ede6bfa9986ed549545cd41b8a0e403f2d7687766351df7977ab9f913b961fc7

Analysis

max time kernel
29s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26fba3282ab30eb556bfef93e311b96c.exe
Size

184KB
MD5

26fba3282ab30eb556bfef93e311b96c
SHA1

f8108c78a384d23a39d5df29d57ef83439ccf09b
SHA256

ede6bfa9986ed549545cd41b8a0e403f2d7687766351df7977ab9f913b961fc7
SHA512

e15acc6f52c84d9553a2ffa67404b09b83b764e633c72b2d9de125ea5dc4ae4567b9552c3a41a5727dadd919a647909c1d370c8e888703ecbc162a3c7be91955
SSDEEP

3072:tqkXoJIovUA7WOjQdx5idz1e4L76TWyy0myx/6P3W7lXvpL+:tq8o1l7WTd7idzd9st7lXvpL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 49 IoCs

pid	Process
2744	Unicorn-11391.exe
816	Unicorn-3488.exe
2756	Unicorn-48584.exe
2588	Unicorn-25317.exe
2608	Unicorn-11633.exe
2712	Unicorn-54002.exe
1128	Unicorn-62448.exe
640	Unicorn-17197.exe
2892	Unicorn-12406.exe
2644	Unicorn-32272.exe
2960	Unicorn-61524.exe
932	Unicorn-5536.exe
2856	Unicorn-18452.exe
2156	Unicorn-25547.exe
1632	Unicorn-21441.exe
740	Unicorn-56958.exe
2288	Unicorn-8442.exe
1264	Unicorn-43611.exe
2032	Unicorn-40273.exe
1032	Unicorn-7918.exe
1804	Unicorn-10933.exe
1536	Unicorn-63471.exe
516	Unicorn-49356.exe
1984	Unicorn-32479.exe
884	Unicorn-18220.exe
1672	Unicorn-35817.exe
2036	Unicorn-19398.exe
2508	Unicorn-65069.exe
3064	Unicorn-21401.exe
1888	Unicorn-18172.exe
1604	Unicorn-32496.exe
2732	Unicorn-45303.exe
2496	Unicorn-31728.exe
2816	Unicorn-48256.exe
2784	Unicorn-64628.exe
2680	Unicorn-17997.exe
2796	Unicorn-22272.exe
2416	Unicorn-57706.exe
660	Unicorn-24109.exe
760	Unicorn-43975.exe
996	Unicorn-61847.exe
1352	Unicorn-41981.exe
1176	Unicorn-61800.exe
2940	Unicorn-65137.exe
2996	Unicorn-65137.exe
2924	Unicorn-45272.exe
2972	Unicorn-65137.exe
2528	Unicorn-30422.exe
1392	Unicorn-25260.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	26fba3282ab30eb556bfef93e311b96c.exe
2220	26fba3282ab30eb556bfef93e311b96c.exe
2744	Unicorn-11391.exe
2744	Unicorn-11391.exe
2220	26fba3282ab30eb556bfef93e311b96c.exe
2220	26fba3282ab30eb556bfef93e311b96c.exe
816	Unicorn-3488.exe
2744	Unicorn-11391.exe
2744	Unicorn-11391.exe
2756	Unicorn-48584.exe
2756	Unicorn-48584.exe
816	Unicorn-3488.exe
2588	Unicorn-25317.exe
2588	Unicorn-25317.exe
2712	Unicorn-54002.exe
2712	Unicorn-54002.exe
816	Unicorn-3488.exe
816	Unicorn-3488.exe
2608	Unicorn-11633.exe
2608	Unicorn-11633.exe
2756	Unicorn-48584.exe
2756	Unicorn-48584.exe
1128	Unicorn-62448.exe
1128	Unicorn-62448.exe
2588	Unicorn-25317.exe
2588	Unicorn-25317.exe
640	Unicorn-17197.exe
640	Unicorn-17197.exe
2712	Unicorn-54002.exe
2712	Unicorn-54002.exe
2892	Unicorn-12406.exe
2892	Unicorn-12406.exe
2960	Unicorn-61524.exe
2960	Unicorn-61524.exe
2644	Unicorn-32272.exe
2644	Unicorn-32272.exe
2608	Unicorn-11633.exe
2608	Unicorn-11633.exe
932	Unicorn-5536.exe
932	Unicorn-5536.exe
1128	Unicorn-62448.exe
1128	Unicorn-62448.exe
2856	Unicorn-18452.exe
2856	Unicorn-18452.exe
2156	Unicorn-25547.exe
2156	Unicorn-25547.exe
640	Unicorn-17197.exe
640	Unicorn-17197.exe
2032	Unicorn-40273.exe
2032	Unicorn-40273.exe
740	Unicorn-56958.exe
740	Unicorn-56958.exe
1632	Unicorn-21441.exe
1632	Unicorn-21441.exe
2892	Unicorn-12406.exe
1264	Unicorn-43611.exe
2892	Unicorn-12406.exe
1264	Unicorn-43611.exe
2960	Unicorn-61524.exe
2960	Unicorn-61524.exe
1032	Unicorn-7918.exe
1032	Unicorn-7918.exe
932	Unicorn-5536.exe
932	Unicorn-5536.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2448	1888	WerFault.exe	57

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
2220	26fba3282ab30eb556bfef93e311b96c.exe
2744	Unicorn-11391.exe
816	Unicorn-3488.exe
2756	Unicorn-48584.exe
2588	Unicorn-25317.exe
2608	Unicorn-11633.exe
2712	Unicorn-54002.exe
1128	Unicorn-62448.exe
2892	Unicorn-12406.exe
640	Unicorn-17197.exe
2644	Unicorn-32272.exe
2960	Unicorn-61524.exe
932	Unicorn-5536.exe
2856	Unicorn-18452.exe
2156	Unicorn-25547.exe
1632	Unicorn-21441.exe
2288	Unicorn-8442.exe
740	Unicorn-56958.exe
2032	Unicorn-40273.exe
1264	Unicorn-43611.exe
1032	Unicorn-7918.exe
1804	Unicorn-10933.exe
1536	Unicorn-63471.exe
516	Unicorn-49356.exe
1984	Unicorn-32479.exe
884	Unicorn-18220.exe
1672	Unicorn-35817.exe
2508	Unicorn-65069.exe
2036	Unicorn-19398.exe
3064	Unicorn-21401.exe
1888	Unicorn-18172.exe
1604	Unicorn-32496.exe
2496	Unicorn-31728.exe
2732	Unicorn-45303.exe
2816	Unicorn-48256.exe
2784	Unicorn-64628.exe
2680	Unicorn-17997.exe
2796	Unicorn-22272.exe
2416	Unicorn-57706.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2744	2220	26fba3282ab30eb556bfef93e311b96c.exe	28
PID 2220 wrote to memory of 2744	2220	26fba3282ab30eb556bfef93e311b96c.exe	28
PID 2220 wrote to memory of 2744	2220	26fba3282ab30eb556bfef93e311b96c.exe	28
PID 2220 wrote to memory of 2744	2220	26fba3282ab30eb556bfef93e311b96c.exe	28
PID 2744 wrote to memory of 816	2744	Unicorn-11391.exe	29
PID 2744 wrote to memory of 816	2744	Unicorn-11391.exe	29
PID 2744 wrote to memory of 816	2744	Unicorn-11391.exe	29
PID 2744 wrote to memory of 816	2744	Unicorn-11391.exe	29
PID 2220 wrote to memory of 2756	2220	26fba3282ab30eb556bfef93e311b96c.exe	30
PID 2220 wrote to memory of 2756	2220	26fba3282ab30eb556bfef93e311b96c.exe	30
PID 2220 wrote to memory of 2756	2220	26fba3282ab30eb556bfef93e311b96c.exe	30
PID 2220 wrote to memory of 2756	2220	26fba3282ab30eb556bfef93e311b96c.exe	30
PID 2744 wrote to memory of 2588	2744	Unicorn-11391.exe	33
PID 2744 wrote to memory of 2588	2744	Unicorn-11391.exe	33
PID 2744 wrote to memory of 2588	2744	Unicorn-11391.exe	33
PID 2744 wrote to memory of 2588	2744	Unicorn-11391.exe	33
PID 2756 wrote to memory of 2608	2756	Unicorn-48584.exe	32
PID 2756 wrote to memory of 2608	2756	Unicorn-48584.exe	32
PID 2756 wrote to memory of 2608	2756	Unicorn-48584.exe	32
PID 2756 wrote to memory of 2608	2756	Unicorn-48584.exe	32
PID 816 wrote to memory of 2712	816	Unicorn-3488.exe	31
PID 816 wrote to memory of 2712	816	Unicorn-3488.exe	31
PID 816 wrote to memory of 2712	816	Unicorn-3488.exe	31
PID 816 wrote to memory of 2712	816	Unicorn-3488.exe	31
PID 2588 wrote to memory of 1128	2588	Unicorn-25317.exe	34
PID 2588 wrote to memory of 1128	2588	Unicorn-25317.exe	34
PID 2588 wrote to memory of 1128	2588	Unicorn-25317.exe	34
PID 2588 wrote to memory of 1128	2588	Unicorn-25317.exe	34
PID 2712 wrote to memory of 640	2712	Unicorn-54002.exe	35
PID 2712 wrote to memory of 640	2712	Unicorn-54002.exe	35
PID 2712 wrote to memory of 640	2712	Unicorn-54002.exe	35
PID 2712 wrote to memory of 640	2712	Unicorn-54002.exe	35
PID 816 wrote to memory of 2892	816	Unicorn-3488.exe	36
PID 816 wrote to memory of 2892	816	Unicorn-3488.exe	36
PID 816 wrote to memory of 2892	816	Unicorn-3488.exe	36
PID 816 wrote to memory of 2892	816	Unicorn-3488.exe	36
PID 2608 wrote to memory of 2644	2608	Unicorn-11633.exe	37
PID 2608 wrote to memory of 2644	2608	Unicorn-11633.exe	37
PID 2608 wrote to memory of 2644	2608	Unicorn-11633.exe	37
PID 2608 wrote to memory of 2644	2608	Unicorn-11633.exe	37
PID 2756 wrote to memory of 2960	2756	Unicorn-48584.exe	38
PID 2756 wrote to memory of 2960	2756	Unicorn-48584.exe	38
PID 2756 wrote to memory of 2960	2756	Unicorn-48584.exe	38
PID 2756 wrote to memory of 2960	2756	Unicorn-48584.exe	38
PID 1128 wrote to memory of 932	1128	Unicorn-62448.exe	39
PID 1128 wrote to memory of 932	1128	Unicorn-62448.exe	39
PID 1128 wrote to memory of 932	1128	Unicorn-62448.exe	39
PID 1128 wrote to memory of 932	1128	Unicorn-62448.exe	39
PID 2588 wrote to memory of 2856	2588	Unicorn-25317.exe	40
PID 2588 wrote to memory of 2856	2588	Unicorn-25317.exe	40
PID 2588 wrote to memory of 2856	2588	Unicorn-25317.exe	40
PID 2588 wrote to memory of 2856	2588	Unicorn-25317.exe	40
PID 640 wrote to memory of 2156	640	Unicorn-17197.exe	41
PID 640 wrote to memory of 2156	640	Unicorn-17197.exe	41
PID 640 wrote to memory of 2156	640	Unicorn-17197.exe	41
PID 640 wrote to memory of 2156	640	Unicorn-17197.exe	41
PID 2712 wrote to memory of 1632	2712	Unicorn-54002.exe	42
PID 2712 wrote to memory of 1632	2712	Unicorn-54002.exe	42
PID 2712 wrote to memory of 1632	2712	Unicorn-54002.exe	42
PID 2712 wrote to memory of 1632	2712	Unicorn-54002.exe	42
PID 2892 wrote to memory of 740	2892	Unicorn-12406.exe	43
PID 2892 wrote to memory of 740	2892	Unicorn-12406.exe	43
PID 2892 wrote to memory of 740	2892	Unicorn-12406.exe	43
PID 2892 wrote to memory of 740	2892	Unicorn-12406.exe	43

C:\Users\Admin\AppData\Local\Temp\26fba3282ab30eb556bfef93e311b96c.exe
"C:\Users\Admin\AppData\Local\Temp\26fba3282ab30eb556bfef93e311b96c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        7⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        8⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        6⤵
        Executes dropped EXE
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
        7⤵
        Executes dropped EXE
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        6⤵
        Executes dropped EXE
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        6⤵
        Executes dropped EXE
        
        PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        7⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        9⤵
        
        PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        8⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        6⤵
        Executes dropped EXE
        
        PID:1392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        7⤵
        Executes dropped EXE
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        6⤵
        Executes dropped EXE
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        8⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        6⤵
        Executes dropped EXE
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        7⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        5⤵
        Executes dropped EXE
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        6⤵
        
        PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        5⤵
        Executes dropped EXE
        
        PID:660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        5⤵
        Program crash
        
        PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe

Filesize
184KB

MD5
9c2e1a9c6a885b1876935f7c87eba240

SHA1
f592a9feeb0125bd18656e946710b47ad8b7b4a2

SHA256
7db20dcdc019b8df32998e3e732d0dc7f9a332ecf7c6139dfed9928244098df5

SHA512
fb91e48f9e6ebeeb0310cc251a6305d9d88678d9304c052d297abbee314ff9fdf78ecd917844c29d0f24c6420bf3caa772ba446a2fb1b108f8ae1a6b564bd042

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe

Filesize
184KB

MD5
a5f0590d19a35caede80955f709656d1

SHA1
aabb54895d8cc166d237f0399d3683da4e5b5668

SHA256
567885e29a2d20dedf62ecfb628334ebfc92a75d7fd908ed5ec0fcb0ed74bedb

SHA512
5c2ab15df928506da34f687b89f1ddea1cfc1952fdddff2f596582c7b976b24294d5a3221f4513608ba601be337fb7f422a2a88b38716ee2a6efb6c8ea1db4fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe

Filesize
184KB

MD5
11cd3becdc2f9ff6af12f1901f927636

SHA1
99eb3e023d46eefaf408a55acae0664ef8762d3d

SHA256
06aa9473981c782abe4e5d9ac1e00fa81ea115e50ad3e3554f7415ed78244855

SHA512
5dc6bd2eec63b81bf2bc96b91fd07b0f8a996a87e14bdbc4ecad900819fc5c62aefb97a0794c9ee4047398447f6fac18f82e71f8d900419cc43038f93572e075

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe

Filesize
184KB

MD5
c992028f1703aaad693f1f81ff2f0d89

SHA1
1b25810e5a410ef25bec06f74e5baa272e464ccb

SHA256
1aa3a6d22dc8973ac4b25f55540965487fb2c97d4eaffb0a415652411f4b9c76

SHA512
12dc4f9e31e7d8f8904fc294ff71fccb8217e4409ede9d8d7d287e7831e52eb536e8c345a97a8ebc23d04c31b861858676d73776bb81ef0819828b53886ac70e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe

Filesize
184KB

MD5
9fc9f5a495b82b6538da418ace3ac6cd

SHA1
94be5ee38576c1c9801cf8b314d7de35e32fd0ce

SHA256
e440f91dca45998535f9f1b3fa910c6df21e6e5e30f5e09f6606b93a0539b990

SHA512
7041b88e243c08ea9e5369f9a663ac63088b529b3a01482635bbc2e350fdd9cd4e4364622a14e65894159438f3276d9235f3d10a4a837b88efe568a616b7029d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe

Filesize
184KB

MD5
a01538066fe405ad4b5efb0f413bb65c

SHA1
c4e0699a7ba8a034546f10fcb23e3bb08361feaa

SHA256
062273efe858a923efb57d290e50b4b04e28470ec225d003dccbf7effd37b7d4

SHA512
25c6982671ca2ac419c9f684fbfb86555f584a184be2339b2fc65ec7fef6564a8870138666ded9913ab3e865e405bbacff1e63b19f57d441697807f71e3b3195

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe

Filesize
184KB

MD5
7e5b094414a2cbfc0554d33640cb70d4

SHA1
8056aec5686dc5e3cbf91a99627cccec489e9a3c

SHA256
9100f1969d8ca6122854f466813626347ddbe717be2e610b39123480be0331d3

SHA512
4a9b85a438c3b6c0ecd0e91a6431f2aa538b387d184d02bc2343365ceaf4d4defc292235dfaa417ef5c72602b04950ca6fcc37af6341b81e18783d2612b51cf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe

Filesize
184KB

MD5
19a6c7f730f941c20afe8b7c037d9160

SHA1
cfa866de1aeaf30121f3949b6c2914596a90ad8b

SHA256
51030e2fc5c40c50cb26c599c42069d4937c3c70e460875eb2e17c065bddba74

SHA512
4081f66ba2ad1a17ecf174d4875bc78ec467dee00e72e048ef3e1f521afdab06880fe8c1f7243463e93b3f0edcf26b71673e90424e4aa2dcbd2ef1d756f022d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe

Filesize
184KB

MD5
598146c3352f4257b4b0b4c609f9a2fc

SHA1
ac4eca1071fb7194b2e4b872d29afa6d1828c352

SHA256
5cf616caf3608105242596a4fbb91af4db9ea3a13fda39df6a98c7e6ac6649ab

SHA512
2e6f8dfac1e59e7eb51ac22dc7e932e9f9fa95fe1641672a5ef8b4d2f5137c80d7cce04e32a849eabad2726af4d27cc731139b8a319b33e7c26b0e6ef79eb100

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe

Filesize
184KB

MD5
8d687269955841f65ae1fdb71004f280

SHA1
f9fb0b9c6a4ba5ee979f38f7e4b4265e784b3a29

SHA256
64d8433e133969b9858ee59e6e56a98be1e7b7daecb44c686f3483a8322a0910

SHA512
0daf5d69dbae956d9c8e1823b3b1aa606479fb1b9dadf53436d3f14619b0a079e4eacc229afaabc719480796f875e6625878ab5634533e620fa42b296821b6db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe

Filesize
184KB

MD5
44b0748553e05e3871f66179a63506a9

SHA1
08aba0eb88b23dc59cbad59cffa04d63b56a9fe0

SHA256
4290c55eae8b9b41a8f5741840abda8112c67bd02a05092d8c102c53b8b6159a

SHA512
49abcbe299fcd066c94596a5a037b6ab08ab6a85cf6c092b2a96b2e9e4337511f2ede6cbfbf27147749f4a5c14edae4e04d226cbe9c671aa560d5746090e7acb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe

Filesize
184KB

MD5
2fc88da3785df3c00a4f51bd00cc98e7

SHA1
658df46d9214707881019cb25a9231cd2b1025c1

SHA256
2c35b851d90937ed6ab48101fbb8598e71b1fbf5886b76af7dab390a52911775

SHA512
a123545609108115b527b964a9923e91bd01749229c79be7589872675c541c0bd0c517b62c9c4cc0c7ef56030c90bc97a2c96f5ec24c3d7876f3d8e4ca7814bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe

Filesize
184KB

MD5
32c16e006a0b254cd5c0cc8c195ccedf

SHA1
62178eebca68b705fd04f71646b9ad383b899750

SHA256
83f5489d7ebb47084f41b0255e688727e8386d8738f1738535e5327aa1935b18

SHA512
342a2b0b28682f74f3e7bfcdf35ac07d307bfc7550bcb7b01fd04972e5270c172ba8376b7f047f1b46306b1eefa3adff67d6124984f1484780c842cbe6eb55a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe

Filesize
184KB

MD5
02702f77919a4f63cb8107298969a1d3

SHA1
5d767048cf1dd63c462cd342f358157c6e2ee064

SHA256
78db99a84ac2c69b5e759a214618d6640d784a3c3c753e6ab1f97c125b224658

SHA512
0d3f71e9d2b3a84c88e7387e3ffe06ad5580223957f3f6f630278c25dab5461c010ecab6f0a6f350333e2e495fbb362c48e0f22e68d3d004afc1d5f558424490

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe

Filesize
184KB

MD5
bf8835e4e3967a4657692c62e01a763a

SHA1
2c9e850967e8835972934c7443ad8e226e1b64c3

SHA256
05bb0a8939cd3bfb4449cac4c70d0e5e5b5b596af7543666e88e500f7ae5be80

SHA512
99fde0d4f8cd83dae6d900d71af4ad0a70514840310074691ea08c2dfbc339e0a4977abac76b57c5d04ab89821e2f27e3cc47b3e64b504cde341713a2426f02f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe

Filesize
184KB

MD5
8bce512612bb80592c9b13f7379e164b

SHA1
9da881d19cc847c30de8516fdf0fd473c021040e

SHA256
cebeb7abaf28cd1653047f816ca16070544c152255d35e4c2f6c40551e32100a

SHA512
2e1766d6e7a30eee640f911214d248f2824ffd38b65e72694238f01c4b195ab6b1e23e1f24a6fb17ac361f4dae6d4d8daf3a8cd9d87ab1a2cb9befad5a0ce947

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe

Filesize
184KB

MD5
da937e683491c9721bbe61f95b272c8d

SHA1
2a9f81e9e0f61ac02c4bd39818d30016977de0bb

SHA256
d15af8bdea2c693a40d2d3e7caa1b17a74d01b0920bfa266418d1c614dafa811

SHA512
cd89f912ec0f947ed36153d3334684ab10885f5b6ddddb5acdc0169a93f00307f5fb52807b8dddf946152984971c06cfc6cf10e1d7c3aade6bf96d68114bf4d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe

Filesize
184KB

MD5
3120363bb703d8da935e6a360b8fb574

SHA1
c275b064e452d44ac8e8b4602f8af7e9ee7f47bc

SHA256
8eb2fecc1e3585b59c94ae09815ff2cda8fa17baa4f97286cb8266c7e379dcc1

SHA512
9784c0819805027d7992214ec45edef62d399e99418112fa2c272ff27ae42d8bef6210f3e668c165fe14309f6045198256792585f3420cce43003d0acb2ae99d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe

Filesize
184KB

MD5
94d2117b170d24dc33d7bd6ee6381066

SHA1
72b73ac2ef35c867006276ef46c9a4edc1644a71

SHA256
036fc83d087c9f1409738845cdd30fd385e009fbaa033b367ef184878740040e

SHA512
91ae1f510eaafae150c83f34429094b6f2196adbbc19e8c8c8a469b59e3978258461433faeda1cece6c50d24a4f64b373c1adc6c8e48ffdfaec337af1a8f7ba1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads