d8c968718610f4f2b30fb2fe0c1a1bf926ad924c308b43662ef7385e0bbabe46

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f0b2007ca1570b9e50ecd41ec4707f2.exe
Size

184KB
MD5

3f0b2007ca1570b9e50ecd41ec4707f2
SHA1

ba5e38af1496d9633a969bd13567e6c4a2ee85e6
SHA256

d8c968718610f4f2b30fb2fe0c1a1bf926ad924c308b43662ef7385e0bbabe46
SHA512

dd75f71dcfc10028f4e2d6c4b2799517834e533844e301a2cb108bd0a9fd1f8c8a16b18716d89fbd839f4c21732274aa8b2a274b2fb6395e21410889e463fcd0
SSDEEP

3072:/+xwomLKoNwZoOj+o3eyoJcLRNMbNfX6ZxwDEPYVNlvvpFO:/+yoOOZo1ouyoJtVl3VNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2132	Unicorn-65072.exe
2404	Unicorn-54527.exe
2908	Unicorn-2716.exe
2664	Unicorn-13069.exe
2768	Unicorn-62825.exe
1248	Unicorn-18306.exe
2268	Unicorn-35388.exe
360	Unicorn-59338.exe
2700	Unicorn-43085.exe
2208	Unicorn-27303.exe
1952	Unicorn-37417.exe
2524	Unicorn-26557.exe
1620	Unicorn-6219.exe
1160	Unicorn-29332.exe
2272	Unicorn-59504.exe
3008	Unicorn-36946.exe
600	Unicorn-51912.exe
1484	Unicorn-3458.exe
796	Unicorn-34014.exe
2396	Unicorn-55757.exe
2384	Unicorn-48980.exe
1536	Unicorn-24476.exe
2008	Unicorn-35144.exe
1036	Unicorn-20200.exe
2428	Unicorn-37282.exe
2104	Unicorn-38674.exe
2392	Unicorn-3863.exe
2036	Unicorn-63733.exe
1720	Unicorn-42325.exe
1704	Unicorn-26565.exe
3040	Unicorn-8837.exe
2772	Unicorn-10228.exe
2888	Unicorn-20343.exe
2764	Unicorn-10783.exe
2636	Unicorn-61375.exe
2792	Unicorn-24981.exe
2096	Unicorn-48931.exe
2856	Unicorn-43455.exe
3044	Unicorn-28511.exe
3052	Unicorn-40763.exe
2520	Unicorn-31011.exe
888	Unicorn-16067.exe
1324	Unicorn-16067.exe
2584	Unicorn-14675.exe
1436	Unicorn-65267.exe
2564	Unicorn-20426.exe
2536	Unicorn-27202.exe
292	Unicorn-27202.exe
2952	Unicorn-47068.exe
1944	Unicorn-18288.exe
876	Unicorn-47068.exe
1288	Unicorn-63959.exe
2768	Unicorn-17856.exe
2324	Unicorn-37722.exe
1156	Unicorn-2288.exe
1064	Unicorn-43835.exe
2868	Unicorn-28091.exe
2740	Unicorn-3337.exe
2712	Unicorn-12356.exe
1680	Unicorn-50639.exe
2592	Unicorn-25642.exe
3048	Unicorn-57053.exe
1016	Unicorn-13026.exe
2252	Unicorn-63981.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe
2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe
2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe
2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe
2404	Unicorn-54527.exe
2404	Unicorn-54527.exe
2908	Unicorn-2716.exe
2908	Unicorn-2716.exe
2404	Unicorn-54527.exe
2404	Unicorn-54527.exe
2664	Unicorn-13069.exe
2664	Unicorn-13069.exe
2908	Unicorn-2716.exe
2908	Unicorn-2716.exe
2768	Unicorn-62825.exe
2768	Unicorn-62825.exe
1248	Unicorn-18306.exe
1248	Unicorn-18306.exe
2664	Unicorn-13069.exe
2664	Unicorn-13069.exe
2768	Unicorn-62825.exe
2768	Unicorn-62825.exe
360	Unicorn-59338.exe
360	Unicorn-59338.exe
2700	Unicorn-43085.exe
2700	Unicorn-43085.exe
1248	Unicorn-18306.exe
1248	Unicorn-18306.exe
1952	Unicorn-37417.exe
1952	Unicorn-37417.exe
2208	Unicorn-27303.exe
2208	Unicorn-27303.exe
2524	Unicorn-26557.exe
2524	Unicorn-26557.exe
360	Unicorn-59338.exe
360	Unicorn-59338.exe
1620	Unicorn-6219.exe
1620	Unicorn-6219.exe
2700	Unicorn-43085.exe
2700	Unicorn-43085.exe
1160	Unicorn-29332.exe
1160	Unicorn-29332.exe
2272	Unicorn-59504.exe
2272	Unicorn-59504.exe
1952	Unicorn-37417.exe
1952	Unicorn-37417.exe
600	Unicorn-51912.exe
600	Unicorn-51912.exe
2524	Unicorn-26557.exe
2524	Unicorn-26557.exe
3008	Unicorn-36946.exe
3008	Unicorn-36946.exe
1484	Unicorn-3458.exe
1484	Unicorn-3458.exe
2208	Unicorn-27303.exe
2208	Unicorn-27303.exe
2268	Unicorn-35388.exe
2268	Unicorn-35388.exe
796	Unicorn-34014.exe
796	Unicorn-34014.exe
1620	Unicorn-6219.exe
1620	Unicorn-6219.exe
2396	Unicorn-55757.exe
2396	Unicorn-55757.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe
2132	Unicorn-65072.exe
2404	Unicorn-54527.exe
2908	Unicorn-2716.exe
2664	Unicorn-13069.exe
2768	Unicorn-62825.exe
1248	Unicorn-18306.exe
2268	Unicorn-35388.exe
360	Unicorn-59338.exe
2700	Unicorn-43085.exe
1952	Unicorn-37417.exe
2208	Unicorn-27303.exe
2524	Unicorn-26557.exe
1620	Unicorn-6219.exe
1160	Unicorn-29332.exe
2272	Unicorn-59504.exe
600	Unicorn-51912.exe
3008	Unicorn-36946.exe
1484	Unicorn-3458.exe
796	Unicorn-34014.exe
2396	Unicorn-55757.exe
2384	Unicorn-48980.exe
1536	Unicorn-24476.exe
2008	Unicorn-35144.exe
1036	Unicorn-20200.exe
2428	Unicorn-37282.exe
2392	Unicorn-3863.exe
2104	Unicorn-38674.exe
2036	Unicorn-63733.exe
1720	Unicorn-42325.exe
1704	Unicorn-26565.exe
2772	Unicorn-10228.exe
3040	Unicorn-8837.exe
2636	Unicorn-61375.exe
2764	Unicorn-10783.exe
2888	Unicorn-20343.exe
3044	Unicorn-28511.exe
2096	Unicorn-48931.exe
888	Unicorn-16067.exe
2792	Unicorn-24981.exe
2520	Unicorn-31011.exe
3052	Unicorn-40763.exe
1324	Unicorn-16067.exe
2856	Unicorn-43455.exe
1944	Unicorn-18288.exe
292	Unicorn-27202.exe
1436	Unicorn-65267.exe
1156	Unicorn-2288.exe
2952	Unicorn-47068.exe
2768	Unicorn-17856.exe
2536	Unicorn-27202.exe
2324	Unicorn-37722.exe
876	Unicorn-47068.exe
2564	Unicorn-20426.exe
1288	Unicorn-63959.exe
1064	Unicorn-43835.exe
2868	Unicorn-28091.exe
2712	Unicorn-12356.exe
2740	Unicorn-3337.exe
1680	Unicorn-50639.exe
1016	Unicorn-13026.exe
2720	Unicorn-9025.exe
832	Unicorn-13877.exe
2136	Unicorn-5901.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2132	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	28
PID 2076 wrote to memory of 2132	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	28
PID 2076 wrote to memory of 2132	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	28
PID 2076 wrote to memory of 2132	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	28
PID 2076 wrote to memory of 2404	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	29
PID 2076 wrote to memory of 2404	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	29
PID 2076 wrote to memory of 2404	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	29
PID 2076 wrote to memory of 2404	2076	3f0b2007ca1570b9e50ecd41ec4707f2.exe	29
PID 2404 wrote to memory of 2908	2404	Unicorn-54527.exe	30
PID 2404 wrote to memory of 2908	2404	Unicorn-54527.exe	30
PID 2404 wrote to memory of 2908	2404	Unicorn-54527.exe	30
PID 2404 wrote to memory of 2908	2404	Unicorn-54527.exe	30
PID 2908 wrote to memory of 2664	2908	Unicorn-2716.exe	32
PID 2908 wrote to memory of 2664	2908	Unicorn-2716.exe	32
PID 2908 wrote to memory of 2664	2908	Unicorn-2716.exe	32
PID 2908 wrote to memory of 2664	2908	Unicorn-2716.exe	32
PID 2404 wrote to memory of 2768	2404	Unicorn-54527.exe	31
PID 2404 wrote to memory of 2768	2404	Unicorn-54527.exe	31
PID 2404 wrote to memory of 2768	2404	Unicorn-54527.exe	31
PID 2404 wrote to memory of 2768	2404	Unicorn-54527.exe	31
PID 2664 wrote to memory of 1248	2664	Unicorn-13069.exe	33
PID 2664 wrote to memory of 1248	2664	Unicorn-13069.exe	33
PID 2664 wrote to memory of 1248	2664	Unicorn-13069.exe	33
PID 2664 wrote to memory of 1248	2664	Unicorn-13069.exe	33
PID 2908 wrote to memory of 2268	2908	Unicorn-2716.exe	35
PID 2908 wrote to memory of 2268	2908	Unicorn-2716.exe	35
PID 2908 wrote to memory of 2268	2908	Unicorn-2716.exe	35
PID 2908 wrote to memory of 2268	2908	Unicorn-2716.exe	35
PID 2768 wrote to memory of 360	2768	Unicorn-62825.exe	34
PID 2768 wrote to memory of 360	2768	Unicorn-62825.exe	34
PID 2768 wrote to memory of 360	2768	Unicorn-62825.exe	34
PID 2768 wrote to memory of 360	2768	Unicorn-62825.exe	34
PID 1248 wrote to memory of 2700	1248	Unicorn-18306.exe	39
PID 1248 wrote to memory of 2700	1248	Unicorn-18306.exe	39
PID 1248 wrote to memory of 2700	1248	Unicorn-18306.exe	39
PID 1248 wrote to memory of 2700	1248	Unicorn-18306.exe	39
PID 2664 wrote to memory of 2208	2664	Unicorn-13069.exe	38
PID 2664 wrote to memory of 2208	2664	Unicorn-13069.exe	38
PID 2664 wrote to memory of 2208	2664	Unicorn-13069.exe	38
PID 2664 wrote to memory of 2208	2664	Unicorn-13069.exe	38
PID 2768 wrote to memory of 1952	2768	Unicorn-62825.exe	36
PID 2768 wrote to memory of 1952	2768	Unicorn-62825.exe	36
PID 2768 wrote to memory of 1952	2768	Unicorn-62825.exe	36
PID 2768 wrote to memory of 1952	2768	Unicorn-62825.exe	36
PID 360 wrote to memory of 2524	360	Unicorn-59338.exe	37
PID 360 wrote to memory of 2524	360	Unicorn-59338.exe	37
PID 360 wrote to memory of 2524	360	Unicorn-59338.exe	37
PID 360 wrote to memory of 2524	360	Unicorn-59338.exe	37
PID 2700 wrote to memory of 1620	2700	Unicorn-43085.exe	45
PID 2700 wrote to memory of 1620	2700	Unicorn-43085.exe	45
PID 2700 wrote to memory of 1620	2700	Unicorn-43085.exe	45
PID 2700 wrote to memory of 1620	2700	Unicorn-43085.exe	45
PID 1248 wrote to memory of 1160	1248	Unicorn-18306.exe	40
PID 1248 wrote to memory of 1160	1248	Unicorn-18306.exe	40
PID 1248 wrote to memory of 1160	1248	Unicorn-18306.exe	40
PID 1248 wrote to memory of 1160	1248	Unicorn-18306.exe	40
PID 1952 wrote to memory of 2272	1952	Unicorn-37417.exe	44
PID 1952 wrote to memory of 2272	1952	Unicorn-37417.exe	44
PID 1952 wrote to memory of 2272	1952	Unicorn-37417.exe	44
PID 1952 wrote to memory of 2272	1952	Unicorn-37417.exe	44
PID 2208 wrote to memory of 3008	2208	Unicorn-27303.exe	43
PID 2208 wrote to memory of 3008	2208	Unicorn-27303.exe	43
PID 2208 wrote to memory of 3008	2208	Unicorn-27303.exe	43
PID 2208 wrote to memory of 3008	2208	Unicorn-27303.exe	43

C:\Users\Admin\AppData\Local\Temp\3f0b2007ca1570b9e50ecd41ec4707f2.exe
"C:\Users\Admin\AppData\Local\Temp\3f0b2007ca1570b9e50ecd41ec4707f2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        11⤵
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        9⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28091.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        9⤵
        Executes dropped EXE
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        7⤵
        Executes dropped EXE
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
        9⤵
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        8⤵
        Executes dropped EXE
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        9⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        7⤵
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        9⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe

Filesize
184KB

MD5
a890ebf7832fe870ae3834b71e891993

SHA1
89d57e64ba77d1a80b793eee711e8bd86ffb4c9d

SHA256
26b301a65530c7dd61894f2075a207df6f4216f11ec056964fd3ee45437bfda2

SHA512
52ab3a5abf277231bce67bdbb12582925179a658b9f540554f95b22c05b9a631abb9e3be55ef6228a0ac7b3b76db9ca04db84c3850b295e86dd67d30dd42f96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe

Filesize
103KB

MD5
b839b05ff98694957f4e58ff379eb613

SHA1
9ac8a40dacd23dce1db500b74e59e289185fa8a9

SHA256
54426fe199aca4013d8b3ee79a634baab42a15e0c22eaca17c83929e7537cfd5

SHA512
163310adca3a86e65087330becdb666bf9f2564026b45dd38632a3ef6f3e236bcbc16e120c23f84c561db7b24670adacf96ff7f4d34987ab73cd28b344b99939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe

Filesize
184KB

MD5
80763f19a286894ee19d9a77aaa9e258

SHA1
fbf5fc3d504aebe092c0fc7532fee43290b304a6

SHA256
0aaa3a0653bbc15bc9cddebd6643165b9c75e9cdb0246a7fe6755e1291b89604

SHA512
cce9d7a1d3590aada91ce95305c0f011003d1ce2883c03d6a90bbcf389ddabe7326b5dbf5540e726f2bcc81fbcf16eda2d4f0486fc3b608e986f8f58b412cf48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe

Filesize
184KB

MD5
a1fb1fea91b2342862e7a4aae3c0c2d3

SHA1
06b2ae947f1f65760d2e88e399ec5a63dcace345

SHA256
d7ccfc1531c19cb6ff3e9f5cf69d9650057dce68f10731efa6942913b066d55c

SHA512
3e079877f03b97eb4d55cf8917b5dbe72d9b639e6b25cad7968e63c41136db536271b0ee3882e01e7617e67a6e714580b3c536c8865684874c44531f95bbc67a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe

Filesize
184KB

MD5
15bee6bc9a90a029f3d66b3ad3a2012d

SHA1
4caef3f3ed46f59da42c01d97b34f3f1a642509f

SHA256
a116abb682bffec847796fef6b9cf8916dfdbf65f6ef1b1336484c885fe66287

SHA512
ed91668ccb5213cac4b1632cd2d0b858ab7a24ac931241f4b5ad28ca083057766f3c2807efeb56a063daf5882f4a2e56a6deb5f1a5173cfc6125d583385cd7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe

Filesize
184KB

MD5
1ea7c379eecf22ce263eec4f97e51ca4

SHA1
d2bae52edbab681ca4cc3936fe4a06e9352bb50b

SHA256
c347221df10d62bc5115611e4d84da6509b33cbe3cd5d6a7ab793f5b6ed46cab

SHA512
bb517bcea8e1d576157c3db67a73c9174dd9fd2ff8a05533e362d140a349d74b82dafcca2f7127ff9b5695ad52127f4ed2251072e4878c455d7cc446078e465a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe

Filesize
93KB

MD5
7dd08f5ce0a08c459cd68107ded0675e

SHA1
b2f995ca078dda6d9e556a37afe05fd32f59374c

SHA256
b6b9981cae7eab4aedf54b0e2cf25ceed0494b9fab00a3b926e1e69480aaba7d

SHA512
67f28a2f67fb615f4ebd1c87f8ca775d8fff74b52bc26082d0fccbcebaf0799a3f7c0234672c04cd70fb57da6e17bd6a3d68026c3683ea26be8466c2a9bd3abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe

Filesize
184KB

MD5
35e7aaf9b7ba742eeedd34fc6a83b100

SHA1
13dde7cde703cd2db951d786076939bd9c7ae879

SHA256
5666615a216965643766ff9699c8c9a9def16840d082262721f961c34f3c9d4f

SHA512
af2bb015caef28d553c9276497cf1dc476a3d12a82756c889228009ae76474b804f9fd27a27f28334160abf6f09bdc220f2cd29ac8d4bb3af37bad547b3ad77f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe

Filesize
184KB

MD5
7698c96e6aa100dd5c3063bf4ac02c87

SHA1
0c06067950f7cc480ef1a4ca2e27fa16a366d58e

SHA256
982c8a92bb9f4ad61d38a55b5015697598d79a9de8abbe833a3757b017512aa8

SHA512
9a385fd580d3ea39e143ff4261abe46c015e14b3149eb86e6b09d2d583a18a1d1428a7dbacbc3bde417dbac925878d4849f5c5f85fd9d3f3d1da621cb5b700f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe

Filesize
184KB

MD5
9427c96b9bebe5a193006bab1935dd23

SHA1
2f5b3959f4d8b9d46fec4f6e69da47f6145cc8ae

SHA256
7796a80fb027865effb6c7475ed3f98fd0dd786b7db57acb5687848a55ae070a

SHA512
814032f460dd1da15e26195b31cb4fdf424a407ed7f0b27a7ab7b747e316a0f2b970aad1cd586d47d2bf49a23c0e35a8305e81dd872a7c5cde62be9a154077e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe

Filesize
92KB

MD5
b66441c68f841a8ee762064a76cf5e1f

SHA1
de9ee5accbd08ef7c6b1ee30fa3842ebcb832ed5

SHA256
84c22e99bfdce14470c1c4a29687764a8ba1157014b17c5e0e323b01784d5e4f

SHA512
f1c8cc5311b1e022dbf87f66481f662ab996f128ca579d6250077e01b8de66aac4d080acef833b37729c65ce1d5423e1b61dfbd356667e010db082ea6dd380f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe

Filesize
184KB

MD5
3890c1809b8db8c67cd22f9471c0d890

SHA1
5b64ccbf0289657c9652fbbe4094b76f0a2c270e

SHA256
30f1b1123bde0946c5aa2ad7fb6c6e78a0f6e1e5c8226e2d70c712611f9b964e

SHA512
3817459f71da0c83a42b0d79570788fd5aa18ff5b47f7f1c9da90bd3924c3f7a717788aca58d2ff4e1537483c8fdfc468b73f0e7676e0813dd05465133ffe120

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe

Filesize
184KB

MD5
8c82a39b0421fc4e31104b0a5a9ceb28

SHA1
5354232cc3b57755650d4d1518fadfa8f278f301

SHA256
77bb8bbbe8047569022f8d694f7a15d36b78e76976643b3c6030861aee09095c

SHA512
15fef66d0bec89231c8f6c37a1a8c742e39e600a5d18f6af34f96f6872576c60bbb58b9b13157023dab1b2ef43023e172dc7e08e36b5c6cae4eeb234a362fdec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe

Filesize
184KB

MD5
f5e99631b646936d892cf22b1562fef1

SHA1
00bf0dae768f84911b520b18efd3d54b9bf95814

SHA256
38544113b99d29283489047bc5d4001b508aa91d49c2a177f458054a78bc9ddd

SHA512
9914524085f92c2a59fffbdb830322667554f9c4bb26434ccd1a91a4e37b4d1adcc21030f555449e5fc585de66b877279f4873054ac5cea48e932df8c68376f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe

Filesize
95KB

MD5
539c034db780c9ecf8859ac39dbb3da1

SHA1
dda0966a35554ead0489ddbddab6bf601a45fe78

SHA256
d524d2bcc330ab3623e45ce0cbbb4d5a04684fbc82e28ecc64a4effb0de7f3dc

SHA512
ff74770042c74b935d5384c322ffdbba5431d86d52a514a98be32f101cb7b738f70c4515bef1881bbbb1e373fd54794d995add11c613a9367c874826b77cd36e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe

Filesize
184KB

MD5
e62d451ef9d6085c861f57915d260693

SHA1
19de3890c39da576aa07d0e2c6a2fef794c86e19

SHA256
837b0aa4b7c8411a6aff1338d82be19c6d55eb30218c110bc58dff796a91db70

SHA512
394c96bb54a080359c39d94bf239f4e3e31dc5909e0b012f43b32e250745c408af9e8d0a980725ede54da89e8209638612c1e855f5d17141a22e92b866748094

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe

Filesize
184KB

MD5
c79a60e4a82c7717f222c73dc97f373a

SHA1
a5666cd85d11d512bfeb0e3bee79982d880912fc

SHA256
d32960b4681b20280dea597d1d1a88c9a470832ba9724bf3e4cac51b57d03f2a

SHA512
3d4e35cee4243d69955cb5cc536dbbbfe7cc12391d18ec0add415d00526a0a68ad69de151c263abd2e1b8890c27e137e20fe1e16779c5e793ba34af239fa7e5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe

Filesize
106KB

MD5
23efacf8c3b2b4b31fb5fd85f16d71a3

SHA1
1c8a6fa1a5ac32ac3a743667c742535de359b8e0

SHA256
de9ecb40b764eab8efb96401ca7ca0f7737e5460a474c1c956eaddb2005adb72

SHA512
6ac6f7cca37b0fb63bcba2e176b28e59d7113c5df96775c020fe4fc866786f97f5ff54f72b6a31927537b418b55f96088e9a99867dbf5d95d3b4248ac9b4830f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe

Filesize
184KB

MD5
938b57ff7f02155da3bc313382228e6f

SHA1
14d13ff26bc4ecd33894fcc880a69f56ae6be9e7

SHA256
13768647c47795ef5a42950bc07c77a0b11367845e559b5234f067ce331ee949

SHA512
688c237258741ce758a5338f84cb19f3f2ba9ba653c7d5700b94f6372dbcc99557cfa6907ff310974b0a662d79a5c26ed7edd55bb90614b2b822f1484482e6fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe

Filesize
184KB

MD5
094dfba252d86b72235801d6fa7eb8b9

SHA1
3958b04dfc42f0e19916224c5b1409b83ae8338b

SHA256
55e07e8e919268a18d6ff7e6655a80c1b3de964dc1d7f9a129552b060945fea6

SHA512
19e5a7768cc28aa7b8c8f1f8a6c76ce6950a2e5ef6c4863980c0f7f19fb656040d27cfbf9e91e5be7a563a0a1dc374352504b8cf0524945ac9b4b5c844c1ac67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe

Filesize
184KB

MD5
015b86aa380940b7923b856a500166e7

SHA1
f547e2297d59a94fe49a2b3efe636f8daaffc1e1

SHA256
51a472cd9ce46b0875204c8848950d5b5edc5f15813b2a286514e221eeb32d01

SHA512
764e03e3982e33d0760a443981e5d2297f8d329c0d8adcaa8465c798e044b29421b8b3a46bad7ef866ac5da88b1af4431ce697459590627ed642a3e09c922baf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads