6b0d89d0f001162392775ae8745cd4808dea4c729617004e6907a8b5dd393c34

Analysis

max time kernel
26s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2408ef2cad099f8b41faf72864dba136.exe
Size

184KB
MD5

2408ef2cad099f8b41faf72864dba136
SHA1

6eaa3422c7eb4e4172736d691c0ecafecece7658
SHA256

6b0d89d0f001162392775ae8745cd4808dea4c729617004e6907a8b5dd393c34
SHA512

0549636f5c9a14a7e0145efc884e56eeba25b53d35431b5f1a73b69df1aeeb6ae97ffcc5730d5742bd3d8c767377ac0d3a398e266b5a83054a791448656349c6
SSDEEP

3072:YPdXoVJmASA2iePQH8LFJfcZChJJMPv2lSQrxKEL6B0lP6pif:YPRoh32ivHKJfc1C6P0lP6pi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 54 IoCs

pid	Process
2412	Unicorn-20894.exe
2564	Unicorn-13877.exe
2676	Unicorn-63633.exe
2720	Unicorn-58885.exe
2816	Unicorn-4209.exe
1780	Unicorn-11822.exe
3044	Unicorn-61106.exe
2016	Unicorn-48854.exe
1880	Unicorn-52938.exe
2864	Unicorn-59715.exe
1316	Unicorn-63799.exe
776	Unicorn-43748.exe
1616	Unicorn-27966.exe
3064	Unicorn-50525.exe
1092	Unicorn-4853.exe
2272	Unicorn-62798.exe
1068	Unicorn-1345.exe
588	Unicorn-42932.exe
536	Unicorn-1345.exe
1084	Unicorn-11734.exe
1520	Unicorn-32901.exe
2176	Unicorn-52767.exe
1820	Unicorn-6259.exe
1240	Unicorn-44407.exe
2280	Unicorn-48491.exe
1168	Unicorn-51184.exe
2928	Unicorn-9596.exe
2416	Unicorn-40323.exe
2340	Unicorn-47100.exe
952	Unicorn-1428.exe
312	Unicorn-1428.exe
2032	Unicorn-34376.exe
2428	Unicorn-37068.exe
2704	Unicorn-24070.exe
2700	Unicorn-57489.exe
2476	Unicorn-13763.exe
2664	Unicorn-32792.exe
2648	Unicorn-40406.exe
2464	Unicorn-44490.exe
2500	Unicorn-9679.exe
1656	Unicorn-12180.exe
2132	Unicorn-16264.exe
1288	Unicorn-54604.exe
964	Unicorn-15710.exe
1980	Unicorn-27962.exe
948	Unicorn-30654.exe
1608	Unicorn-65465.exe
2540	Unicorn-50520.exe
1796	Unicorn-6939.exe
1548	Unicorn-809.exe
1540	Unicorn-52611.exe
2984	Unicorn-6939.exe
1140	Unicorn-7302.exe
2040	Unicorn-27168.exe

Loads dropped DLL 64 IoCs

pid	Process
2956	2408ef2cad099f8b41faf72864dba136.exe
2956	2408ef2cad099f8b41faf72864dba136.exe
2412	Unicorn-20894.exe
2412	Unicorn-20894.exe
2956	2408ef2cad099f8b41faf72864dba136.exe
2956	2408ef2cad099f8b41faf72864dba136.exe
2564	Unicorn-13877.exe
2564	Unicorn-13877.exe
2412	Unicorn-20894.exe
2412	Unicorn-20894.exe
2676	Unicorn-63633.exe
2676	Unicorn-63633.exe
2816	Unicorn-4209.exe
2816	Unicorn-4209.exe
2720	Unicorn-58885.exe
2720	Unicorn-58885.exe
2564	Unicorn-13877.exe
2564	Unicorn-13877.exe
1780	Unicorn-11822.exe
1780	Unicorn-11822.exe
2676	Unicorn-63633.exe
2676	Unicorn-63633.exe
2016	Unicorn-48854.exe
2016	Unicorn-48854.exe
2720	Unicorn-58885.exe
2720	Unicorn-58885.exe
3044	Unicorn-61106.exe
3044	Unicorn-61106.exe
2816	Unicorn-4209.exe
2816	Unicorn-4209.exe
1880	Unicorn-52938.exe
1316	Unicorn-63799.exe
2864	Unicorn-59715.exe
1780	Unicorn-11822.exe
1880	Unicorn-52938.exe
1316	Unicorn-63799.exe
1780	Unicorn-11822.exe
2864	Unicorn-59715.exe
776	Unicorn-43748.exe
776	Unicorn-43748.exe
2016	Unicorn-48854.exe
1068	Unicorn-1345.exe
2016	Unicorn-48854.exe
1068	Unicorn-1345.exe
1316	Unicorn-63799.exe
1316	Unicorn-63799.exe
3064	Unicorn-50525.exe
3064	Unicorn-50525.exe
536	Unicorn-1345.exe
536	Unicorn-1345.exe
2864	Unicorn-59715.exe
2864	Unicorn-59715.exe
1092	Unicorn-4853.exe
1092	Unicorn-4853.exe
2272	Unicorn-62798.exe
2272	Unicorn-62798.exe
1880	Unicorn-52938.exe
1616	Unicorn-27966.exe
588	Unicorn-42932.exe
1880	Unicorn-52938.exe
588	Unicorn-42932.exe
1616	Unicorn-27966.exe
1084	Unicorn-11734.exe
1084	Unicorn-11734.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2956	2408ef2cad099f8b41faf72864dba136.exe
2412	Unicorn-20894.exe
2564	Unicorn-13877.exe
2676	Unicorn-63633.exe
2720	Unicorn-58885.exe
2816	Unicorn-4209.exe
1780	Unicorn-11822.exe
3044	Unicorn-61106.exe
2016	Unicorn-48854.exe
1880	Unicorn-52938.exe
2864	Unicorn-59715.exe
1316	Unicorn-63799.exe
776	Unicorn-43748.exe
3064	Unicorn-50525.exe
1092	Unicorn-4853.exe
1616	Unicorn-27966.exe
1068	Unicorn-1345.exe
536	Unicorn-1345.exe
588	Unicorn-42932.exe
2272	Unicorn-62798.exe
1084	Unicorn-11734.exe
2176	Unicorn-52767.exe
1520	Unicorn-32901.exe
1820	Unicorn-6259.exe
1240	Unicorn-44407.exe
2280	Unicorn-48491.exe
2340	Unicorn-47100.exe
2928	Unicorn-9596.exe
952	Unicorn-1428.exe
1168	Unicorn-51184.exe
2416	Unicorn-40323.exe
312	Unicorn-1428.exe
2032	Unicorn-34376.exe
2428	Unicorn-37068.exe
2704	Unicorn-24070.exe
2700	Unicorn-57489.exe
2476	Unicorn-13763.exe
2664	Unicorn-32792.exe
2648	Unicorn-40406.exe
2500	Unicorn-9679.exe
2464	Unicorn-44490.exe
1656	Unicorn-12180.exe
2132	Unicorn-16264.exe
964	Unicorn-15710.exe
1288	Unicorn-54604.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2412	2956	2408ef2cad099f8b41faf72864dba136.exe	28
PID 2956 wrote to memory of 2412	2956	2408ef2cad099f8b41faf72864dba136.exe	28
PID 2956 wrote to memory of 2412	2956	2408ef2cad099f8b41faf72864dba136.exe	28
PID 2956 wrote to memory of 2412	2956	2408ef2cad099f8b41faf72864dba136.exe	28
PID 2412 wrote to memory of 2564	2412	Unicorn-20894.exe	29
PID 2412 wrote to memory of 2564	2412	Unicorn-20894.exe	29
PID 2412 wrote to memory of 2564	2412	Unicorn-20894.exe	29
PID 2412 wrote to memory of 2564	2412	Unicorn-20894.exe	29
PID 2956 wrote to memory of 2676	2956	2408ef2cad099f8b41faf72864dba136.exe	30
PID 2956 wrote to memory of 2676	2956	2408ef2cad099f8b41faf72864dba136.exe	30
PID 2956 wrote to memory of 2676	2956	2408ef2cad099f8b41faf72864dba136.exe	30
PID 2956 wrote to memory of 2676	2956	2408ef2cad099f8b41faf72864dba136.exe	30
PID 2564 wrote to memory of 2720	2564	Unicorn-13877.exe	31
PID 2564 wrote to memory of 2720	2564	Unicorn-13877.exe	31
PID 2564 wrote to memory of 2720	2564	Unicorn-13877.exe	31
PID 2564 wrote to memory of 2720	2564	Unicorn-13877.exe	31
PID 2412 wrote to memory of 2816	2412	Unicorn-20894.exe	33
PID 2412 wrote to memory of 2816	2412	Unicorn-20894.exe	33
PID 2412 wrote to memory of 2816	2412	Unicorn-20894.exe	33
PID 2412 wrote to memory of 2816	2412	Unicorn-20894.exe	33
PID 2676 wrote to memory of 1780	2676	Unicorn-63633.exe	32
PID 2676 wrote to memory of 1780	2676	Unicorn-63633.exe	32
PID 2676 wrote to memory of 1780	2676	Unicorn-63633.exe	32
PID 2676 wrote to memory of 1780	2676	Unicorn-63633.exe	32
PID 2816 wrote to memory of 3044	2816	Unicorn-4209.exe	34
PID 2816 wrote to memory of 3044	2816	Unicorn-4209.exe	34
PID 2816 wrote to memory of 3044	2816	Unicorn-4209.exe	34
PID 2816 wrote to memory of 3044	2816	Unicorn-4209.exe	34
PID 2720 wrote to memory of 2016	2720	Unicorn-58885.exe	38
PID 2720 wrote to memory of 2016	2720	Unicorn-58885.exe	38
PID 2720 wrote to memory of 2016	2720	Unicorn-58885.exe	38
PID 2720 wrote to memory of 2016	2720	Unicorn-58885.exe	38
PID 2564 wrote to memory of 2864	2564	Unicorn-13877.exe	37
PID 2564 wrote to memory of 2864	2564	Unicorn-13877.exe	37
PID 2564 wrote to memory of 2864	2564	Unicorn-13877.exe	37
PID 2564 wrote to memory of 2864	2564	Unicorn-13877.exe	37
PID 1780 wrote to memory of 1880	1780	Unicorn-11822.exe	36
PID 1780 wrote to memory of 1880	1780	Unicorn-11822.exe	36
PID 1780 wrote to memory of 1880	1780	Unicorn-11822.exe	36
PID 1780 wrote to memory of 1880	1780	Unicorn-11822.exe	36
PID 2676 wrote to memory of 1316	2676	Unicorn-63633.exe	35
PID 2676 wrote to memory of 1316	2676	Unicorn-63633.exe	35
PID 2676 wrote to memory of 1316	2676	Unicorn-63633.exe	35
PID 2676 wrote to memory of 1316	2676	Unicorn-63633.exe	35
PID 2016 wrote to memory of 776	2016	Unicorn-48854.exe	39
PID 2016 wrote to memory of 776	2016	Unicorn-48854.exe	39
PID 2016 wrote to memory of 776	2016	Unicorn-48854.exe	39
PID 2016 wrote to memory of 776	2016	Unicorn-48854.exe	39
PID 2720 wrote to memory of 1616	2720	Unicorn-58885.exe	40
PID 2720 wrote to memory of 1616	2720	Unicorn-58885.exe	40
PID 2720 wrote to memory of 1616	2720	Unicorn-58885.exe	40
PID 2720 wrote to memory of 1616	2720	Unicorn-58885.exe	40
PID 3044 wrote to memory of 1092	3044	Unicorn-61106.exe	42
PID 3044 wrote to memory of 1092	3044	Unicorn-61106.exe	42
PID 3044 wrote to memory of 1092	3044	Unicorn-61106.exe	42
PID 3044 wrote to memory of 1092	3044	Unicorn-61106.exe	42
PID 2816 wrote to memory of 3064	2816	Unicorn-4209.exe	41
PID 2816 wrote to memory of 3064	2816	Unicorn-4209.exe	41
PID 2816 wrote to memory of 3064	2816	Unicorn-4209.exe	41
PID 2816 wrote to memory of 3064	2816	Unicorn-4209.exe	41
PID 1880 wrote to memory of 2272	1880	Unicorn-52938.exe	43
PID 1880 wrote to memory of 2272	1880	Unicorn-52938.exe	43
PID 1880 wrote to memory of 2272	1880	Unicorn-52938.exe	43
PID 1880 wrote to memory of 2272	1880	Unicorn-52938.exe	43

C:\Users\Admin\AppData\Local\Temp\2408ef2cad099f8b41faf72864dba136.exe
"C:\Users\Admin\AppData\Local\Temp\2408ef2cad099f8b41faf72864dba136.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        9⤵
        Executes dropped EXE
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        10⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
        8⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        8⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        7⤵
        Executes dropped EXE
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        9⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        10⤵
        
        PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        7⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        8⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        6⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        8⤵
        
        PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        7⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        7⤵
        Executes dropped EXE
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        9⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        10⤵
        
        PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        9⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        6⤵
        
        PID:992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        7⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        6⤵
        Executes dropped EXE
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        7⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        8⤵
        
        PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        8⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        6⤵
        
        PID:1180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        9⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        6⤵
        Executes dropped EXE
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        6⤵
        Executes dropped EXE
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        9⤵
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe

Filesize
81KB

MD5
2a6003f348b50c9de4ba80db5b518171

SHA1
840cc9539a5ee792378499d1820b190273e9a2b0

SHA256
d18644d1e6fdc6acc3c1da084e85e475ba2ea5035ccdf865c43e46c67823597f

SHA512
696da8008fdf7bfc9d936f40fee82bc0405153e500621058262801c766de499578f7f8954888161175a64d4ca792a3f6f8196d7c7c0656dc2bfc71983331ac96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe

Filesize
105KB

MD5
adb9d2eb4aacdfd1ffe185e1a4a6a114

SHA1
771fb4c98340eeb6b3053641bb0c050a83becf33

SHA256
b44b8c7ce514ea12c79e3030c208c252f2b894f96367ac0baf50f7be3f786792

SHA512
3e81c83ed70711912024de2cb15a42c53e86d4df93cbbe4175d89b18bc3fa8b5c9d5df29f026508e32664216830365e574998726f65fa2c68f7962d452a74240

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe

Filesize
184KB

MD5
720ef55ade22fa6e3b313b42ec57c6c6

SHA1
1a8d28e705e6ab2cae53feadfeb56e008af3aac5

SHA256
bc16c1f3b1fa56e9df5110a4cd2346b6c82798a0f8fdc6310133cd2edb6c4c6e

SHA512
5638d91b7ff5179cc710be532336408f19dac7232303e88935b778fc5edb17e14cf61649049fe5fc7b65341ccc1cec2315c3e3c73412e0afe20c73af7515d96a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48854.exe

Filesize
184KB

MD5
5dc098c10072aeb6c838e69f44f27470

SHA1
533757f5efd3018d7da2ddc7fe3c52692f6b024c

SHA256
55225040f40babcbfd7485a8a01d1a843b0993d41ed05a442fb65be621e01da2

SHA512
8a4712d2b405f31b7320bfbd9fb1d9f2753f146132ade8ce571fef52782eead5de28acd618ca81b99f18904420ccc830861a73357efcd472589a77fe5741f609

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe

Filesize
184KB

MD5
8712762e3f7f43b5ca20a3035b0280c5

SHA1
af09c943f1597266f9d7b451241c0f8b3a7e3e7d

SHA256
adc06369aa6d4dac4e5d10a47c8a10d6e62366731f757f55ca4a17c9f0fff96d

SHA512
93cd292b23e1df67b3c09e5a1328780bb9484da2628225bcc4267a88ef256efdbb0902c1fb9cf84c93ef1a10bf31023bd9991ca32aeeb6cf7bceabbf85769829

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe

Filesize
184KB

MD5
6812125f3b5fa8a2ec784acf0e4f18f3

SHA1
ad3411638db12a2053d6548fe3b99b14ea95d5f2

SHA256
360fd91deba2f8a25fd272b309b4796d2131538e14dc53525228250b15c83171

SHA512
f753e72799ac25053ae211e478e51ec4eafa6b2567ddca97b8dfad2b45a34199a3acfc608423f5503e0811ef203c7377b5669b6fb46932e640d73c343e4ccdf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe

Filesize
184KB

MD5
fc97940e34e61955724090ffa571e39f

SHA1
881dbbf734426ef526480dd8f7c4e6715d71d722

SHA256
565beec57c962a1267ed83d4092b0a845eca604d29d2c86f1281df86fdcd8c25

SHA512
6a579444c475d7a508116574991f155411893002ff8f7b01ff0676946fbe538ab98859a033d842a6ef79d01af3aed2cd12a5df0b77e5ed1d5b9eea7ca8e7a9a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe

Filesize
184KB

MD5
57d72f8542471cfce6d37cb0f68d45ad

SHA1
a9aadf7694f5a1e3004eb4ddf4d46b2c2c6e8358

SHA256
cf1d5eee8b939f759258beedafe1e25056f6f8e17cc3293ac9a3ad2574b5a8a2

SHA512
a7b57a56360404cbb2d2d22616a76b5175e626845d6363af60d683e9863772c5814b3fc22c1d990dd5705a0b96863e37e6e244c5a078125d5c520490120586e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe

Filesize
184KB

MD5
2734113f6740c8321d04740bb8bb0409

SHA1
bd3e9772fca6a2a0dd3fb06f32e32c49e479dded

SHA256
7674d6f9bf59158f4d2b72ecb2ba618c44faa381e8d9ce06d32d05ac51b13ab5

SHA512
a4ce0217d06f6a12c71b4c370de361e1413ca4b138cccc155b21e2fd973dad501322618917c21f24154b985ea91d6b85a6d8b798191e56c44249a2be25b1d918

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe

Filesize
184KB

MD5
8cf6856654129699ed4ef4451c161f26

SHA1
7f00de1e876339c44aea56d6738b07a6477189d9

SHA256
6f0da3e52075aaaf47e643446ceff9d3b159dfadfbdae41bc600a3ab2636d3e9

SHA512
d7ef5f50eaa09f46786716bfa02492265c88ae267681f0d4636d2c341d988a95cb2e8aafa7baa3191eb0a684e136a18cfdfd9baa8dfacff5808af8b24270e080

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe

Filesize
184KB

MD5
76030e5c7d3810781e68f429e15814c6

SHA1
ebeb4f32507c51e46ed589f2eba8f9a0016bee70

SHA256
20ec6257d77808d19c847040dea6939beac0607c143c4fbed4c6b4fe5e3acf2c

SHA512
50718a3543b4d2350251986952aa3c7d083c1cf42e5697f83447f29ae85351c815fd596cef03b0c6ccc5be58b69558487cc4781ee2f9686fea3b1166b7103956

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4209.exe

Filesize
184KB

MD5
25339a8637a17a86541ec9b54f8f0efa

SHA1
b1ce67a134ea3e9c362c1e913a7455f8f30041e0

SHA256
05fd9a729bb2f62b2f3503d9f45789ff549dcab91b4c5f38a16e8769a059d109

SHA512
31c0ab07d63a29954d32f749623b51e17c4c8de2f1e95df49ccbd45e7be460017087f294ce1149174295ac8e631c4b27cbd73a5c36f294fbee70f6cc6fa50a44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe

Filesize
184KB

MD5
2634b40c0d58a8037888ba553e4a01d6

SHA1
db904e466e328736f4676bdd226c5098ac9ede17

SHA256
3e1ec490c206ff12dc8e085440c0ee48b2619e66a3e22419f80db11c827254da

SHA512
b0567e9c72c2042ae4c1a26ac33a6f3bbb3c30a31819c96a13efda02efedf8da2b0715a89d989e0eb8a1f4cdde0b3a7fb0751fb6e4a45a81bf311b10d627ead6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe

Filesize
184KB

MD5
1c97409cfec1f34553c14f738bf92166

SHA1
54ddf6138391ec60fef6434fc56ee355c6a480fc

SHA256
0065ea974cc82cfe7041e4a85ea7fe4de1a71083cf522b67ce2385939029d5ce

SHA512
e8ddf51d82f5e106601efc23a96fc447392741a14bf2f716c3b826e673c278bb293844f9e0bd7893d91fc6c0b032bb3a19483584a90130d240ca34ce2927341d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe

Filesize
184KB

MD5
40aecd3c23f9170ebed8266de15b1410

SHA1
cb0c148c6da846fb29dac7c39d6efc414a488fd6

SHA256
e7ff3706bf4f08a567932551db956594b57c53fdc853d2639789dd50fbaedafa

SHA512
cbf18eb5435655de15a9887d518bfdec972e3e0521a8c0d6325c5fa29ac6ef4045428acae58a59a1dc2fb726cb43a22a748a540e8e1def73ea37d35bef83f78c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe

Filesize
184KB

MD5
03ef252a1debd5baeb823421dfe76dd7

SHA1
3eef1280758d2d35508adfd01b61264005c2974c

SHA256
df3a7534e4f2b5d1fd30044ae35b43bd4cbfefb68a49c70e2e8cb6f893758a3e

SHA512
e7f237565195cd1ecdb4daeeea41ebc5f890aebd0ee54f3c2515dfc198dd8b11560446223c9d466845d5f7701e5d219a5f23ea66bc96bc2c2a092aa4a68c637a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe

Filesize
184KB

MD5
6870b8079de02f8f16f6826556af8ff0

SHA1
c73702c1c8c703ce81bf4e6a9104aa1225ccafd8

SHA256
7c88e0a0edbd74d10a5d2ac91187e97c8a1025dad2483179a1a197a8e4aaa74b

SHA512
84d59564aed1df731e93a8bbf8b2eb6fe725d8ea025a619c4dd18dff130cedab3efca453ad7ca1d1cc9ba9639c311804cbbc2413b84c946f99e60086ddf08585

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe

Filesize
184KB

MD5
13db3746915199fa2ce9cd56420d25de

SHA1
b0f89cb454c46f6f7c6de0aab1ab32ddb96fe118

SHA256
472a20b7f5c0405e44af7dc123357a9e757e9c9523d3142c91b910f7ba1a27df

SHA512
26a6ebd9901b10c6c81936c4a1e365c9bd3ee22b7025dac5e5a1294efa7b9fa69e57e94bf9e520ff578359868e9b923276df764e1b9bd28b4a86124b4c5ca41e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe

Filesize
184KB

MD5
db0c7cf28690b12789b4a4a136729348

SHA1
dba41ff1484673a688e0d703390d01d2778c9009

SHA256
2f169f5efc0eab954a74e49f62fdec5a2cad642f512ea18a2a002f53ee044310

SHA512
fbf4c94c73c7a3d3b4a431dbc513952297eac9393e5da4cfa947171b94247f0408a8c04768a1caeb66015e27213a5b8525588410a329941e7c1fc6f612a1d688

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe

Filesize
184KB

MD5
c24a0d68097d05553a26c0d207174fc6

SHA1
f5372b56cc5fb85e6edf78bd66351b71dac97824

SHA256
9dc6bf163934e6f9dfc2ddfb53becd9a45bed49717d6fab888b740cc9406ab1e

SHA512
19b754edbd322e17d85b3dde0ec4f978e7b41516d9734397efe9698cb1b34c2d3f13b2f6ae6c04487b182e7c15a48e3b809f4e11df92c4846bd3957c5ee243e2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads