a5eb3583abb9a31d603349d475418e55d6a9bfa970c050d0209d1b92de39dddf

Analysis

max time kernel
165s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ad202edceeeec72f090854074c6b4f4.exe
Size

184KB
MD5

3ad202edceeeec72f090854074c6b4f4
SHA1

4e05d6b277dcc2f41aa6c99a0f41aea7450c5cbf
SHA256

a5eb3583abb9a31d603349d475418e55d6a9bfa970c050d0209d1b92de39dddf
SHA512

048bc0929dfdcb87c50371a0f77da0dbe9d1f1a60261874e34a7772b48c6d854cb8bb1c5d2f22962ede4accd67de62b0bb42cbf50d508142b3a695bcedceba69
SSDEEP

3072:BGa7omCBPVfQ+7jSoCdKvJ0LtVMMPYHef0xv3O/4NlPXpFZ:BGioLVQ+So+KvJwO1lNlPXpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2380	Unicorn-36580.exe
2752	Unicorn-10020.exe
2692	Unicorn-59968.exe
2564	Unicorn-40986.exe
2884	Unicorn-53814.exe
2920	Unicorn-64675.exe
3040	Unicorn-18018.exe
1364	Unicorn-41322.exe
1084	Unicorn-65272.exe
296	Unicorn-11987.exe
460	Unicorn-57659.exe
2364	Unicorn-53466.exe
2388	Unicorn-65163.exe
1672	Unicorn-34629.exe
2412	Unicorn-10487.exe
2480	Unicorn-56995.exe
760	Unicorn-23996.exe
1396	Unicorn-52008.exe
2976	Unicorn-52584.exe
880	Unicorn-9605.exe
2128	Unicorn-58814.exe
2720	Unicorn-56759.exe
2648	Unicorn-44637.exe
2576	Unicorn-54642.exe
2112	Unicorn-16900.exe
2932	Unicorn-55493.exe
268	Unicorn-39519.exe
2756	Unicorn-262.exe
2948	Unicorn-39733.exe
1728	Unicorn-23951.exe
2488	Unicorn-50314.exe
2160	Unicorn-65259.exe
744	Unicorn-27756.exe
2760	Unicorn-58845.exe
2008	Unicorn-17258.exe
1008	Unicorn-46998.exe
1016	Unicorn-46998.exe
2692	Unicorn-27132.exe
2408	Unicorn-5436.exe
1868	Unicorn-53822.exe
2680	Unicorn-43428.exe
1956	Unicorn-12976.exe
1656	Unicorn-59053.exe
1688	Unicorn-27127.exe
1892	Unicorn-46993.exe
1712	Unicorn-40299.exe
2272	Unicorn-42245.exe
2136	Unicorn-8394.exe
2412	Unicorn-27938.exe
2712	Unicorn-35203.exe
2580	Unicorn-48763.exe
2624	Unicorn-57315.exe
2044	Unicorn-15982.exe
1128	Unicorn-26755.exe
1732	Unicorn-22780.exe
1764	Unicorn-19355.exe
1632	Unicorn-50740.exe
1216	Unicorn-24098.exe
1572	Unicorn-34752.exe
2400	Unicorn-34752.exe
856	Unicorn-34752.exe
1696	Unicorn-61477.exe
3012	Unicorn-12468.exe
936	Unicorn-62136.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	3ad202edceeeec72f090854074c6b4f4.exe
2684	3ad202edceeeec72f090854074c6b4f4.exe
2380	Unicorn-36580.exe
2684	3ad202edceeeec72f090854074c6b4f4.exe
2380	Unicorn-36580.exe
2684	3ad202edceeeec72f090854074c6b4f4.exe
2752	Unicorn-10020.exe
2752	Unicorn-10020.exe
2692	Unicorn-59968.exe
2692	Unicorn-59968.exe
2380	Unicorn-36580.exe
2380	Unicorn-36580.exe
2564	Unicorn-40986.exe
2564	Unicorn-40986.exe
2752	Unicorn-10020.exe
2752	Unicorn-10020.exe
2884	Unicorn-53814.exe
2884	Unicorn-53814.exe
2920	Unicorn-64675.exe
2920	Unicorn-64675.exe
2692	Unicorn-59968.exe
2692	Unicorn-59968.exe
3040	Unicorn-18018.exe
3040	Unicorn-18018.exe
2564	Unicorn-40986.exe
2564	Unicorn-40986.exe
460	Unicorn-57659.exe
460	Unicorn-57659.exe
2920	Unicorn-64675.exe
2920	Unicorn-64675.exe
296	Unicorn-11987.exe
296	Unicorn-11987.exe
1672	Unicorn-34629.exe
1672	Unicorn-34629.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
2364	Unicorn-53466.exe
2364	Unicorn-53466.exe
2412	Unicorn-10487.exe
2412	Unicorn-10487.exe
2480	Unicorn-56995.exe
2480	Unicorn-56995.exe
1396	Unicorn-52008.exe
1396	Unicorn-52008.exe
2976	Unicorn-52584.exe
2976	Unicorn-52584.exe
1316	WerFault.exe
1916	WerFault.exe
880	Unicorn-9605.exe
880	Unicorn-9605.exe
2128	Unicorn-58814.exe
2128	Unicorn-58814.exe
2720	Unicorn-56759.exe
2720	Unicorn-56759.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1916	1364	WerFault.exe	36
1316	2388	WerFault.exe	44

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2684	3ad202edceeeec72f090854074c6b4f4.exe
2380	Unicorn-36580.exe
2752	Unicorn-10020.exe
2692	Unicorn-59968.exe
2564	Unicorn-40986.exe
2884	Unicorn-53814.exe
2920	Unicorn-64675.exe
3040	Unicorn-18018.exe
1364	Unicorn-41322.exe
460	Unicorn-57659.exe
296	Unicorn-11987.exe
2364	Unicorn-53466.exe
2388	Unicorn-65163.exe
2480	Unicorn-56995.exe
1672	Unicorn-34629.exe
2412	Unicorn-10487.exe
760	Unicorn-23996.exe
1396	Unicorn-52008.exe
1084	Unicorn-65272.exe
2976	Unicorn-52584.exe
880	Unicorn-9605.exe
2128	Unicorn-58814.exe
2720	Unicorn-56759.exe
2648	Unicorn-44637.exe
2576	Unicorn-54642.exe
2112	Unicorn-16900.exe
2932	Unicorn-55493.exe
2756	Unicorn-262.exe
268	Unicorn-39519.exe
2948	Unicorn-39733.exe
1728	Unicorn-23951.exe
744	Unicorn-27756.exe
2160	Unicorn-65259.exe
2760	Unicorn-58845.exe
2008	Unicorn-17258.exe
2692	Unicorn-27132.exe
1016	Unicorn-46998.exe
1868	Unicorn-53822.exe
1008	Unicorn-46998.exe
2680	Unicorn-43428.exe
1956	Unicorn-12976.exe
1656	Unicorn-59053.exe
2408	Unicorn-5436.exe
1712	Unicorn-40299.exe
2136	Unicorn-8394.exe
1892	Unicorn-46993.exe
1688	Unicorn-27127.exe
2412	Unicorn-27938.exe
2272	Unicorn-42245.exe
2712	Unicorn-35203.exe
2580	Unicorn-48763.exe
2044	Unicorn-15982.exe
2624	Unicorn-57315.exe
1732	Unicorn-22780.exe
1128	Unicorn-26755.exe
1764	Unicorn-19355.exe
1572	Unicorn-34752.exe
1216	Unicorn-24098.exe
1632	Unicorn-50740.exe
2400	Unicorn-34752.exe
856	Unicorn-34752.exe
1696	Unicorn-61477.exe
1708	Unicorn-2110.exe
3012	Unicorn-12468.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2380	2684	3ad202edceeeec72f090854074c6b4f4.exe	29
PID 2684 wrote to memory of 2380	2684	3ad202edceeeec72f090854074c6b4f4.exe	29
PID 2684 wrote to memory of 2380	2684	3ad202edceeeec72f090854074c6b4f4.exe	29
PID 2684 wrote to memory of 2380	2684	3ad202edceeeec72f090854074c6b4f4.exe	29
PID 2380 wrote to memory of 2752	2380	Unicorn-36580.exe	30
PID 2380 wrote to memory of 2752	2380	Unicorn-36580.exe	30
PID 2380 wrote to memory of 2752	2380	Unicorn-36580.exe	30
PID 2380 wrote to memory of 2752	2380	Unicorn-36580.exe	30
PID 2684 wrote to memory of 2692	2684	3ad202edceeeec72f090854074c6b4f4.exe	31
PID 2684 wrote to memory of 2692	2684	3ad202edceeeec72f090854074c6b4f4.exe	31
PID 2684 wrote to memory of 2692	2684	3ad202edceeeec72f090854074c6b4f4.exe	31
PID 2684 wrote to memory of 2692	2684	3ad202edceeeec72f090854074c6b4f4.exe	31
PID 2752 wrote to memory of 2564	2752	Unicorn-10020.exe	32
PID 2752 wrote to memory of 2564	2752	Unicorn-10020.exe	32
PID 2752 wrote to memory of 2564	2752	Unicorn-10020.exe	32
PID 2752 wrote to memory of 2564	2752	Unicorn-10020.exe	32
PID 2692 wrote to memory of 2884	2692	Unicorn-59968.exe	33
PID 2692 wrote to memory of 2884	2692	Unicorn-59968.exe	33
PID 2692 wrote to memory of 2884	2692	Unicorn-59968.exe	33
PID 2692 wrote to memory of 2884	2692	Unicorn-59968.exe	33
PID 2380 wrote to memory of 2920	2380	Unicorn-36580.exe	34
PID 2380 wrote to memory of 2920	2380	Unicorn-36580.exe	34
PID 2380 wrote to memory of 2920	2380	Unicorn-36580.exe	34
PID 2380 wrote to memory of 2920	2380	Unicorn-36580.exe	34
PID 2564 wrote to memory of 3040	2564	Unicorn-40986.exe	35
PID 2564 wrote to memory of 3040	2564	Unicorn-40986.exe	35
PID 2564 wrote to memory of 3040	2564	Unicorn-40986.exe	35
PID 2564 wrote to memory of 3040	2564	Unicorn-40986.exe	35
PID 2752 wrote to memory of 1364	2752	Unicorn-10020.exe	36
PID 2752 wrote to memory of 1364	2752	Unicorn-10020.exe	36
PID 2752 wrote to memory of 1364	2752	Unicorn-10020.exe	36
PID 2752 wrote to memory of 1364	2752	Unicorn-10020.exe	36
PID 2884 wrote to memory of 1084	2884	Unicorn-53814.exe	37
PID 2884 wrote to memory of 1084	2884	Unicorn-53814.exe	37
PID 2884 wrote to memory of 1084	2884	Unicorn-53814.exe	37
PID 2884 wrote to memory of 1084	2884	Unicorn-53814.exe	37
PID 2920 wrote to memory of 296	2920	Unicorn-64675.exe	39
PID 2920 wrote to memory of 296	2920	Unicorn-64675.exe	39
PID 2920 wrote to memory of 296	2920	Unicorn-64675.exe	39
PID 2920 wrote to memory of 296	2920	Unicorn-64675.exe	39
PID 2692 wrote to memory of 460	2692	Unicorn-59968.exe	38
PID 2692 wrote to memory of 460	2692	Unicorn-59968.exe	38
PID 2692 wrote to memory of 460	2692	Unicorn-59968.exe	38
PID 2692 wrote to memory of 460	2692	Unicorn-59968.exe	38
PID 3040 wrote to memory of 1672	3040	Unicorn-18018.exe	40
PID 3040 wrote to memory of 1672	3040	Unicorn-18018.exe	40
PID 3040 wrote to memory of 1672	3040	Unicorn-18018.exe	40
PID 3040 wrote to memory of 1672	3040	Unicorn-18018.exe	40
PID 2564 wrote to memory of 2364	2564	Unicorn-40986.exe	41
PID 2564 wrote to memory of 2364	2564	Unicorn-40986.exe	41
PID 2564 wrote to memory of 2364	2564	Unicorn-40986.exe	41
PID 2564 wrote to memory of 2364	2564	Unicorn-40986.exe	41
PID 460 wrote to memory of 2388	460	Unicorn-57659.exe	44
PID 460 wrote to memory of 2388	460	Unicorn-57659.exe	44
PID 460 wrote to memory of 2388	460	Unicorn-57659.exe	44
PID 460 wrote to memory of 2388	460	Unicorn-57659.exe	44
PID 2920 wrote to memory of 2412	2920	Unicorn-64675.exe	43
PID 2920 wrote to memory of 2412	2920	Unicorn-64675.exe	43
PID 2920 wrote to memory of 2412	2920	Unicorn-64675.exe	43
PID 2920 wrote to memory of 2412	2920	Unicorn-64675.exe	43
PID 296 wrote to memory of 2480	296	Unicorn-11987.exe	45
PID 296 wrote to memory of 2480	296	Unicorn-11987.exe	45
PID 296 wrote to memory of 2480	296	Unicorn-11987.exe	45
PID 296 wrote to memory of 2480	296	Unicorn-11987.exe	45

C:\Users\Admin\AppData\Local\Temp\3ad202edceeeec72f090854074c6b4f4.exe
"C:\Users\Admin\AppData\Local\Temp\3ad202edceeeec72f090854074c6b4f4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53466.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        10⤵
        Executes dropped EXE
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        12⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
        12⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        13⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 244
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        15⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        13⤵
        Executes dropped EXE
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        14⤵
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        14⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27132.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        11⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        12⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        13⤵
        
        PID:1008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe

Filesize
184KB

MD5
c9e4d7f7d4c69a6ef99307587c4a49fc

SHA1
ed95be17a5b8700bdd6162ec6618d99404197960

SHA256
583a9fe2d54b2186b59bc33c3d3305cac1f9ee77e32686f7b5dd0398777e494f

SHA512
f227efdf55a0d2b9f696df6e820426b9f3a52bce31432454990afff714d75d90cbd6b639f2116696fc4faacd5d219565ee10130a894b78fb33ee4a5b8b5733a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe

Filesize
184KB

MD5
db3947f9506e52ebffb2cff80c8c53c2

SHA1
97b999f3de478d9bcf8dc52a977c17bd4735ce00

SHA256
5bb1c0fb6f6b0132dd24ab8598f3554f8691cb076c83dcf53b1bf52bbae4035a

SHA512
122289c0282723678a6f92226c1ccdb74624230dbfd764ea0096c36af58506b705d3f995776982cf0c8dc9975d0c8d6ed9d29d60ef4fd700848fab2c68f80109

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe

Filesize
108KB

MD5
8334b599e5416fffa6a79eb4a98106d4

SHA1
eeb775fe1d5d6afc28a47a432a085f6bb0be386c

SHA256
458aa3823d9bfcad6537cdfa8c1b0cb697a47b2dea193cc31592a27f8de6843e

SHA512
bd1d137904b6e29f63727bae7788db2b96b2c57ab9072dfa756e2f3fb7d5eb7109f968d4e6b4cfa2d2c5ffe81fd174474d409fcb36f6d4883daded7d70f70356

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe

Filesize
184KB

MD5
7e96e6807436af45c24a2fe32ebdd21c

SHA1
ecf3544fbd4443efda92928a817ba4a90365b809

SHA256
22a745afb5cf9ec62709e11837750dc0e7dfd522aea97689cde8438e86127933

SHA512
24892252c4d624587cd01c4bdfb58c2c31e08f5065b0ab0638f258ff8a475e66b4600a7c4b4f23fbe5ef2f8b3c9829262b4a1d4b7ac92f945288d22df6996e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe

Filesize
184KB

MD5
a99bc2bb1755c5da5d0c6e6e475f8809

SHA1
21319fbd7e931bf90c7ff557f5f68c500f5ed7db

SHA256
28a1f5cc091ad493927a2fc9bd1cc49317288b24eddb7b9b4e64bd208f4b7004

SHA512
2355405bf59c85968921e4415c1cee9655abbb1756ce123fce5abed93b8171991d604ca52935296604b45298d5b97cacaba3b97171a1dd233929a4d1c59e8e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe

Filesize
184KB

MD5
737d761165387962092d167f90a311ec

SHA1
8370076bad56ec194cbc0e88226052a2985b4e89

SHA256
f44ed308d049c99d6602e244e8a440b940a01a35c547f348b9e45e1dff27b800

SHA512
9c71f58aa50da47a6802d82a2595177125fcc09a36b67fe8cf4237b717c815cf502b5004edf1fe8c6639c545f54c7ef18eef869198d00fc27b5d5b318f707904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe

Filesize
184KB

MD5
8915fd0ca465a327cbb1d71775c9c1f1

SHA1
7b93e3f9f8bb88667c5a192d55759d428a8e1fe6

SHA256
ffc8729a93a2f340df5df0ab5c0ce9ac5d048cdfb5110ae446c0b5faaafe318d

SHA512
5f30fc4924628f177415d2453d5962719f32bcad2893969ff0ee12525abdfe82c101cceda354f9bb6192d614a9ceab817a074d19c6dca16360fd51512495cf3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe

Filesize
184KB

MD5
6a0877740382272a8a7979c3ab996581

SHA1
f2d55f0b447c292ebfb2e28a69d51aed71c8ecaa

SHA256
117d7a6d8a5da67e2b1649a154e4ed38a1e7779d7d6ce9e9189998eba5c00956

SHA512
f8d1aab6e312639148b1b3d32e87e0c868519b125d49c0580a08214fbd44f1021f0309320415ab10bae4c3b17020b4fa868d12b32cdd8017cac9e7f5206cef10

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe

Filesize
184KB

MD5
c4f46f869d56b4a848346b3d869b1f74

SHA1
a10c79321093f80b2ff51f0d47e75c15ab5207b8

SHA256
b2d727f96e9df05e5f3e13dbd66fd1e953bee2cbd05633799bbab96e0f454e96

SHA512
0d629c7f68c9c00a468a6e9064528ece2c4bf16e460bfa882105d122d213a4eb1a4ba9e29557d9fc06454912e4eec379232346afc5d383e4ac2f897e0b3cba89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe

Filesize
184KB

MD5
e1e1cddbf95cccb8156b5ad529d68697

SHA1
014255b1cd8075f538aa2cbb7ab92e3e0d4f3703

SHA256
a79f0ac5221eea1bec3a27c21bff322e43600d9514085ac22ab0811db1f4cbf9

SHA512
bd03a02f1cde43a688031204f95ff356353b4f0acc27f3045a8b2b9c40feaee0b1d0be826ab7c353f7a87d11caed70f5698c5afcefafaccf0deac538c99b9875

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe

Filesize
184KB

MD5
7d51501bbfda8ca1ca95b2be924fe84d

SHA1
c788c53b449b69e2e6d3318788ae0b6015182f41

SHA256
bd4c81accca33044189e0b6e26df421f9f0855e00447d587b828706745d42aa1

SHA512
e14dc10918ec9d3bb6702d76ffb34bd5f4a1a06998c93095791f06f58b9fb9eb70c9b14fa6c6953768c96174f2dbef2eeff3d82c6c0dd48b946cc1f0356310a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe

Filesize
184KB

MD5
5201e97bf1d1ba9ed8f55b956be30d69

SHA1
4f1bf02d3df32a2efe31cbd0d436092c29b3fee2

SHA256
4e8ab8bf03644f2365bccf27b87ee130b6eeade56adf7b1574a0a9229cb0f4d1

SHA512
89ad588f5830313cbec30d01f97b1a5253e1e23b4ae8bf1f4d03837f6da42d3840ab6c83b31a30167db8056db49c44a2baa7ec45aed9588e3ae2d78a80ae4c30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe

Filesize
184KB

MD5
5e970af707610e41188ddf979baa7132

SHA1
be2fa26db501100f3415713b0d61988954b9a26a

SHA256
13ee20f45f8768aa266c6ae1a350c0856e166fba3e83326399c29e0d938baf7b

SHA512
f03cd377595a6c6fea5326e5b08ee082e3d2dc4ebd5a41388a6ba22f6495651ad4d73d2dcedd1b61b1490f827584fa5e7c2432565480274849c0ab2b1d9f2c93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53466.exe

Filesize
184KB

MD5
4a741966f3dd051e95533ffeb263fdee

SHA1
3e4379d09195d540717ed9d1f270f1a319475910

SHA256
c28a207a0ecb7046942f57c5f4861ae8c2c0354ce3468ffb3471c9995d1e9079

SHA512
485e84ed3eea3afd0534c3e9451f7cc6cfb09bf63db74fd648c672f7e1bdf01cad4a8ed67149dfc1fb5635fe24ddec6df04504b006e279e0b97fd62691111e5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe

Filesize
184KB

MD5
b3f0ebdc8f31184f74ac228c433c82c1

SHA1
8b75eb3ff2f254c59da831da315616e75ed7aadf

SHA256
6c5810f460b2a73b46656bc25fbf5c2ec6cbb71811415751c1378423e4a2bcf9

SHA512
80fc7cf116aec468c279618d22f148305546d1daa1642027f93aee3db1f605b4a2e5ea86059d2e8965d85bfbb94e43f895ae3cc8a5adb66137f43a167078836b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe

Filesize
184KB

MD5
2d738f4f5e785adb890ac9030961a45b

SHA1
8d49cf21653e8caa996305d713fa2735640d6544

SHA256
99aefccca0e5ec6aa738363f2d125fdeecf9ad4fb1e13ad65e794709252f644b

SHA512
544a4504d2c4859a424574596afd1365a7b96883216f788907edfc04a08b657b31cba1cd07471ff576d1763f481128839a4b8623d47d50e34789bc0c16a8a63d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe

Filesize
184KB

MD5
c4c2cd6c11c8e124e9eae2fae2584b54

SHA1
2c486dd1b6e17d0c76ba8743bbb3e308f6433f7c

SHA256
19e429ca0b93ded65a1a9c84308b1ff58c8c9974de7c95453dcc845e79168d62

SHA512
50de35b69b49ceae9c122c9c0f664d772527edc61c0a9ad4298b74d537c60d4c10c998d3b6862053717fcfcc159db48ea2e39bdd78bbc7ed87a010dd0a7a37c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe

Filesize
184KB

MD5
5a695d4a7e2b25ab6f7c8385ad6e5ea5

SHA1
fdc4ee28f4f7e5763dfdd5695e67d3245bce953f

SHA256
9512eb20c082eb34bb79092559d66d49dad9aaac73699574c9b505499d044c62

SHA512
b2d5d633d7d7506ed2cfd88d6f516b001f0e8e9eecd78b94024fd8adf8b81ec9f694f6e99ec409f0ab2f68998af9025fc2e2db195e3a411a337c0728b8e88cc5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads