-26479.exe
2912	Unicorn-26479.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2096	2904	WerFault.exe	53
1624	1692	WerFault.exe	73
1640	344	WerFault.exe	111
2928	356	WerFault.exe	100
1636	1984	WerFault.exe	90
2564	1528	WerFault.exe	134
2260	2516	WerFault.exe	157

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2992	0d8efc2871fa141f843108d014d8636f.exe
1824	Unicorn-8161.exe
2164	Unicorn-53361.exe
2844	Unicorn-64222.exe
2720	Unicorn-15619.exe
2912	Unicorn-26479.exe
2600	Unicorn-11534.exe
1276	Unicorn-15702.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1824	2992	0d8efc2871fa141f843108d014d8636f.exe	28
PID 2992 wrote to memory of 1824	2992	0d8efc2871fa141f843108d014d8636f.exe	28
PID 2992 wrote to memory of 1824	2992	0d8efc2871fa141f843108d014d8636f.exe	28
PID 2992 wrote to memory of 1824	2992	0d8efc2871fa141f843108d014d8636f.exe	28
PID 1824 wrote to memory of 2164	1824	Unicorn-8161.exe	30
PID 1824 wrote to memory of 2164	1824	Unicorn-8161.exe	30
PID 1824 wrote to memory of 2164	1824	Unicorn-8161.exe	30
PID 1824 wrote to memory of 2164	1824	Unicorn-8161.exe	30
PID 2992 wrote to memory of 2844	2992	Unicorn-27333.exe	29
PID 2992 wrote to memory of 2844	2992	Unicorn-27333.exe	29
PID 2992 wrote to memory of 2844	2992	Unicorn-27333.exe	29
PID 2992 wrote to memory of 2844	2992	Unicorn-27333.exe	29
PID 2164 wrote to memory of 2720	2164	Unicorn-53361.exe	33
PID 2164 wrote to memory of 2720	2164	Unicorn-53361.exe	33
PID 2164 wrote to memory of 2720	2164	Unicorn-53361.exe	33
PID 2164 wrote to memory of 2720	2164	Unicorn-53361.exe	33
PID 1824 wrote to memory of 2912	1824	Unicorn-8161.exe	32
PID 1824 wrote to memory of 2912	1824	Unicorn-8161.exe	32
PID 1824 wrote to memory of 2912	1824	Unicorn-8161.exe	32
PID 1824 wrote to memory of 2912	1824	Unicorn-8161.exe	32
PID 2844 wrote to memory of 2600	2844	Unicorn-64222.exe	31
PID 2844 wrote to memory of 2600	2844	Unicorn-64222.exe	31
PID 2844 wrote to memory of 2600	2844	Unicorn-64222.exe	31
PID 2844 wrote to memory of 2600	2844	Unicorn-64222.exe	31
PID 2720 wrote to memory of 1276	2720	Unicorn-15619.exe	38
PID 2720 wrote to memory of 1276	2720	Unicorn-15619.exe	38
PID 2720 wrote to memory of 1276	2720	Unicorn-15619.exe	38
PID 2720 wrote to memory of 1276	2720	Unicorn-15619.exe	38
PID 2912 wrote to memory of 1664	2912	Unicorn-26479.exe	37
PID 2912 wrote to memory of 1664	2912	Unicorn-26479.exe	37
PID 2912 wrote to memory of 1664	2912	Unicorn-26479.exe	37
PID 2912 wrote to memory of 1664	2912	Unicorn-26479.exe	37

C:\Users\Admin\AppData\Local\Temp\0d8efc2871fa141f843108d014d8636f.exe
"C:\Users\Admin\AppData\Local\Temp\0d8efc2871fa141f843108d014d8636f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15619.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        11⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        10⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        9⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        9⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        10⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        8⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        11⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        6⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17900.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        10⤵
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
        9⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        7⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        6⤵
        
        PID:344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 200
        7⤵
        Program crash
        
        PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
      4⤵
      Executes dropped EXE
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        5⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        10⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        11⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        8⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        7⤵
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        9⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        8⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        6⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        9⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        7⤵
        
        PID:1432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
      4⤵
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        5⤵
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
        6⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        7⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        10⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        8⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
        8⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
        10⤵
        
        PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
      4⤵
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        6⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        8⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        6⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        7⤵
        
        PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
    3⤵
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54643.exe
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        5⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        7⤵
        
        PID:356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        8⤵
        Program crash
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13322.exe
        8⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        8⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        9⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        9⤵
        Program crash
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        8⤵
        Program crash
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        7⤵
        Program crash
        
        PID:1636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        6⤵
        Program crash
        
        PID:1624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        5⤵
        Program crash
        
        PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe

Filesize
184KB

MD5
bbbf4a7e39007446ca96c338c14a0cf2

SHA1
0da4f3321c630c7a326abaff17af88d6e755e4f2

SHA256
1f3e219bad4da6a6fff8639965e72d81bdb261ab067d8545960ca0ada87c5c58

SHA512
3974aef9d0dc9a636a769bda0c87c7b6a08bd2d7f33f74357ae7feea642df197469d000fe373042c7f05495107f86510b0554a3d9abe07ce78265daa676f5bf8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads