40f9c5293c3489fb1b223d3562e5a32234929be90584eb5f6f6f8a2f70e677e0

Analysis

max time kernel
47s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cd76a3ea25f87e1d861bfdae28ef86b.exe
Size

184KB
MD5

1cd76a3ea25f87e1d861bfdae28ef86b
SHA1

bc966cb3f43d55b0ca990e1cb873d8a7bf4595e7
SHA256

40f9c5293c3489fb1b223d3562e5a32234929be90584eb5f6f6f8a2f70e677e0
SHA512

9e08c5247a3d7d377c1df6441296cd93f393d7fad56099adfd794532f9fb067c34b2ddafd25f5de3c33b31b092cf272f2be9416a4019b1f81b552ededeb8e38f
SSDEEP

3072:dQHJoc2AXA0bOjldTc1tzxbObH6aMdwJDYx4EPJO7lPdpFY:dQpoMw0budA1tzBy1h7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2148	Unicorn-5764.exe
3000	Unicorn-59646.exe
2768	Unicorn-49018.exe
2676	Unicorn-29252.exe
2776	Unicorn-17554.exe
2460	Unicorn-62500.exe
2176	Unicorn-43637.exe
320	Unicorn-56252.exe
1616	Unicorn-26917.exe
1780	Unicorn-43445.exe
1644	Unicorn-31747.exe
2712	Unicorn-25459.exe
2272	Unicorn-38457.exe
1228	Unicorn-43907.exe
1320	Unicorn-60243.exe
584	Unicorn-59174.exe
1632	Unicorn-26886.exe
1304	Unicorn-40953.exe
1988	Unicorn-15188.exe
2932	Unicorn-22932.exe
1100	Unicorn-5178.exe
2056	Unicorn-16876.exe
2772	Unicorn-24852.exe
2416	Unicorn-38234.exe
2924	Unicorn-41572.exe
1812	Unicorn-29874.exe
1588	Unicorn-32252.exe
1448	Unicorn-24660.exe
2268	Unicorn-48972.exe
2616	Unicorn-63014.exe
2940	Unicorn-17343.exe
2860	Unicorn-54846.exe
2748	Unicorn-22517.exe
2452	Unicorn-3336.exe
1724	Unicorn-22901.exe
1672	Unicorn-47213.exe
804	Unicorn-19179.exe
1728	Unicorn-54229.exe
1512	Unicorn-34939.exe
1796	Unicorn-46637.exe
2228	Unicorn-56533.exe
476	Unicorn-52703.exe
908	Unicorn-11478.exe
1496	Unicorn-23176.exe
2796	Unicorn-10326.exe
2788	Unicorn-22024.exe
1752	Unicorn-63440.exe
1140	Unicorn-63440.exe
1744	Unicorn-12630.exe
2956	Unicorn-28172.exe
1820	Unicorn-48038.exe
884	Unicorn-28172.exe
1680	Unicorn-48038.exe
1700	Unicorn-34140.exe
2020	Unicorn-62558.exe
2580	Unicorn-17228.exe
2432	Unicorn-29310.exe
2752	Unicorn-51328.exe
936	Unicorn-54857.exe
1192	Unicorn-54857.exe
1716	Unicorn-46113.exe
2496	Unicorn-42391.exe
1552	Unicorn-21417.exe
2060	Unicorn-19807.exe

Loads dropped DLL 64 IoCs

pid	Process
3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe
3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe
2148	Unicorn-5764.exe
2148	Unicorn-5764.exe
3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe
3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe
3000	Unicorn-59646.exe
3000	Unicorn-59646.exe
2148	Unicorn-5764.exe
2148	Unicorn-5764.exe
2768	Unicorn-49018.exe
2768	Unicorn-49018.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2676	Unicorn-29252.exe
2676	Unicorn-29252.exe
3000	Unicorn-59646.exe
3000	Unicorn-59646.exe
2776	Unicorn-17554.exe
2776	Unicorn-17554.exe
2460	Unicorn-62500.exe
2460	Unicorn-62500.exe
2768	Unicorn-49018.exe
2768	Unicorn-49018.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
2176	Unicorn-43637.exe
2176	Unicorn-43637.exe
2676	Unicorn-29252.exe
2676	Unicorn-29252.exe
320	Unicorn-56252.exe
320	Unicorn-56252.exe
1644	Unicorn-31747.exe
1644	Unicorn-31747.exe
1616	Unicorn-26917.exe
1616	Unicorn-26917.exe
1780	Unicorn-43445.exe
1780	Unicorn-43445.exe
2776	Unicorn-17554.exe
2776	Unicorn-17554.exe
2460	Unicorn-62500.exe
2460	Unicorn-62500.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
972	WerFault.exe
972	WerFault.exe
972	WerFault.exe
972	WerFault.exe
972	WerFault.exe
1900	WerFault.exe

Program crash 51 IoCs

pid	pid_target	Process	procid_target
2652	3040	WerFault.exe	11
2732	2148	WerFault.exe	28
2376	3000	WerFault.exe	29
1404	2768	WerFault.exe	30
348	2676	WerFault.exe	32
972	2776	WerFault.exe	33
1900	2460	WerFault.exe	34
2136	2176	WerFault.exe	36
1816	320	WerFault.exe	37
1840	1644	WerFault.exe	40
1652	1616	WerFault.exe	38
2192	1780	WerFault.exe	39
2820	2712	WerFault.exe	43
2008	1304	WerFault.exe	49
2708	1228	WerFault.exe	45
2104	2932	WerFault.exe	54
1104	2416	WerFault.exe	58
2620	1700	WerFault.exe	95
2852	1588	WerFault.exe	61
2572	1724	WerFault.exe	73
3336	2616	WerFault.exe	64
3364	884	WerFault.exe	90
3388	2748	WerFault.exe	69
3328	2056	WerFault.exe	56
3320	2268	WerFault.exe	63
3404	1496	WerFault.exe	83
3312	2788	WerFault.exe	85
3304	1100	WerFault.exe	55
3296	2772	WerFault.exe	57
3288	2272	WerFault.exe	44
3272	1512	WerFault.exe	78
3416	2924	WerFault.exe	59
3264	1672	WerFault.exe	74
3252	2860	WerFault.exe	66
3236	1728	WerFault.exe	77
3228	1632	WerFault.exe	50
3216	584	WerFault.exe	47
3208	1320	WerFault.exe	46
3200	2452	WerFault.exe	70
3548	1680	WerFault.exe	93
3540	476	WerFault.exe	81
3500	2940	WerFault.exe	65
3772	1796	WerFault.exe	79
3736	2432	WerFault.exe	99
3728	1988	WerFault.exe	48
3988	1812	WerFault.exe	60
4072	2956	WerFault.exe	91
3348	936	WerFault.exe	102
3188	1820	WerFault.exe	92
4468	804	WerFault.exe	76
4536	1140	WerFault.exe	87

Suspicious use of SetWindowsHookEx 62 IoCs

pid	Process
3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe
2148	Unicorn-5764.exe
3000	Unicorn-59646.exe
2768	Unicorn-49018.exe
2676	Unicorn-29252.exe
2776	Unicorn-17554.exe
2460	Unicorn-62500.exe
2176	Unicorn-43637.exe
320	Unicorn-56252.exe
1616	Unicorn-26917.exe
1644	Unicorn-31747.exe
1780	Unicorn-43445.exe
2712	Unicorn-25459.exe
2272	Unicorn-38457.exe
1228	Unicorn-43907.exe
1320	Unicorn-60243.exe
584	Unicorn-59174.exe
1632	Unicorn-26886.exe
1304	Unicorn-40953.exe
1988	Unicorn-15188.exe
2932	Unicorn-22932.exe
2056	Unicorn-16876.exe
1100	Unicorn-5178.exe
2772	Unicorn-24852.exe
2924	Unicorn-41572.exe
2416	Unicorn-38234.exe
1812	Unicorn-29874.exe
1588	Unicorn-32252.exe
1448	Unicorn-24660.exe
2268	Unicorn-48972.exe
2860	Unicorn-54846.exe
2616	Unicorn-63014.exe
2940	Unicorn-17343.exe
2748	Unicorn-22517.exe
2452	Unicorn-3336.exe
1724	Unicorn-22901.exe
1672	Unicorn-47213.exe
1728	Unicorn-54229.exe
1796	Unicorn-46637.exe
804	Unicorn-19179.exe
1512	Unicorn-34939.exe
908	Unicorn-11478.exe
2228	Unicorn-56533.exe
476	Unicorn-52703.exe
2796	Unicorn-10326.exe
1496	Unicorn-23176.exe
2788	Unicorn-22024.exe
1752	Unicorn-63440.exe
1140	Unicorn-63440.exe
1744	Unicorn-12630.exe
884	Unicorn-28172.exe
2956	Unicorn-28172.exe
1680	Unicorn-48038.exe
1700	Unicorn-34140.exe
1820	Unicorn-48038.exe
2020	Unicorn-62558.exe
2580	Unicorn-17228.exe
2432	Unicorn-29310.exe
2752	Unicorn-51328.exe
936	Unicorn-54857.exe
1192	Unicorn-54857.exe
1716	Unicorn-46113.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2148	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	28
PID 3040 wrote to memory of 2148	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	28
PID 3040 wrote to memory of 2148	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	28
PID 3040 wrote to memory of 2148	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	28
PID 2148 wrote to memory of 3000	2148	Unicorn-5764.exe	29
PID 2148 wrote to memory of 3000	2148	Unicorn-5764.exe	29
PID 2148 wrote to memory of 3000	2148	Unicorn-5764.exe	29
PID 2148 wrote to memory of 3000	2148	Unicorn-5764.exe	29
PID 3040 wrote to memory of 2768	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	30
PID 3040 wrote to memory of 2768	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	30
PID 3040 wrote to memory of 2768	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	30
PID 3040 wrote to memory of 2768	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	30
PID 3040 wrote to memory of 2652	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	31
PID 3040 wrote to memory of 2652	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	31
PID 3040 wrote to memory of 2652	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	31
PID 3040 wrote to memory of 2652	3040	1cd76a3ea25f87e1d861bfdae28ef86b.exe	31
PID 3000 wrote to memory of 2676	3000	Unicorn-59646.exe	32
PID 3000 wrote to memory of 2676	3000	Unicorn-59646.exe	32
PID 3000 wrote to memory of 2676	3000	Unicorn-59646.exe	32
PID 3000 wrote to memory of 2676	3000	Unicorn-59646.exe	32
PID 2148 wrote to memory of 2776	2148	Unicorn-5764.exe	33
PID 2148 wrote to memory of 2776	2148	Unicorn-5764.exe	33
PID 2148 wrote to memory of 2776	2148	Unicorn-5764.exe	33
PID 2148 wrote to memory of 2776	2148	Unicorn-5764.exe	33
PID 2768 wrote to memory of 2460	2768	Unicorn-49018.exe	34
PID 2768 wrote to memory of 2460	2768	Unicorn-49018.exe	34
PID 2768 wrote to memory of 2460	2768	Unicorn-49018.exe	34
PID 2768 wrote to memory of 2460	2768	Unicorn-49018.exe	34
PID 2148 wrote to memory of 2732	2148	Unicorn-5764.exe	35
PID 2148 wrote to memory of 2732	2148	Unicorn-5764.exe	35
PID 2148 wrote to memory of 2732	2148	Unicorn-5764.exe	35
PID 2148 wrote to memory of 2732	2148	Unicorn-5764.exe	35
PID 2676 wrote to memory of 2176	2676	Unicorn-29252.exe	36
PID 2676 wrote to memory of 2176	2676	Unicorn-29252.exe	36
PID 2676 wrote to memory of 2176	2676	Unicorn-29252.exe	36
PID 2676 wrote to memory of 2176	2676	Unicorn-29252.exe	36
PID 3000 wrote to memory of 320	3000	Unicorn-59646.exe	37
PID 3000 wrote to memory of 320	3000	Unicorn-59646.exe	37
PID 3000 wrote to memory of 320	3000	Unicorn-59646.exe	37
PID 3000 wrote to memory of 320	3000	Unicorn-59646.exe	37
PID 2776 wrote to memory of 1616	2776	Unicorn-17554.exe	38
PID 2776 wrote to memory of 1616	2776	Unicorn-17554.exe	38
PID 2776 wrote to memory of 1616	2776	Unicorn-17554.exe	38
PID 2776 wrote to memory of 1616	2776	Unicorn-17554.exe	38
PID 2460 wrote to memory of 1780	2460	Unicorn-62500.exe	39
PID 2460 wrote to memory of 1780	2460	Unicorn-62500.exe	39
PID 2460 wrote to memory of 1780	2460	Unicorn-62500.exe	39
PID 2460 wrote to memory of 1780	2460	Unicorn-62500.exe	39
PID 2768 wrote to memory of 1644	2768	Unicorn-49018.exe	40
PID 2768 wrote to memory of 1644	2768	Unicorn-49018.exe	40
PID 2768 wrote to memory of 1644	2768	Unicorn-49018.exe	40
PID 2768 wrote to memory of 1644	2768	Unicorn-49018.exe	40
PID 3000 wrote to memory of 2376	3000	Unicorn-59646.exe	41
PID 3000 wrote to memory of 2376	3000	Unicorn-59646.exe	41
PID 3000 wrote to memory of 2376	3000	Unicorn-59646.exe	41
PID 3000 wrote to memory of 2376	3000	Unicorn-59646.exe	41
PID 2768 wrote to memory of 1404	2768	Unicorn-49018.exe	42
PID 2768 wrote to memory of 1404	2768	Unicorn-49018.exe	42
PID 2768 wrote to memory of 1404	2768	Unicorn-49018.exe	42
PID 2768 wrote to memory of 1404	2768	Unicorn-49018.exe	42
PID 2176 wrote to memory of 2712	2176	Unicorn-43637.exe	43
PID 2176 wrote to memory of 2712	2176	Unicorn-43637.exe	43
PID 2176 wrote to memory of 2712	2176	Unicorn-43637.exe	43
PID 2176 wrote to memory of 2712	2176	Unicorn-43637.exe	43

C:\Users\Admin\AppData\Local\Temp\1cd76a3ea25f87e1d861bfdae28ef86b.exe
"C:\Users\Admin\AppData\Local\Temp\1cd76a3ea25f87e1d861bfdae28ef86b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        10⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 368
        10⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        9⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 380
        9⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        9⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 380
        9⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 376
        8⤵
        Program crash
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48038.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        9⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 380
        9⤵
        Program crash
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 380
        8⤵
        Program crash
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 376
        7⤵
        Program crash
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 380
        8⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        7⤵
        Executes dropped EXE
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 380
        7⤵
        Program crash
        
        PID:3304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 376
        6⤵
        Program crash
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        9⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 380
        9⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 380
        8⤵
        Program crash
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 372
        7⤵
        Program crash
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
        7⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 384
        7⤵
        Program crash
        
        PID:4468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 372
        6⤵
        Program crash
        
        PID:3288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 376
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 380
        8⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 380
        7⤵
        Program crash
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        7⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 380
        7⤵
        Program crash
        
        PID:3272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 376
        6⤵
        Program crash
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        7⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 380
        7⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 380
        6⤵
        Program crash
        
        PID:1104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 380
        5⤵
        Program crash
        
        PID:1816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 360
        8⤵
        Program crash
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 380
        7⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 372
        6⤵
        Program crash
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 380
        6⤵
        Program crash
        
        PID:3252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 376
        5⤵
        Program crash
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 380
        5⤵
        Program crash
        
        PID:3728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        8⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 380
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19205.exe
        7⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 380
        7⤵
        Program crash
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 380
        6⤵
        Program crash
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21417.exe
        7⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 380
        7⤵
        Program crash
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        6⤵
        
        PID:332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 372
        6⤵
        Program crash
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 368
        5⤵
        Program crash
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Program crash
        
        PID:2620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 372
        6⤵
        Program crash
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 368
        6⤵
        Program crash
        
        PID:3540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 368
        5⤵
        Program crash
        
        PID:2008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 380
        6⤵
        Program crash
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 380
        5⤵
        Program crash
        
        PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        7⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 380
        7⤵
        Program crash
        
        PID:3348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 380
        6⤵
        Program crash
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        5⤵
        Executes dropped EXE
        
        PID:2060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 380
        5⤵
        Program crash
        
        PID:3988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 376
      4⤵
      Program crash
      PID:1840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 380
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe

Filesize
184KB

MD5
db588a88bf863c5f66141466a4d15816

SHA1
8406882ab32559e41ced5ad7f540b88d25d932cd

SHA256
cd31a561954178c2197133f10cd0bb45d6bf58c7f5ded741232cceab7d8f4501

SHA512
5ed5fd6f352567ad8edb09ee8b902015205d8e967b81d0858b4f58849ea46a2b093af6c09dae41d6daf1b9b7330e1a520601f9a632576ed19d8c60f9ef0da12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe

Filesize
184KB

MD5
917a312c6361437eb2bd8ddbfc6579cf

SHA1
9d92e9c8c2053200a5a2d1b0a897650fc0efbffc

SHA256
d43ccb5bef1cf0e68ff490988a094b475e405591f7dda31c3077eb3ca6722866

SHA512
6eed9fa2c877ad6621f8222bab400102d282b393e043e8497b859fc9b481f7b2dad7b8e033ec7526f66ae3d5470435a861b30410a90c12c4bb856b635a311942

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe

Filesize
184KB

MD5
b527786efd3cfdc82880100b4c40d0d5

SHA1
2c2119cc8bd1ff372fc9a344920640da643d05b6

SHA256
5c6819dcd9133be3c048e63a9811726d2655ea59fd6404916d312f9d289b7111

SHA512
047fa15f4146352f12ed1a3db9951fb746d3dbce117eb6d409b9cc94e85afc8b24d9929c75459f4d67fb22cc0eed75660fef5b1c239479bc5cac7e17bf08f605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe

Filesize
184KB

MD5
afad35c83f73b72878e798c062930d9b

SHA1
58db0f4a9735af3bd9fef06547cc6f0d6fde1e9f

SHA256
8a89b9540099afc406bfc9d28924c2ebb4c0245be567d7fcb7982e9a170f7ed8

SHA512
bf379ff7b42cf336aefda4ec16efe3d4f9c408379894a8658da518f8d543536a8d18f70784ec68397fcb998949df67bb8ca7282ae28c92bef2498bfe15438e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe

Filesize
184KB

MD5
c10ffeceb1d3bd2baf2eb42f62c6cce7

SHA1
51cfe971a13288f4e78b8b152fb1eb3f816948ca

SHA256
57cdec6c4465010bac46beb38c6f7f8784fb0b6fea07c4b7675770958ddd4b9d

SHA512
d32332942afb4b95943c1d25c3074c013129a4fb76554d9bde3d528707f85a186e0611b6abc7a45f52eb36714e8848f774931aa1234cb98faa584f68aee34e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe

Filesize
184KB

MD5
34e5e7627f156ac9c6e636937d4787e8

SHA1
f7d7ec4db95be7376129b95f354862338cc0edf5

SHA256
63f64e4b094b5be03cb74e23a836c2a0e5c6eb583c46ba883c81d83530249611

SHA512
5f01128c5cc7b25168c4b16f53ee6ceac7865d231b623a01b0c5e716289b3e66e729a0215031162639814586e554177f56bbac794b2a30519edbad903febd6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe

Filesize
42KB

MD5
6763e4d374beabe8870ac9e06a9fc728

SHA1
e8463f9da7b2af2e040bdca51b62539608023642

SHA256
23f2ebc984b8a7aaf766703b3c08aafa1ec1febac98feb7d78d0a3ef4668e52e

SHA512
608ec9c92a09ad80a0d6ca6946f0f74866fba281be493d8bc824053ebeb6906afd44e88060389265a9b070f1f88b043840a519396ed626d7e96f7a3dba149ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe

Filesize
19KB

MD5
9f85a0b397aa79258866a36a21b83553

SHA1
87015b7afc53eed5d2aeecaee9a8829703472b19

SHA256
d8f8b5dce85406065aa8b18b840370cd6a77d5019506f3c2f157e5c69f1273d0

SHA512
1057191ff3364c665c3607a1e2b7c457b70b8ba05655e2be80299f103ea4ff09ea4c63c3bbe08d4900abad3a5ff41ba833aa2f8991366bff6d2c1a5132c91d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe

Filesize
41KB

MD5
79214f57866ee5e38caa203ff77e90be

SHA1
922c7a4b794b543671a8b591d42d16396f78a5f0

SHA256
8e2fafd642090ca969c7f9a7d1d922d9b3ffe612c5ed052d69aef5a3a2ebfe1f

SHA512
ca6cd5bd2b62b1db6ce9445ea19881a0cbe7f57bad3edfec46fd912f9914a72bf24af19fe87d5822ee102a2fd3ba759e88b748f0a70a5a813a848e569db0f22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe

Filesize
184KB

MD5
b3987be098f83e55359174528e342521

SHA1
7ac2d84a320755c857db45a8852b48439e1abfae

SHA256
83718aac336688a610bf1c00b60d5c9f780340dbe302008ca4bf0326ea437323

SHA512
49c938039652152bf17422561e630396cc5a2495d5b20420d40a301015c85656cc949b96531b3c62cad9d03e9beeecdd69c660cb248dd2fdfcf62ca17e72ce6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe

Filesize
184KB

MD5
ff27dbbbafbc6450bc108b9eb75f58da

SHA1
e139f431d900e0deb5d82c39bd77f28bc0ccb232

SHA256
8ea0cdfc1f9b1689d0e5da537cb307598243e429a17ded8b9bf2a9b0787758f3

SHA512
32b291810b42fe48cb630cb416376313acd48528b098d5c7cb2c210477dc4b0dc28f332384612791c1e793608f8db15090b9e0f8f840f7ff4131d0251eae27f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe

Filesize
184KB

MD5
689c59d4eeee5df2889a70f564606314

SHA1
292cce376c3628704217ddde5ab7769b2f1a9ef9

SHA256
9968128247d797a1c835e788a973ca7886ab9491728c3cbab4760ebbf9068f4b

SHA512
ecfc74072a7032369795302e296cc43fe0c8a1eebd44b9a81921070eb1314b7549fbe1be2d92d902bc8003f0f1c8792cac25cd2c391d329783754d1c571a46c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe

Filesize
184KB

MD5
dfe250505f4c2921f7319f27e6dda563

SHA1
32f402610e20a1788afae9618acaacd2fd00d568

SHA256
56bd7178c73ec17a1258fc3ccc91e6772aa7f143416e791f2a63feceaf2f8895

SHA512
658d5a0944786ffe210a370baaf3bc00392c2d4facb812cf9d9646a4241ac9354decb0c7bf0d66b0144268a5ecb8555f65116d412a5e6e754dc26be0c75ba8fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe

Filesize
184KB

MD5
ab5391d4afd3bdbdc6f7c0749d2c0af5

SHA1
ce7dfbb7855c90abbe21eb678037b7fad7ea8d01

SHA256
e28ec19f1772dd504265e6d1aee15a2d5d137684dc8686cccc1a7e0dd859edc5

SHA512
e101b034ef77bc2c60a4fd5320a4c9fecfbbde423f5d80b8eeae1484bffe610537bf5a8ffd97c74c923021c0bad67911bde03c39159377c6656c4ebf0322a5d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe

Filesize
184KB

MD5
dc4b6082b543f23ea50c0b8370738da4

SHA1
6bf314c1a63b71514b0008d53f6f3b4e76742f1e

SHA256
4631343a0025cdeb33efb71e0c9c4a2bd4b2afcd07fab1de89f49fe830455049

SHA512
ad192d16fe2f5c15e632875d961238b31d8d4eebe097e5a90e5f7e2754078a360cbd98a47472e38cbe13f05128099340cfe0c4e8428ea322813a6ad280a6501d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe

Filesize
184KB

MD5
2ab3244238e51c9b8c7369d9c67341f8

SHA1
1fb45aeacabe31738d1f5a582b41f65070923f57

SHA256
f07c5e8cdad700ebb04da544550609e2a755aa488b143eabf565bfa1b8e9e3ea

SHA512
cadcd0861c847cb481650907af15efdd0e83fec2341c45e40ee49a7848b727325fb63e47309beabda66bdb5f2fde02cd3084dac2a1bcd85971334170b795582f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe

Filesize
184KB

MD5
fd4e728e952e63a8b6347b6d523e26fe

SHA1
e8484bd99503b44993e342d69379aa86f62c04e1

SHA256
259a3948efe5633033de1b017a4752ff01b3d479836cf9dac6a720e10f381af8

SHA512
05f36f0d1aceb3d70c9e459a0869e83c33a0cfea8e81bd542b21ef1a0e4cd8093c7fca10dc721dcba04cc13f849091de6fbe08622762776ab927589447c07906

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe

Filesize
184KB

MD5
2a58f8eaf51a80a4dd911b887af02ffd

SHA1
ba0ec9becb4deb179a0183d07ebf382c38cf2381

SHA256
645b7dd2d775e81247f2b10f956af04c6ae8d1087be77407c150145f6b249d47

SHA512
db6c680f5dfbcf96fdfef483b0135d843522364e4a31dbd4214acccb2aad88e2a0c307a81355c952147a60399399f58f9cff7456add7ccd0a5b539cad9f0efa6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe

Filesize
4KB

MD5
fb33e9820143f9f8a5f6cf093a84e296

SHA1
7ba4ec58af93dff765668d4e01261edc0d7213d5

SHA256
5a84d5bba19a8ac4ee30523288c7e206b0185584eacd9675aa32eec4e2c91092

SHA512
2e387ab346ae1a285c6db73fd2b3a76e4e49e5431f54abb3b48b12da510edc2645fff5befc5c4089d70973a32109279b2a046b1810fa9eac0ae8cb38dbbf80c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe

Filesize
184KB

MD5
04712b95aa7e2ecf318aad12f389514d

SHA1
5068086f2bfa84581c7901b21dcd509c0ffa5190

SHA256
954c78008d6f3e838cf7de8ca154d51b8ea26cd6ed382458d919aa31a5402091

SHA512
43aee8cc755861e6177b7bd7fcacb81e6ac83ba946f7e19eae52ff934fdf011acd64898c28ba837d6fbced9d63c358bdb0d8dd56f3637854219a3f67955e0666

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads