d59dd9cfc5b2805864667656644376047edb957c21704f2c407ba8f15ad3fad5

Analysis

max time kernel
99s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 01:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e57ff787cbd45dcfbe416c73bd68fb2.exe
Size

184KB
MD5

3e57ff787cbd45dcfbe416c73bd68fb2
SHA1

fb5a0d1de253ac1587759c78a24455d0bfc61d82
SHA256

d59dd9cfc5b2805864667656644376047edb957c21704f2c407ba8f15ad3fad5
SHA512

23db1109ffd2f2eb62e2d8f09d6a704314dc92c973fe341a74333be67d4ab777ae731d24743ff477d914d345bd46c9e74af36a4bba340c46f9b32dffadba2c03
SSDEEP

3072:qv4womLy7ZwQolHUo3TKnJcpGOn2MfN60xv+EDuNlvvpFf:qvboZSQoqoDKnJFiL6NlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1276	Unicorn-33204.exe
2308	Unicorn-25846.exe
2652	Unicorn-64418.exe
2664	Unicorn-23488.exe
1028	Unicorn-21603.exe
2548	Unicorn-41469.exe
2116	Unicorn-58615.exe
1940	Unicorn-23482.exe
2912	Unicorn-25751.exe
2956	Unicorn-50167.exe
1664	Unicorn-15034.exe
1520	Unicorn-30657.exe
1064	Unicorn-6615.exe
2856	Unicorn-36216.exe
2588	Unicorn-2401.exe
1044	Unicorn-59350.exe
2336	Unicorn-24566.exe
2148	Unicorn-13331.exe
2232	Unicorn-16212.exe
1604	Unicorn-20898.exe
3040	Unicorn-46983.exe
1796	Unicorn-59543.exe
2064	Unicorn-17058.exe
956	Unicorn-7005.exe
1744	Unicorn-48500.exe
2156	Unicorn-37362.exe
1732	Unicorn-26157.exe
1736	Unicorn-50553.exe
1036	Unicorn-57102.exe
1712	Unicorn-12774.exe
2752	Unicorn-8548.exe
2656	Unicorn-24086.exe
2624	Unicorn-8689.exe
2812	Unicorn-23957.exe
324	Unicorn-5880.exe
1836	Unicorn-41006.exe
1104	Unicorn-13189.exe
2836	Unicorn-23761.exe
1576	Unicorn-10354.exe
1032	Unicorn-13472.exe
2528	Unicorn-12573.exe
788	Unicorn-12898.exe
1628	Unicorn-39261.exe
2920	Unicorn-38161.exe
1752	Unicorn-34155.exe
1976	Unicorn-49526.exe
1536	Unicorn-17430.exe
2404	Unicorn-1534.exe
2268	Unicorn-49920.exe
932	Unicorn-4248.exe
1396	Unicorn-54902.exe
1648	Unicorn-4824.exe
1728	Unicorn-60403.exe
2672	Unicorn-28307.exe
1208	Unicorn-45904.exe
2468	Unicorn-32723.exe
2892	Unicorn-45722.exe
2596	Unicorn-59085.exe
1816	Unicorn-4243.exe
2584	Unicorn-42072.exe
808	Unicorn-26046.exe
2860	Unicorn-46680.exe
1788	Unicorn-44376.exe
584	Unicorn-57759.exe

Loads dropped DLL 64 IoCs

pid	Process
2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe
2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe
1276	Unicorn-33204.exe
2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe
1276	Unicorn-33204.exe
2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe
2308	Unicorn-25846.exe
2308	Unicorn-25846.exe
1276	Unicorn-33204.exe
1276	Unicorn-33204.exe
2652	Unicorn-64418.exe
2652	Unicorn-64418.exe
2664	Unicorn-23488.exe
2308	Unicorn-25846.exe
2664	Unicorn-23488.exe
2308	Unicorn-25846.exe
1028	Unicorn-21603.exe
1028	Unicorn-21603.exe
2548	Unicorn-41469.exe
2548	Unicorn-41469.exe
2652	Unicorn-64418.exe
2652	Unicorn-64418.exe
1664	Unicorn-15034.exe
2548	Unicorn-41469.exe
2548	Unicorn-41469.exe
1664	Unicorn-15034.exe
2912	Unicorn-25751.exe
2912	Unicorn-25751.exe
1028	Unicorn-21603.exe
1028	Unicorn-21603.exe
1940	Unicorn-23482.exe
1940	Unicorn-23482.exe
2956	Unicorn-50167.exe
2956	Unicorn-50167.exe
2588	Unicorn-2401.exe
2336	Unicorn-24566.exe
2588	Unicorn-2401.exe
2336	Unicorn-24566.exe
2856	Unicorn-36216.exe
2856	Unicorn-36216.exe
1064	Unicorn-6615.exe
1044	Unicorn-59350.exe
1664	Unicorn-15034.exe
2148	Unicorn-13331.exe
2148	Unicorn-13331.exe
1664	Unicorn-15034.exe
1520	Unicorn-30657.exe
1064	Unicorn-6615.exe
1044	Unicorn-59350.exe
1520	Unicorn-30657.exe
2588	Unicorn-2401.exe
2588	Unicorn-2401.exe
1604	Unicorn-20898.exe
1604	Unicorn-20898.exe
2856	Unicorn-36216.exe
2856	Unicorn-36216.exe
2232	Unicorn-16212.exe
2336	Unicorn-24566.exe
2232	Unicorn-16212.exe
2336	Unicorn-24566.exe
1796	Unicorn-59543.exe
1796	Unicorn-59543.exe
3040	Unicorn-46983.exe
3040	Unicorn-46983.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe
1276	Unicorn-33204.exe
2308	Unicorn-25846.exe
2652	Unicorn-64418.exe
2664	Unicorn-23488.exe
1028	Unicorn-21603.exe
2548	Unicorn-41469.exe
1940	Unicorn-23482.exe
2956	Unicorn-50167.exe
2912	Unicorn-25751.exe
1664	Unicorn-15034.exe
1064	Unicorn-6615.exe
2856	Unicorn-36216.exe
1520	Unicorn-30657.exe
1044	Unicorn-59350.exe
2588	Unicorn-2401.exe
2336	Unicorn-24566.exe
2232	Unicorn-16212.exe
2148	Unicorn-13331.exe
1604	Unicorn-20898.exe
3040	Unicorn-46983.exe
1796	Unicorn-59543.exe
2156	Unicorn-37362.exe
1736	Unicorn-50553.exe
1036	Unicorn-57102.exe
1712	Unicorn-12774.exe
1732	Unicorn-26157.exe
2064	Unicorn-17058.exe
2656	Unicorn-24086.exe
324	Unicorn-5880.exe
2624	Unicorn-8689.exe
2812	Unicorn-23957.exe
1104	Unicorn-13189.exe
2752	Unicorn-8548.exe
1576	Unicorn-10354.exe
1836	Unicorn-41006.exe
1744	Unicorn-48500.exe
2836	Unicorn-23761.exe
2528	Unicorn-12573.exe
1032	Unicorn-13472.exe
956	Unicorn-7005.exe
788	Unicorn-12898.exe
1628	Unicorn-39261.exe
2116	Unicorn-58615.exe
2920	Unicorn-38161.exe
1752	Unicorn-34155.exe
1976	Unicorn-49526.exe
1536	Unicorn-17430.exe
2404	Unicorn-1534.exe
2268	Unicorn-49920.exe
1396	Unicorn-54902.exe
932	Unicorn-4248.exe
1648	Unicorn-4824.exe
2672	Unicorn-28307.exe
1728	Unicorn-60403.exe
1208	Unicorn-45904.exe
2468	Unicorn-32723.exe
2892	Unicorn-45722.exe
1816	Unicorn-4243.exe
2596	Unicorn-59085.exe
2584	Unicorn-42072.exe
808	Unicorn-26046.exe
2860	Unicorn-46680.exe
584	Unicorn-57759.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 1276	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	28
PID 2472 wrote to memory of 1276	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	28
PID 2472 wrote to memory of 1276	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	28
PID 2472 wrote to memory of 1276	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	28
PID 1276 wrote to memory of 2308	1276	Unicorn-33204.exe	30
PID 1276 wrote to memory of 2308	1276	Unicorn-33204.exe	30
PID 1276 wrote to memory of 2308	1276	Unicorn-33204.exe	30
PID 1276 wrote to memory of 2308	1276	Unicorn-33204.exe	30
PID 2472 wrote to memory of 2652	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	29
PID 2472 wrote to memory of 2652	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	29
PID 2472 wrote to memory of 2652	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	29
PID 2472 wrote to memory of 2652	2472	3e57ff787cbd45dcfbe416c73bd68fb2.exe	29
PID 2308 wrote to memory of 2664	2308	Unicorn-25846.exe	33
PID 2308 wrote to memory of 2664	2308	Unicorn-25846.exe	33
PID 2308 wrote to memory of 2664	2308	Unicorn-25846.exe	33
PID 2308 wrote to memory of 2664	2308	Unicorn-25846.exe	33
PID 1276 wrote to memory of 1028	1276	Unicorn-33204.exe	32
PID 1276 wrote to memory of 1028	1276	Unicorn-33204.exe	32
PID 1276 wrote to memory of 1028	1276	Unicorn-33204.exe	32
PID 1276 wrote to memory of 1028	1276	Unicorn-33204.exe	32
PID 2652 wrote to memory of 2548	2652	Unicorn-64418.exe	31
PID 2652 wrote to memory of 2548	2652	Unicorn-64418.exe	31
PID 2652 wrote to memory of 2548	2652	Unicorn-64418.exe	31
PID 2652 wrote to memory of 2548	2652	Unicorn-64418.exe	31
PID 2664 wrote to memory of 2116	2664	Unicorn-23488.exe	38
PID 2664 wrote to memory of 2116	2664	Unicorn-23488.exe	38
PID 2664 wrote to memory of 2116	2664	Unicorn-23488.exe	38
PID 2664 wrote to memory of 2116	2664	Unicorn-23488.exe	38
PID 2308 wrote to memory of 1940	2308	Unicorn-25846.exe	37
PID 2308 wrote to memory of 1940	2308	Unicorn-25846.exe	37
PID 2308 wrote to memory of 1940	2308	Unicorn-25846.exe	37
PID 2308 wrote to memory of 1940	2308	Unicorn-25846.exe	37
PID 1028 wrote to memory of 2912	1028	Unicorn-21603.exe	34
PID 1028 wrote to memory of 2912	1028	Unicorn-21603.exe	34
PID 1028 wrote to memory of 2912	1028	Unicorn-21603.exe	34
PID 1028 wrote to memory of 2912	1028	Unicorn-21603.exe	34
PID 2548 wrote to memory of 2956	2548	Unicorn-41469.exe	36
PID 2548 wrote to memory of 2956	2548	Unicorn-41469.exe	36
PID 2548 wrote to memory of 2956	2548	Unicorn-41469.exe	36
PID 2548 wrote to memory of 2956	2548	Unicorn-41469.exe	36
PID 2652 wrote to memory of 1664	2652	Unicorn-64418.exe	35
PID 2652 wrote to memory of 1664	2652	Unicorn-64418.exe	35
PID 2652 wrote to memory of 1664	2652	Unicorn-64418.exe	35
PID 2652 wrote to memory of 1664	2652	Unicorn-64418.exe	35
PID 2548 wrote to memory of 1520	2548	Unicorn-41469.exe	43
PID 2548 wrote to memory of 1520	2548	Unicorn-41469.exe	43
PID 2548 wrote to memory of 1520	2548	Unicorn-41469.exe	43
PID 2548 wrote to memory of 1520	2548	Unicorn-41469.exe	43
PID 1664 wrote to memory of 1064	1664	Unicorn-15034.exe	44
PID 1664 wrote to memory of 1064	1664	Unicorn-15034.exe	44
PID 1664 wrote to memory of 1064	1664	Unicorn-15034.exe	44
PID 1664 wrote to memory of 1064	1664	Unicorn-15034.exe	44
PID 2912 wrote to memory of 2856	2912	Unicorn-25751.exe	42
PID 2912 wrote to memory of 2856	2912	Unicorn-25751.exe	42
PID 2912 wrote to memory of 2856	2912	Unicorn-25751.exe	42
PID 2912 wrote to memory of 2856	2912	Unicorn-25751.exe	42
PID 1028 wrote to memory of 2588	1028	Unicorn-21603.exe	39
PID 1028 wrote to memory of 2588	1028	Unicorn-21603.exe	39
PID 1028 wrote to memory of 2588	1028	Unicorn-21603.exe	39
PID 1028 wrote to memory of 2588	1028	Unicorn-21603.exe	39
PID 1940 wrote to memory of 1044	1940	Unicorn-23482.exe	41
PID 1940 wrote to memory of 1044	1940	Unicorn-23482.exe	41
PID 1940 wrote to memory of 1044	1940	Unicorn-23482.exe	41
PID 1940 wrote to memory of 1044	1940	Unicorn-23482.exe	41

C:\Users\Admin\AppData\Local\Temp\3e57ff787cbd45dcfbe416c73bd68fb2.exe
"C:\Users\Admin\AppData\Local\Temp\3e57ff787cbd45dcfbe416c73bd68fb2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
        7⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
        6⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26046.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        9⤵
        
        PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        10⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        9⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        9⤵
        
        PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        7⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        8⤵
        
        PID:2308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24086.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        13⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        12⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        12⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        12⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        13⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
        11⤵
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        8⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        8⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        8⤵
        
        PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44376.exe
        6⤵
        Executes dropped EXE
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        8⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        6⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        7⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        6⤵
        
        PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe

Filesize
184KB

MD5
29d18f7d79546b1a3a97bc3a6e4fd323

SHA1
ff4fbc1abe08eaf01b807939839c22fb16a58223

SHA256
2125bf4751c3cfaa9267cfbf8fe36332fd2b724821c3efd34997ab1f75133dae

SHA512
c232def29fede94c1dfe2a11ae702ef6d7887c425fa0228f95063126f5745ddd66fa13db62b359ac48a0ebb30b8fe38d8eebe87f438d814e89eee643bd99ad00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads