0a79b70dbef674978ec978b3bb088017de55c5bdb96d818577e006547e138eac

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

420bc204a16f31194f57ecc5649bebf2.exe
Size

184KB
MD5

420bc204a16f31194f57ecc5649bebf2
SHA1

2de7780a87fc3f513f5573d6392c91cadb3f1d95
SHA256

0a79b70dbef674978ec978b3bb088017de55c5bdb96d818577e006547e138eac
SHA512

bcc7ba645c1d698a39fb4a2fa2d51bee7f3f63a27f76cc4acfa2dd3f52d4119fc9fce809d54c2e094ad8b88b4f02b338b901837f108c699c173a1909dce070ae
SSDEEP

3072:8XyYoJFTfDAvAOj7dxKzdz1evsr62b2kBzExb82a67lXvpF4:8Xdo38vAodczdzl7yV7lXvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 44 IoCs

pid	Process
1944	Unicorn-50995.exe
2852	Unicorn-18214.exe
2740	Unicorn-20906.exe
2888	Unicorn-53107.exe
1812	Unicorn-29157.exe
2600	Unicorn-18297.exe
2568	Unicorn-62967.exe
2904	Unicorn-50715.exe
268	Unicorn-4207.exe
2976	Unicorn-64913.exe
2784	Unicorn-63522.exe
1652	Unicorn-60912.exe
2816	Unicorn-53320.exe
1636	Unicorn-60097.exe
1732	Unicorn-59542.exe
2448	Unicorn-118.exe
956	Unicorn-2811.exe
2128	Unicorn-32791.exe
836	Unicorn-39567.exe
1120	Unicorn-49127.exe
1116	Unicorn-4010.exe
1772	Unicorn-44036.exe
1632	Unicorn-25260.exe
2216	Unicorn-23336.exe
688	Unicorn-61799.exe
2340	Unicorn-11296.exe
2280	Unicorn-28391.exe
2752	Unicorn-40534.exe
2760	Unicorn-40534.exe
1252	Unicorn-23378.exe
2572	Unicorn-8240.exe
760	Unicorn-56782.exe
1036	Unicorn-29860.exe
572	Unicorn-41427.exe
2852	Unicorn-56502.exe
1640	Unicorn-39865.exe
1328	Unicorn-38879.exe
2368	Unicorn-36994.exe
2460	Unicorn-7659.exe
2064	Unicorn-39598.exe
2364	Unicorn-49385.exe
1700	Unicorn-32063.exe
1592	Unicorn-32063.exe
1060	Unicorn-43267.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	420bc204a16f31194f57ecc5649bebf2.exe
2356	420bc204a16f31194f57ecc5649bebf2.exe
1944	Unicorn-50995.exe
1944	Unicorn-50995.exe
2356	420bc204a16f31194f57ecc5649bebf2.exe
2356	420bc204a16f31194f57ecc5649bebf2.exe
2852	Unicorn-18214.exe
2852	Unicorn-18214.exe
1944	Unicorn-50995.exe
1944	Unicorn-50995.exe
2740	Unicorn-20906.exe
2740	Unicorn-20906.exe
2888	Unicorn-53107.exe
2888	Unicorn-53107.exe
2852	Unicorn-18214.exe
1812	Unicorn-29157.exe
1812	Unicorn-29157.exe
2852	Unicorn-18214.exe
2600	Unicorn-18297.exe
2600	Unicorn-18297.exe
2740	Unicorn-20906.exe
2740	Unicorn-20906.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
268	Unicorn-4207.exe
268	Unicorn-4207.exe
2904	Unicorn-50715.exe
2904	Unicorn-50715.exe
1812	Unicorn-29157.exe
1812	Unicorn-29157.exe
2784	Unicorn-63522.exe
2784	Unicorn-63522.exe
1652	Unicorn-60912.exe
1652	Unicorn-60912.exe
268	Unicorn-4207.exe
268	Unicorn-4207.exe
2816	Unicorn-53320.exe
2816	Unicorn-53320.exe
2904	Unicorn-50715.exe
2904	Unicorn-50715.exe
1732	Unicorn-59542.exe
1636	Unicorn-60097.exe
1732	Unicorn-59542.exe
1636	Unicorn-60097.exe
2784	Unicorn-63522.exe
2784	Unicorn-63522.exe
1652	Unicorn-60912.exe
1652	Unicorn-60912.exe
2128	Unicorn-32791.exe
2128	Unicorn-32791.exe
2816	Unicorn-53320.exe
2816	Unicorn-53320.exe
980	WerFault.exe
980	WerFault.exe
980	WerFault.exe
980	WerFault.exe
980	WerFault.exe
980	WerFault.exe
1772	Unicorn-44036.exe
1772	Unicorn-44036.exe
980	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
944	2976	WerFault.exe	37
980	2448	WerFault.exe	44

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
2356	420bc204a16f31194f57ecc5649bebf2.exe
1944	Unicorn-50995.exe
2852	Unicorn-18214.exe
2740	Unicorn-20906.exe
2888	Unicorn-53107.exe
1812	Unicorn-29157.exe
2600	Unicorn-18297.exe
2904	Unicorn-50715.exe
268	Unicorn-4207.exe
2568	Unicorn-62967.exe
2976	Unicorn-64913.exe
2784	Unicorn-63522.exe
1652	Unicorn-60912.exe
2816	Unicorn-53320.exe
1636	Unicorn-60097.exe
1732	Unicorn-59542.exe
2448	Unicorn-118.exe
2128	Unicorn-32791.exe
836	Unicorn-39567.exe
1772	Unicorn-44036.exe
1120	Unicorn-49127.exe
1632	Unicorn-25260.exe
2216	Unicorn-23336.exe
2340	Unicorn-11296.exe
1116	Unicorn-4010.exe
688	Unicorn-61799.exe
2280	Unicorn-28391.exe
2752	Unicorn-40534.exe
2760	Unicorn-40534.exe
1252	Unicorn-23378.exe
2572	Unicorn-8240.exe
760	Unicorn-56782.exe
572	Unicorn-41427.exe
1036	Unicorn-29860.exe
1640	Unicorn-39865.exe
2460	Unicorn-7659.exe
1328	Unicorn-38879.exe
2852	Unicorn-56502.exe
2368	Unicorn-36994.exe
2064	Unicorn-39598.exe
1700	Unicorn-32063.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1944	2356	420bc204a16f31194f57ecc5649bebf2.exe	28
PID 2356 wrote to memory of 1944	2356	420bc204a16f31194f57ecc5649bebf2.exe	28
PID 2356 wrote to memory of 1944	2356	420bc204a16f31194f57ecc5649bebf2.exe	28
PID 2356 wrote to memory of 1944	2356	420bc204a16f31194f57ecc5649bebf2.exe	28
PID 1944 wrote to memory of 2852	1944	Unicorn-50995.exe	29
PID 1944 wrote to memory of 2852	1944	Unicorn-50995.exe	29
PID 1944 wrote to memory of 2852	1944	Unicorn-50995.exe	29
PID 1944 wrote to memory of 2852	1944	Unicorn-50995.exe	29
PID 2356 wrote to memory of 2740	2356	420bc204a16f31194f57ecc5649bebf2.exe	30
PID 2356 wrote to memory of 2740	2356	420bc204a16f31194f57ecc5649bebf2.exe	30
PID 2356 wrote to memory of 2740	2356	420bc204a16f31194f57ecc5649bebf2.exe	30
PID 2356 wrote to memory of 2740	2356	420bc204a16f31194f57ecc5649bebf2.exe	30
PID 2852 wrote to memory of 2888	2852	Unicorn-18214.exe	31
PID 2852 wrote to memory of 2888	2852	Unicorn-18214.exe	31
PID 2852 wrote to memory of 2888	2852	Unicorn-18214.exe	31
PID 2852 wrote to memory of 2888	2852	Unicorn-18214.exe	31
PID 1944 wrote to memory of 1812	1944	Unicorn-50995.exe	32
PID 1944 wrote to memory of 1812	1944	Unicorn-50995.exe	32
PID 1944 wrote to memory of 1812	1944	Unicorn-50995.exe	32
PID 1944 wrote to memory of 1812	1944	Unicorn-50995.exe	32
PID 2740 wrote to memory of 2600	2740	Unicorn-20906.exe	33
PID 2740 wrote to memory of 2600	2740	Unicorn-20906.exe	33
PID 2740 wrote to memory of 2600	2740	Unicorn-20906.exe	33
PID 2740 wrote to memory of 2600	2740	Unicorn-20906.exe	33
PID 2888 wrote to memory of 2568	2888	Unicorn-53107.exe	34
PID 2888 wrote to memory of 2568	2888	Unicorn-53107.exe	34
PID 2888 wrote to memory of 2568	2888	Unicorn-53107.exe	34
PID 2888 wrote to memory of 2568	2888	Unicorn-53107.exe	34
PID 1812 wrote to memory of 2904	1812	Unicorn-29157.exe	36
PID 1812 wrote to memory of 2904	1812	Unicorn-29157.exe	36
PID 1812 wrote to memory of 2904	1812	Unicorn-29157.exe	36
PID 1812 wrote to memory of 2904	1812	Unicorn-29157.exe	36
PID 2852 wrote to memory of 268	2852	Unicorn-18214.exe	35
PID 2852 wrote to memory of 268	2852	Unicorn-18214.exe	35
PID 2852 wrote to memory of 268	2852	Unicorn-18214.exe	35
PID 2852 wrote to memory of 268	2852	Unicorn-18214.exe	35
PID 2600 wrote to memory of 2976	2600	Unicorn-18297.exe	37
PID 2600 wrote to memory of 2976	2600	Unicorn-18297.exe	37
PID 2600 wrote to memory of 2976	2600	Unicorn-18297.exe	37
PID 2600 wrote to memory of 2976	2600	Unicorn-18297.exe	37
PID 2740 wrote to memory of 2784	2740	Unicorn-20906.exe	38
PID 2740 wrote to memory of 2784	2740	Unicorn-20906.exe	38
PID 2740 wrote to memory of 2784	2740	Unicorn-20906.exe	38
PID 2740 wrote to memory of 2784	2740	Unicorn-20906.exe	38
PID 2976 wrote to memory of 944	2976	Unicorn-64913.exe	39
PID 2976 wrote to memory of 944	2976	Unicorn-64913.exe	39
PID 2976 wrote to memory of 944	2976	Unicorn-64913.exe	39
PID 2976 wrote to memory of 944	2976	Unicorn-64913.exe	39
PID 268 wrote to memory of 1652	268	Unicorn-4207.exe	40
PID 268 wrote to memory of 1652	268	Unicorn-4207.exe	40
PID 268 wrote to memory of 1652	268	Unicorn-4207.exe	40
PID 268 wrote to memory of 1652	268	Unicorn-4207.exe	40
PID 2904 wrote to memory of 2816	2904	Unicorn-50715.exe	41
PID 2904 wrote to memory of 2816	2904	Unicorn-50715.exe	41
PID 2904 wrote to memory of 2816	2904	Unicorn-50715.exe	41
PID 2904 wrote to memory of 2816	2904	Unicorn-50715.exe	41
PID 1812 wrote to memory of 1636	1812	Unicorn-29157.exe	42
PID 1812 wrote to memory of 1636	1812	Unicorn-29157.exe	42
PID 1812 wrote to memory of 1636	1812	Unicorn-29157.exe	42
PID 1812 wrote to memory of 1636	1812	Unicorn-29157.exe	42
PID 2784 wrote to memory of 1732	2784	Unicorn-63522.exe	43
PID 2784 wrote to memory of 1732	2784	Unicorn-63522.exe	43
PID 2784 wrote to memory of 1732	2784	Unicorn-63522.exe	43
PID 2784 wrote to memory of 1732	2784	Unicorn-63522.exe	43

C:\Users\Admin\AppData\Local\Temp\420bc204a16f31194f57ecc5649bebf2.exe
"C:\Users\Admin\AppData\Local\Temp\420bc204a16f31194f57ecc5649bebf2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        5⤵
        Executes dropped EXE
        
        PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        10⤵
        Executes dropped EXE
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20906.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20906.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 200
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        8⤵
        Executes dropped EXE
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        7⤵
        Executes dropped EXE
        
        PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe

Filesize
184KB

MD5
a1b6e65918960bdda6a46471fed410a4

SHA1
40b8a7f441c23cebcc5ba8cad91cf0692deba13c

SHA256
c85e6ac7d08c1545e787d4eeff3659d841daee50a990f0802b99c530f27b76b4

SHA512
07926984872392ef550496dbce25df252a4ed75a6c1ccf98de98dd575f162e43f703e48ceb42bc4414bca46e41d5379b14236108c9783e6eff0087ffd02b6154

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe

Filesize
19KB

MD5
511480b736bbc353f81cb13a1c867367

SHA1
512a62fcdd8709e3521a0befb766daf60ef54d97

SHA256
9e7d6bbac68c4229d224b2a28fd97decae0e59964f8bbeb6c6d7c0c56119bdbc

SHA512
0701a599fc392826262c18b25967399c6dfc9e626b31bfa2fef9d5e6c92d1d17e053f0d353a3cd45c401f1afa7f07a49d629559916a956ce2e7d91133c06dc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe

Filesize
184KB

MD5
46f39c6b698aad2cd440ac1061463b5a

SHA1
d1544a445510d4017055d82f2c223bdcc350ca1e

SHA256
f220d217f14b6e1d9a195ea9703963a203410b035d9d89cf51acd97c14761967

SHA512
a219de10008645beca584d0d41c3afd768ba64211d9b3fb4c43d155af922c9c9a6dd4443d9db0ca7556de58ee44d4c6929c7aae0195da8b57cd43ee200beffd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-118.exe

Filesize
184KB

MD5
beadfb273c1b9568af7acbf07ccf846a

SHA1
1e3e53d59dd0884e35c54be999eefb3155cee24f

SHA256
1fd9c896151281fcec5cb211726172718211fd37192493641af01cf164f35bbb

SHA512
07d8b270d9074543b7e7d269c4031d1efbdaa7a4cfd0da335f068c9b66fa1d6d9785817781f1d6b9c87cfcf7de3fd5b798990e838271dc85d0421d3fa593e3d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe

Filesize
184KB

MD5
7eb128027b4fc95e1f2cc282f4006e98

SHA1
1dc59d9997962260f8f0e5f69e652d5097b49ebf

SHA256
f6a1b37bd133d08b656de3f7c32c7671c69547456eb2929d503be5452ad88e1d

SHA512
0e3b69753ee3a452f15e951f04d892352e114467d859479423057be0c4c3102a61009fc01b4939543d743b83f6ff6876f610b3d643bf23fe49350fd3a1bb5f5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20906.exe

Filesize
184KB

MD5
0b428d041c859354b54fc85d78f5e4f2

SHA1
123abd577c6b7e4b5166b14bdbd6589a5bbbe4f6

SHA256
6b93e7639b670a63e7e44ce6cd2d9ecc9a9df524811774d7a8c4b1b31b4e657e

SHA512
011acdcc0377b22797b15d50a2620d1cf62bfa2660baed69a23188fe16f550a075bb8876b1180151c544a2f2548b05cf64dfca37b3b0e4b520fd06d597451e1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe

Filesize
184KB

MD5
e634841f30e36216a7eface12ce347a4

SHA1
8103db032155081e6d18aa6a53fb667fb371696c

SHA256
e18c096bb8d3b079527e1a7e4b3b55e60da486003710a9ac359682922f8c5fe8

SHA512
95d1670b1cd1e2ee784bae58d952d01a4913d4d0cdae9cdcabdaa22665fdfb56ce11bcf21a23d752b1cbe807f9e557c9bf2b37860471b30cbe5d24a648685740

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe

Filesize
184KB

MD5
3a7e08ed1bc3d9960277d0bfcc725cb7

SHA1
99c0b269d37be3c3b3c1e0d4230a004c4bddc700

SHA256
32f8ea2c97d982dea3052c3359468ebcfa40019c95428d29d0c7adb63cf0a117

SHA512
978735c45f87428d25a5ebb4ae4365c2742ea311fcad9919c5d3f32e3066c68d9abce8a52ca285d3805dfb4e88e9354183eddc9693cbcfc8191dcb1045b7133a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe

Filesize
184KB

MD5
c00e5771adc06033b1fedf3622ae65ad

SHA1
b606b187b74d1148fffbdff4fd1a51634c2f3388

SHA256
40899fb302a710406746aaa62e071426e266dc1188ab27297b7da220fe0fb961

SHA512
33b2bc74ac549b5af79a971e6b21fcdedb395aa6e7deb3c9eb2e008f4b09463361fa52482e3782ab816e8644c27aa6cafdfb4f4be403bcf6bf50680cd191f4da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe

Filesize
184KB

MD5
dc4a3a3517fd8727a3307457184ee4f8

SHA1
d5927aa356686dd4bde885028d1430f3f3cf8686

SHA256
f1ccab57994603d84b3952f8a6f6d4880f76478da19e756284d83cb7d2a893a1

SHA512
e0488490dd55b9942396c54680c6c2c517ac8de67a414629bff2c81286b1ef5a5105a45c2cb5fd60f73751cd7d3325091c50a3df26f311d4bd13000ca06bc377

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe

Filesize
184KB

MD5
e968f248a8dd61e8caf1700aa41073f7

SHA1
9346f0312d93291686f0555aee638f5db7ceac3c

SHA256
28be1bcea90068f2f113d968706cc0e1fd55f1b73e0cf0886f9baf3b9c39da3d

SHA512
9026635f65aeaa8fbcc5b852c8e97076ca4288588aefe80c2408d7b5e6c623845ceedf12e624b8682d023e25dc9ef0d2b27da059425bbc154394065d1c739f3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe

Filesize
184KB

MD5
3b85fbba4453a1333c0847b36665ef09

SHA1
19037c44b9d2edbab078298ba9c7d2063fc98068

SHA256
fd730379e546cdcc0e155849f0be54799171f635c8c2fb5439334cf5d8f1a7f1

SHA512
88320e854d5756a34d7446335db0dcb48f2762f130d71a7d315ab041e37882639687f4d842493a9879533baad486d2fbd218db3251b4968fc6610d9b07654713

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe

Filesize
184KB

MD5
6b66ba49c4dd0bf88ce273cf576d63f8

SHA1
30a09e201b2d03400bfce977d51d181ecb69bddf

SHA256
9e1e21d0b329008f0a68b2b460cc24b32f0c4deba4fec68ca6b16612e5f56a98

SHA512
2114ae563da61f2f9b675c69131d833489202e3c4ddf5aa40ecd38cd543dde4176754d39db170145199605304b1258e591a3a37095c324594fe7c4c3814ec7a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe

Filesize
8KB

MD5
5bfadec2d7b99c3a8763c0620e10dfe8

SHA1
58e7e0b8bbee4ccd92c9036b6813896fd5baa61c

SHA256
665aced717a3af20bab88ce99ece8819c528d696688078dd625231783a64d1ca

SHA512
23d814a3f53c624f40a0725be746fc1d13e571858d22fc08403d1df0ff5093690babfaf750332badd87c1054d58c7ee7af05d0bf06acc72623a818e23de95b57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe

Filesize
184KB

MD5
256b1b88e4235c112f069ebc76c85028

SHA1
758088026ed1425d4d32f6557b442bc17131057d

SHA256
b6414458e727c697f0d6f4565d65e5cdba517013356c7d76e73076db1b565919

SHA512
7dc260f436800dd948505ff4147eabcc7a1c2c88dc697e2d89fa5fb57f8387ba69644703d357fe43368bab95443f14b2ae8f21325b89882b78706f7aad5b9f99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe

Filesize
64KB

MD5
a7eee177c4fc9049bb950795da72bd10

SHA1
241f0817b072a264328f85db93aa21ada6330b1a

SHA256
09ccc2c1594d392fd94dc53507a8da90008a4dd06dc4cf64f1db0be4a587a4bb

SHA512
99374f2d98b550e069d88abc2531ec126e0cafa03276e4b6c37afebdce123a9c1c263adbc6c0bf40681ec7925b3081afba4988808de715ac01402c44bdc0fd26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe

Filesize
184KB

MD5
568ef3683ffec591d36cc7cff4b91e78

SHA1
7777d338c666bc161f504ba688810c4df5daa5fb

SHA256
7e5ad3b3f78e0dc4892e49122f55dcd1b87a7152af19e2d9e59decb3917fc2c3

SHA512
c61e3de6b16ebcd298f4f5086f9b476567779d674c5b789f99ed2cb5362aeaad080c1610e345b951e0e0aa9d1523d2caf7930b2c2afd76705f706a12fcaadc36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe

Filesize
184KB

MD5
5733e4cc7dfe5308a45de9825da220b1

SHA1
36e3a73fb759ab9d1aa18c6e941c2c508470d7e0

SHA256
06ace6038e5bcf949ad4a1afc2e64114adbc3ee00f06eb80aa44491b027e8dea

SHA512
fb366ca696ac1db24e78bf270ff089359ff90ed876cf7ec51628caa48de620cf378c42dbe940d78fcf3cb03aecad7635fe04bc2a9a848f2f1a26ca23175bb9fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe

Filesize
184KB

MD5
2a3410216836d1c322fb3dff0373238b

SHA1
f303d523519f48936df497ca6e4f1bcb8f2b205e

SHA256
0da7ff3972d54d75254568d1352b755a49ee940808f6a0296535be46fa7adc61

SHA512
55b4d06c5a53485fd3e34909946b404ca8d3f6a3ee5c617a49c3324272a76179bc81e23e9eb20d062b3491f969e0d69f4d598b97077982dba0dbece48cdaa098

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads