48e92aea8f29c05d5aed62ae810064a07860aa34be5cb4f7b5c6621cef2bb8d5

Analysis

max time kernel
106s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2904dad22ea8bdb413187b1ab6ada4b6.exe
Size

184KB
MD5

2904dad22ea8bdb413187b1ab6ada4b6
SHA1

dee9e8a0f1ca7d08bc422c812c60be945cf7b73a
SHA256

48e92aea8f29c05d5aed62ae810064a07860aa34be5cb4f7b5c6621cef2bb8d5
SHA512

2d74a65f0cf023cf48c876cfd6e550131d55e1c40b86db387e9f15bf3ab4c6bed2c9ead1a7c3b6aca675dce83058c9646c748221486dc5e42f31839229804eea
SSDEEP

3072:M2/joznZfxA41Ojdd6s4A8vb6hI6YDfIf0ExgHPawNlPvpFM:M2LoNe41OdH4A8hQczNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
2288	Unicorn-42755.exe
2836	Unicorn-62594.exe
2704	Unicorn-48868.exe
2524	Unicorn-35324.exe
2572	Unicorn-7290.exe
3060	Unicorn-44068.exe
1488	Unicorn-55739.exe
388	Unicorn-57851.exe
2804	Unicorn-54130.exe
2812	Unicorn-46538.exe
2416	Unicorn-17203.exe
2672	Unicorn-51925.exe
932	Unicorn-33704.exe
2808	Unicorn-44250.exe
1568	Unicorn-72.exe
2668	Unicorn-19746.exe
2088	Unicorn-21858.exe
2508	Unicorn-10160.exe
2312	Unicorn-43765.exe
1212	Unicorn-11284.exe
784	Unicorn-23022.exe
660	Unicorn-34371.exe
768	Unicorn-28472.exe
1920	Unicorn-54237.exe
2272	Unicorn-33494.exe
2332	Unicorn-27896.exe
1984	Unicorn-65207.exe
1772	Unicorn-52784.exe
2496	Unicorn-60760.exe
2360	Unicorn-25601.exe
1720	Unicorn-49214.exe
2780	Unicorn-5036.exe
2784	Unicorn-18846.exe
2900	Unicorn-47989.exe
2776	Unicorn-51902.exe
2952	Unicorn-50942.exe
2584	Unicorn-35841.exe
2740	Unicorn-24527.exe
2596	Unicorn-18353.exe
576	Unicorn-51217.exe
1020	Unicorn-44284.exe
2820	Unicorn-12187.exe
1508	Unicorn-8658.exe
2752	Unicorn-60044.exe
2920	Unicorn-48155.exe
2836	Unicorn-6816.exe
2640	Unicorn-26682.exe
1068	Unicorn-26682.exe
456	Unicorn-51186.exe
2824	Unicorn-23619.exe
1632	Unicorn-13998.exe
2400	Unicorn-33864.exe
1328	Unicorn-1876.exe
2444	Unicorn-60506.exe
2020	Unicorn-64362.exe
2196	Unicorn-15316.exe
3056	Unicorn-28143.exe
520	Unicorn-33400.exe
1580	Unicorn-7136.exe
3032	Unicorn-56996.exe
2940	Unicorn-33068.exe

Loads dropped DLL 64 IoCs

pid	Process
2140	2904dad22ea8bdb413187b1ab6ada4b6.exe
2140	2904dad22ea8bdb413187b1ab6ada4b6.exe
2288	Unicorn-42755.exe
2288	Unicorn-42755.exe
2140	2904dad22ea8bdb413187b1ab6ada4b6.exe
2140	2904dad22ea8bdb413187b1ab6ada4b6.exe
2836	Unicorn-62594.exe
2836	Unicorn-62594.exe
2288	Unicorn-42755.exe
2288	Unicorn-42755.exe
2704	Unicorn-48868.exe
2704	Unicorn-48868.exe
2572	Unicorn-7290.exe
2572	Unicorn-7290.exe
2524	Unicorn-35324.exe
2524	Unicorn-35324.exe
2836	Unicorn-62594.exe
2836	Unicorn-62594.exe
2704	Unicorn-48868.exe
3060	Unicorn-44068.exe
2704	Unicorn-48868.exe
3060	Unicorn-44068.exe
1488	Unicorn-55739.exe
1488	Unicorn-55739.exe
2572	Unicorn-7290.exe
2572	Unicorn-7290.exe
388	Unicorn-57851.exe
388	Unicorn-57851.exe
2524	Unicorn-35324.exe
2524	Unicorn-35324.exe
2416	Unicorn-17203.exe
2416	Unicorn-17203.exe
2812	Unicorn-46538.exe
2812	Unicorn-46538.exe
3060	Unicorn-44068.exe
3060	Unicorn-44068.exe
932	Unicorn-33704.exe
932	Unicorn-33704.exe
2672	Unicorn-51925.exe
2672	Unicorn-51925.exe
1488	Unicorn-55739.exe
1488	Unicorn-55739.exe
2804	Unicorn-54130.exe
2804	Unicorn-54130.exe
1568	Unicorn-72.exe
1568	Unicorn-72.exe
2808	Unicorn-44250.exe
2808	Unicorn-44250.exe
388	Unicorn-57851.exe
388	Unicorn-57851.exe
2668	Unicorn-19746.exe
2668	Unicorn-19746.exe
2812	Unicorn-46538.exe
2812	Unicorn-46538.exe
2508	Unicorn-10160.exe
2508	Unicorn-10160.exe
2088	Unicorn-21858.exe
2088	Unicorn-21858.exe
2416	Unicorn-17203.exe
2416	Unicorn-17203.exe
2312	Unicorn-43765.exe
2312	Unicorn-43765.exe
932	Unicorn-33704.exe
932	Unicorn-33704.exe

Suspicious use of SetWindowsHookEx 57 IoCs

pid	Process
2140	2904dad22ea8bdb413187b1ab6ada4b6.exe
2288	Unicorn-42755.exe
2836	Unicorn-62594.exe
2704	Unicorn-48868.exe
2524	Unicorn-35324.exe
2572	Unicorn-7290.exe
3060	Unicorn-44068.exe
1488	Unicorn-55739.exe
388	Unicorn-57851.exe
2416	Unicorn-17203.exe
2804	Unicorn-54130.exe
2812	Unicorn-46538.exe
2672	Unicorn-51925.exe
932	Unicorn-33704.exe
2808	Unicorn-44250.exe
1568	Unicorn-72.exe
2668	Unicorn-19746.exe
2088	Unicorn-21858.exe
2508	Unicorn-10160.exe
2312	Unicorn-43765.exe
1212	Unicorn-11284.exe
660	Unicorn-34371.exe
784	Unicorn-23022.exe
768	Unicorn-28472.exe
1920	Unicorn-54237.exe
2272	Unicorn-33494.exe
1984	Unicorn-65207.exe
2332	Unicorn-27896.exe
2496	Unicorn-60760.exe
2360	Unicorn-25601.exe
1772	Unicorn-52784.exe
1720	Unicorn-49214.exe
2780	Unicorn-5036.exe
2784	Unicorn-18846.exe
2900	Unicorn-47989.exe
2776	Unicorn-51902.exe
2952	Unicorn-50942.exe
2584	Unicorn-35841.exe
2740	Unicorn-24527.exe
2596	Unicorn-18353.exe
576	Unicorn-51217.exe
1020	Unicorn-44284.exe
2920	Unicorn-48155.exe
2820	Unicorn-12187.exe
2752	Unicorn-60044.exe
1508	Unicorn-8658.exe
1328	Unicorn-1876.exe
2640	Unicorn-26682.exe
1632	Unicorn-13998.exe
456	Unicorn-51186.exe
2444	Unicorn-60506.exe
2020	Unicorn-64362.exe
2824	Unicorn-23619.exe
1068	Unicorn-26682.exe
2400	Unicorn-33864.exe
2836	Unicorn-6816.exe
3056	Unicorn-28143.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2288	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	28
PID 2140 wrote to memory of 2288	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	28
PID 2140 wrote to memory of 2288	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	28
PID 2140 wrote to memory of 2288	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	28
PID 2288 wrote to memory of 2836	2288	Unicorn-42755.exe	29
PID 2288 wrote to memory of 2836	2288	Unicorn-42755.exe	29
PID 2288 wrote to memory of 2836	2288	Unicorn-42755.exe	29
PID 2288 wrote to memory of 2836	2288	Unicorn-42755.exe	29
PID 2140 wrote to memory of 2704	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	30
PID 2140 wrote to memory of 2704	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	30
PID 2140 wrote to memory of 2704	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	30
PID 2140 wrote to memory of 2704	2140	2904dad22ea8bdb413187b1ab6ada4b6.exe	30
PID 2836 wrote to memory of 2524	2836	Unicorn-62594.exe	31
PID 2836 wrote to memory of 2524	2836	Unicorn-62594.exe	31
PID 2836 wrote to memory of 2524	2836	Unicorn-62594.exe	31
PID 2836 wrote to memory of 2524	2836	Unicorn-62594.exe	31
PID 2288 wrote to memory of 2572	2288	Unicorn-42755.exe	32
PID 2288 wrote to memory of 2572	2288	Unicorn-42755.exe	32
PID 2288 wrote to memory of 2572	2288	Unicorn-42755.exe	32
PID 2288 wrote to memory of 2572	2288	Unicorn-42755.exe	32
PID 2704 wrote to memory of 3060	2704	Unicorn-48868.exe	33
PID 2704 wrote to memory of 3060	2704	Unicorn-48868.exe	33
PID 2704 wrote to memory of 3060	2704	Unicorn-48868.exe	33
PID 2704 wrote to memory of 3060	2704	Unicorn-48868.exe	33
PID 2572 wrote to memory of 1488	2572	Unicorn-7290.exe	34
PID 2572 wrote to memory of 1488	2572	Unicorn-7290.exe	34
PID 2572 wrote to memory of 1488	2572	Unicorn-7290.exe	34
PID 2572 wrote to memory of 1488	2572	Unicorn-7290.exe	34
PID 2524 wrote to memory of 388	2524	Unicorn-35324.exe	35
PID 2524 wrote to memory of 388	2524	Unicorn-35324.exe	35
PID 2524 wrote to memory of 388	2524	Unicorn-35324.exe	35
PID 2524 wrote to memory of 388	2524	Unicorn-35324.exe	35
PID 2836 wrote to memory of 2804	2836	Unicorn-62594.exe	36
PID 2836 wrote to memory of 2804	2836	Unicorn-62594.exe	36
PID 2836 wrote to memory of 2804	2836	Unicorn-62594.exe	36
PID 2836 wrote to memory of 2804	2836	Unicorn-62594.exe	36
PID 2704 wrote to memory of 2812	2704	Unicorn-48868.exe	38
PID 2704 wrote to memory of 2812	2704	Unicorn-48868.exe	38
PID 2704 wrote to memory of 2812	2704	Unicorn-48868.exe	38
PID 2704 wrote to memory of 2812	2704	Unicorn-48868.exe	38
PID 3060 wrote to memory of 2416	3060	Unicorn-44068.exe	37
PID 3060 wrote to memory of 2416	3060	Unicorn-44068.exe	37
PID 3060 wrote to memory of 2416	3060	Unicorn-44068.exe	37
PID 3060 wrote to memory of 2416	3060	Unicorn-44068.exe	37
PID 1488 wrote to memory of 2672	1488	Unicorn-55739.exe	39
PID 1488 wrote to memory of 2672	1488	Unicorn-55739.exe	39
PID 1488 wrote to memory of 2672	1488	Unicorn-55739.exe	39
PID 1488 wrote to memory of 2672	1488	Unicorn-55739.exe	39
PID 2572 wrote to memory of 932	2572	Unicorn-7290.exe	40
PID 2572 wrote to memory of 932	2572	Unicorn-7290.exe	40
PID 2572 wrote to memory of 932	2572	Unicorn-7290.exe	40
PID 2572 wrote to memory of 932	2572	Unicorn-7290.exe	40
PID 388 wrote to memory of 2808	388	Unicorn-57851.exe	41
PID 388 wrote to memory of 2808	388	Unicorn-57851.exe	41
PID 388 wrote to memory of 2808	388	Unicorn-57851.exe	41
PID 388 wrote to memory of 2808	388	Unicorn-57851.exe	41
PID 2524 wrote to memory of 1568	2524	Unicorn-35324.exe	42
PID 2524 wrote to memory of 1568	2524	Unicorn-35324.exe	42
PID 2524 wrote to memory of 1568	2524	Unicorn-35324.exe	42
PID 2524 wrote to memory of 1568	2524	Unicorn-35324.exe	42
PID 2416 wrote to memory of 2088	2416	Unicorn-17203.exe	43
PID 2416 wrote to memory of 2088	2416	Unicorn-17203.exe	43
PID 2416 wrote to memory of 2088	2416	Unicorn-17203.exe	43
PID 2416 wrote to memory of 2088	2416	Unicorn-17203.exe	43

C:\Users\Admin\AppData\Local\Temp\2904dad22ea8bdb413187b1ab6ada4b6.exe
"C:\Users\Admin\AppData\Local\Temp\2904dad22ea8bdb413187b1ab6ada4b6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        8⤵
        Executes dropped EXE
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        7⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        8⤵
        Executes dropped EXE
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        7⤵
        Executes dropped EXE
        
        PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        8⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        7⤵
        Executes dropped EXE
        
        PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15316.exe
        6⤵
        Executes dropped EXE
        
        PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe

Filesize
184KB

MD5
1bbe978febdded9addc7dd2f736dc3e2

SHA1
84e0a71aece8be88e3e24cb2c3775070389cffdb

SHA256
221a00ddf901ed462ded98c3a30e91262a8dc1e922757a352ef530d9ecdafa9d

SHA512
83e9f6ddbd9c6f9fa54e81646add80889ee540ecc182daaac9de3d93d70e58bacfefe907dc0654bfaf2d9a4ef0409aa974886ac3ab1f9ae264d1495143827145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe

Filesize
184KB

MD5
085e9ff964b1a4893996e5f33404966d

SHA1
346c59efbda46c6daf7835936cdc17d647f79ed1

SHA256
19e5dea761f95cfa3d4206bd28b88a08ccc3b31b26a11d5a892506840f9c6ac9

SHA512
9bf9885710f3f8b2133c30d51d77a73f253eb07bead7e499d1e5258f3823b11b1f3254e3529e2593f34a4d0e6a054fa9ce9fd5d4b0797d51e87cebb81e556bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe

Filesize
184KB

MD5
6ada5c4e29b90d68730511b58189c5c9

SHA1
66b6d4dc234de3645ccf5390a1078b776e3dc0fa

SHA256
29257c5ee7f71e3219d9ce7a77f8e825325ff8e89f124596e7c02149c2ffc43b

SHA512
23215d9948c2d75dbd7c3953465d1242e9caaa8b2e1052a0a8b09ec00bd52d16182b2f6c87ad19c0a1391f04ef1280dcc96a9680605ed11b55fd77a001543e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe

Filesize
184KB

MD5
cbca7a91934a4b37f7d046d09a8c533a

SHA1
2eaf302518c247f373a44d3e7b22ee2b2fca9e3f

SHA256
ab698d320e9176e948cc0f82ba8fffdaf27fdff3b0da8b26e1926f158ed6ea08

SHA512
744230679dedaa836315a37451f5185ade2ea6b1cef0273c5f57223a512d395057b083a0d20a2e0a62d1368cc34357574458f2459afb56c9f9478e138cc0058b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe

Filesize
184KB

MD5
988352ffffd4cce12f50bc94981ce20f

SHA1
119b564534f8cc3c4a9abafe64cc04323c37eb53

SHA256
e2801afa65c3cbdf76d39d3da2267b9a7e3735f63492ca2788252bd00e6bd935

SHA512
0f8b63c68464dd8e0909433a17ef92b171af8926038987ddc875b09707686ccb82adb65f73d6b212795ede56924d1b22e631a931b85de6f066b007931c0e49de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe

Filesize
184KB

MD5
8a6030b248064cee91c17c43b74cf56f

SHA1
58a36c64bd1b498a48e4c5737f2a8b0ec7e8b853

SHA256
69f4dafb53b1e714c5d020bbfd2f5ff946796715355fd3e0ca9eb3998d55288e

SHA512
3fa946e3080a45d547106d700a96b482dd01087ee38262dff163a298d526b7dcb8367d1509f08b0fd83ba7d7de1ef056ff18b0fdc23c01b8e47f802084b0402c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe

Filesize
64KB

MD5
cc2baea943808ef5417241ba51ccb234

SHA1
fd74a27d5c09536a200d092c6238c838a90a6dca

SHA256
f70b5f1971edd1d4ce1df9bf9b1a08bf04845c074abba47ac5f5aaca25d61430

SHA512
e9219ba1302465c872b40dcfc752a4d8d8c3e6590c22e9a89ca7df95400e4362e2ee701ba1a03b83ee471e584691716a8af415f65d864be58c3bc1b884b3e5ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe

Filesize
184KB

MD5
e81164e501b008bfb03e4e82b3f48052

SHA1
de35bdc50d8d031b2fb463dcd0938e0ca02cbf00

SHA256
b5e09b69353b3b4b6b60fbf1b4e0c3abefac82c8be9125d63fd0951d16723791

SHA512
84751f2c8c417e6740a24cbae3d51f75375f75a58669386c857057ca0943466dcdbe420e9327a8c71d734a586a5bdb46ce8d0171867575cb7ac4f0eec5825d85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe

Filesize
184KB

MD5
54eb0fb85eb05ed6bf972d8382a5636f

SHA1
8daa0e4026ef0882b0f888fa2e0594d0f4756883

SHA256
0c97c898c043a580f61fe2047e982d3bac7010d48972202972878b19bad87768

SHA512
711ddd732028c2bdac3154f9a5806ebc84cd1f89bbf7893fe016716a173c5083dcb89760717c5c1d43b27255997e946b41f9e00c32ee24acf8cf3f7418778eda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe

Filesize
184KB

MD5
f38ad371735b6981a9797cdb26530ce6

SHA1
47b9dd63a7d3ffd589426f9608eae603d022803a

SHA256
5b86d434057002198cc461b5ab41724a0efe6f8085604eb8fb07abc1754a4213

SHA512
95e33d4173b1f257cd1a0ee1b53f960a440041df16dbba88f358c393bd2ba7c46d2cdecc40b10a16062264304bd855556cd646b3f3381ab6ed7ff96eea2a9306

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe

Filesize
184KB

MD5
bb493e381a42d6460c9e534b335a9e8d

SHA1
98764ff65c85b05bd45c432f7c1013cac84866d4

SHA256
7242666ab8693c8c8c84286b0a957ecd11a7a49a4df4d8404c156460acc3ae60

SHA512
4a340350c20be17f9629209b8b5381bc0baf8ac8f8cbf47127e9b79070efcacfaa2b9a2c858a0c304013148e9ca91708fd30d93e369fcccdb5101f5dfc7d4866

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe

Filesize
184KB

MD5
9378be908c1249e27ec2b9db5bcccc00

SHA1
6f316e311c81588d0078f117e51c6bc4e9af8043

SHA256
1ee9bf733e2de5215b6ff4f945057d93c74ead46703b3cc62e7e26de3e7ad70a

SHA512
1a05a61c35ad1b870b5607aed394f0f9e8e8f87ed5e0db02e2fea4020497572a1e6271fc6bf38c293bcdb549ec0de9f23b7b1e4ae3a9a17dae5c9f82d7f8f199

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe

Filesize
184KB

MD5
96ffe47e021397ec4ee6eaf9365cc56e

SHA1
39b8f079222cc892e78d5361fd0456584d2f5ea6

SHA256
b05b88bc095d89e6630fb4d450e9bdf0d97297e76fdd7c6a0ea293283adf9450

SHA512
eca192004c598fcb90e522b56b4949a1f1ff2939ceabe05357172ead52c9e6c558440de851a262ccb0478c6c929e33108f6b450e67857a72c8d2ffd02aee0790

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe

Filesize
184KB

MD5
54a4b95bfaa9c038131fd470ea2508aa

SHA1
2afc23c4558e46c457dbc9af008be6c4fb2cfd51

SHA256
fb5e196fb8903b95719f6aeb772ba66c4eed55ade6257cf93482fcc6084d2b98

SHA512
d59bb071ef8e5f8ad66779e70a676133b19f46c0751bfe2e71dcf4d4a0a1fe38bacda01892f3ee95e80a5cf00d7feb5780f046840b6d255c7b7f2b960ebc1deb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe

Filesize
184KB

MD5
fcd8337b6b2e652f22e4a2f38b427c55

SHA1
620ec8475c2a6d36415f6ef52648c148a63af522

SHA256
f7212b610c2fe28f555973ebe9ba25cd5dbbee0da2a6c069df0e179ebac16fbb

SHA512
0c8c52ddd2b6595d6dee23b5ec3324c81909d8bc68c2d9b9678a10a5f8625eea2fe9e56aeaa66fd624f15fb3eadc73dd73cf6c280f5a78564e7efb492bfe55fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe

Filesize
184KB

MD5
f40c992ab5c607a9c53cb76f2f63f317

SHA1
42cdc3c9e78add592640a6c9e6b49f7bb6e3468f

SHA256
c4a535cb6a7058b5215b60af5025679c0d7854ac6147840b82f9fc9d8ee84695

SHA512
9f47b4757c4ad6d7d765817e21b6d50f40f0e1a3dfeaf15a9f94dd187a482a61a45e498fccd3d45dadbddf010aaf3cdfa832af038034ef5fc27806fff5c39988

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe

Filesize
184KB

MD5
caba3bf22e3bdf0594a0477d76a97cf5

SHA1
3c5031aa0a77595d3b9d080128f07496194990a2

SHA256
6839b4d8a01bc62108f9399a0f3cb715d86e588c12b77efdf66b0d589caf47a3

SHA512
40a6133868c6e9f0d9d76e903305ab40d7f28ee37a5c67ec773fd907e8ea48324e695d555d376532a2278b9136b32a1c654beb07222f74d8d91183b03f7aaca9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-72.exe

Filesize
184KB

MD5
dffbc1a4615860d689af4f84ce1b3e53

SHA1
81382d3c33b0919a9cfdc1eb7dd03b395659e6cf

SHA256
33f7166efc95aded50ab24fa01087d063b41d858c6d12c334f926cc3ae8e2a21

SHA512
552500c4c56a73ce0ead69047bb0d2bda6c05d54b912ebeb32f3d14281a41a22fad8c74fecfcd7f8cd668fcaa65b6c26bc6594655f0325b5860bc86ac4d94d71

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads