3c3a03c1255395b52e2a9edbeeb3c74f29af19b5d2104534ee65e434bbd20a33

Analysis

max time kernel
47s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45d1c873ba9dec4f3e9b49754cc5c924.exe
Size

184KB
MD5

45d1c873ba9dec4f3e9b49754cc5c924
SHA1

aad32d33df3e4c53d9ae4fb003133dab5f87207e
SHA256

3c3a03c1255395b52e2a9edbeeb3c74f29af19b5d2104534ee65e434bbd20a33
SHA512

982a55ea5b057ce3687a5acc905d228c1d0a5d96137a978f17d50a136b3375d5219c8abd938291b5a2594c3347986b746da21b76ca6ec21eb676a79a2327bcc0
SSDEEP

3072:o/HjoNDhAlE8O8Fd8scGzFbOtR6NKPIdBYx8Mw0G7lPdpFJ:o/DotOa8tdtcGz8g3h7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 57 IoCs

pid	Process
3040	Unicorn-23680.exe
2808	Unicorn-10161.exe
2812	Unicorn-39496.exe
2636	Unicorn-23753.exe
2720	Unicorn-28583.exe
2612	Unicorn-40281.exe
1604	Unicorn-52528.exe
2036	Unicorn-19856.exe
1976	Unicorn-14982.exe
1900	Unicorn-47847.exe
1608	Unicorn-34848.exe
764	Unicorn-9990.exe
2068	Unicorn-42855.exe
1640	Unicorn-54785.exe
292	Unicorn-34879.exe
2128	Unicorn-24319.exe
2072	Unicorn-45486.exe
2704	Unicorn-23966.exe
440	Unicorn-45133.exe
2464	Unicorn-32518.exe
692	Unicorn-53685.exe
1576	Unicorn-31174.exe
332	Unicorn-27836.exe
1796	Unicorn-47702.exe
888	Unicorn-31558.exe
640	Unicorn-48086.exe
2092	Unicorn-61085.exe
2040	Unicorn-26784.exe
1592	Unicorn-64479.exe
2700	Unicorn-33800.exe
1904	Unicorn-35445.exe
2968	Unicorn-58532.exe
2792	Unicorn-4884.exe
2852	Unicorn-9715.exe
2560	Unicorn-20453.exe
2876	Unicorn-36405.exe
2660	Unicorn-52741.exe
2744	Unicorn-12284.exe
2532	Unicorn-22987.exe
2272	Unicorn-27586.exe
2148	Unicorn-57113.exe
3068	Unicorn-3273.exe
1860	Unicorn-49137.exe
108	Unicorn-15390.exe
1708	Unicorn-20029.exe
2044	Unicorn-34253.exe
752	Unicorn-53927.exe
2668	Unicorn-37975.exe
1520	Unicorn-53735.exe
684	Unicorn-39703.exe
2120	Unicorn-20714.exe
2596	Unicorn-3885.exe
2808	Unicorn-48447.exe
612	Unicorn-40580.exe
1044	Unicorn-18318.exe
2972	Unicorn-1576.exe
1672	Unicorn-47248.exe

Loads dropped DLL 64 IoCs

pid	Process
2880	45d1c873ba9dec4f3e9b49754cc5c924.exe
2880	45d1c873ba9dec4f3e9b49754cc5c924.exe
3040	Unicorn-23680.exe
3040	Unicorn-23680.exe
2880	45d1c873ba9dec4f3e9b49754cc5c924.exe
2880	45d1c873ba9dec4f3e9b49754cc5c924.exe
2808	Unicorn-10161.exe
2808	Unicorn-10161.exe
3040	Unicorn-23680.exe
2812	Unicorn-39496.exe
2812	Unicorn-39496.exe
3040	Unicorn-23680.exe
2720	Unicorn-28583.exe
2720	Unicorn-28583.exe
2612	Unicorn-40281.exe
2612	Unicorn-40281.exe
2812	Unicorn-39496.exe
2812	Unicorn-39496.exe
2808	Unicorn-10161.exe
2636	Unicorn-23753.exe
2808	Unicorn-10161.exe
2636	Unicorn-23753.exe
1976	Unicorn-14982.exe
1976	Unicorn-14982.exe
1604	Unicorn-52528.exe
1604	Unicorn-52528.exe
2720	Unicorn-28583.exe
2720	Unicorn-28583.exe
1900	Unicorn-47847.exe
1900	Unicorn-47847.exe
1608	Unicorn-34848.exe
1608	Unicorn-34848.exe
2636	Unicorn-23753.exe
2636	Unicorn-23753.exe
764	Unicorn-9990.exe
764	Unicorn-9990.exe
1976	Unicorn-14982.exe
1976	Unicorn-14982.exe
2068	Unicorn-42855.exe
2068	Unicorn-42855.exe
1604	Unicorn-52528.exe
1604	Unicorn-52528.exe
292	Unicorn-34879.exe
292	Unicorn-34879.exe
1900	Unicorn-47847.exe
1900	Unicorn-47847.exe
1640	Unicorn-54785.exe
1640	Unicorn-54785.exe
2072	Unicorn-45486.exe
2072	Unicorn-45486.exe
2128	Unicorn-24319.exe
2128	Unicorn-24319.exe
1608	Unicorn-34848.exe
1608	Unicorn-34848.exe
2704	Unicorn-23966.exe
2704	Unicorn-23966.exe
764	Unicorn-9990.exe
764	Unicorn-9990.exe
440	Unicorn-45133.exe
440	Unicorn-45133.exe
1576	Unicorn-31174.exe
1576	Unicorn-31174.exe
292	Unicorn-34879.exe
292	Unicorn-34879.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
312	2044	WerFault.exe	78

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2880	45d1c873ba9dec4f3e9b49754cc5c924.exe
3040	Unicorn-23680.exe
2808	Unicorn-10161.exe
2812	Unicorn-39496.exe
2720	Unicorn-28583.exe
2636	Unicorn-23753.exe
2612	Unicorn-40281.exe
1604	Unicorn-52528.exe
2036	Unicorn-19856.exe
1976	Unicorn-14982.exe
1900	Unicorn-47847.exe
1608	Unicorn-34848.exe
764	Unicorn-9990.exe
2068	Unicorn-42855.exe
292	Unicorn-34879.exe
2128	Unicorn-24319.exe
1640	Unicorn-54785.exe
2072	Unicorn-45486.exe
2704	Unicorn-23966.exe
440	Unicorn-45133.exe
2464	Unicorn-32518.exe
1576	Unicorn-31174.exe
692	Unicorn-53685.exe
888	Unicorn-31558.exe
1796	Unicorn-47702.exe
332	Unicorn-27836.exe
640	Unicorn-48086.exe
2092	Unicorn-61085.exe
2040	Unicorn-26784.exe
1592	Unicorn-64479.exe
2700	Unicorn-33800.exe
1904	Unicorn-35445.exe
2968	Unicorn-58532.exe
2792	Unicorn-4884.exe
2876	Unicorn-36405.exe
2660	Unicorn-52741.exe
2744	Unicorn-12284.exe
2560	Unicorn-20453.exe
2532	Unicorn-22987.exe
2852	Unicorn-9715.exe
2272	Unicorn-27586.exe
1860	Unicorn-49137.exe
2148	Unicorn-57113.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 3040	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	28
PID 2880 wrote to memory of 3040	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	28
PID 2880 wrote to memory of 3040	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	28
PID 2880 wrote to memory of 3040	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	28
PID 3040 wrote to memory of 2808	3040	Unicorn-23680.exe	29
PID 3040 wrote to memory of 2808	3040	Unicorn-23680.exe	29
PID 3040 wrote to memory of 2808	3040	Unicorn-23680.exe	29
PID 3040 wrote to memory of 2808	3040	Unicorn-23680.exe	29
PID 2880 wrote to memory of 2812	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	30
PID 2880 wrote to memory of 2812	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	30
PID 2880 wrote to memory of 2812	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	30
PID 2880 wrote to memory of 2812	2880	45d1c873ba9dec4f3e9b49754cc5c924.exe	30
PID 2808 wrote to memory of 2636	2808	Unicorn-10161.exe	31
PID 2808 wrote to memory of 2636	2808	Unicorn-10161.exe	31
PID 2808 wrote to memory of 2636	2808	Unicorn-10161.exe	31
PID 2808 wrote to memory of 2636	2808	Unicorn-10161.exe	31
PID 2812 wrote to memory of 2612	2812	Unicorn-39496.exe	32
PID 2812 wrote to memory of 2612	2812	Unicorn-39496.exe	32
PID 2812 wrote to memory of 2612	2812	Unicorn-39496.exe	32
PID 2812 wrote to memory of 2612	2812	Unicorn-39496.exe	32
PID 3040 wrote to memory of 2720	3040	Unicorn-23680.exe	33
PID 3040 wrote to memory of 2720	3040	Unicorn-23680.exe	33
PID 3040 wrote to memory of 2720	3040	Unicorn-23680.exe	33
PID 3040 wrote to memory of 2720	3040	Unicorn-23680.exe	33
PID 2720 wrote to memory of 1604	2720	Unicorn-28583.exe	34
PID 2720 wrote to memory of 1604	2720	Unicorn-28583.exe	34
PID 2720 wrote to memory of 1604	2720	Unicorn-28583.exe	34
PID 2720 wrote to memory of 1604	2720	Unicorn-28583.exe	34
PID 2612 wrote to memory of 2036	2612	Unicorn-40281.exe	35
PID 2612 wrote to memory of 2036	2612	Unicorn-40281.exe	35
PID 2612 wrote to memory of 2036	2612	Unicorn-40281.exe	35
PID 2612 wrote to memory of 2036	2612	Unicorn-40281.exe	35
PID 2812 wrote to memory of 1976	2812	Unicorn-39496.exe	36
PID 2812 wrote to memory of 1976	2812	Unicorn-39496.exe	36
PID 2812 wrote to memory of 1976	2812	Unicorn-39496.exe	36
PID 2812 wrote to memory of 1976	2812	Unicorn-39496.exe	36
PID 2808 wrote to memory of 1900	2808	Unicorn-10161.exe	37
PID 2808 wrote to memory of 1900	2808	Unicorn-10161.exe	37
PID 2808 wrote to memory of 1900	2808	Unicorn-10161.exe	37
PID 2808 wrote to memory of 1900	2808	Unicorn-10161.exe	37
PID 2636 wrote to memory of 1608	2636	Unicorn-23753.exe	38
PID 2636 wrote to memory of 1608	2636	Unicorn-23753.exe	38
PID 2636 wrote to memory of 1608	2636	Unicorn-23753.exe	38
PID 2636 wrote to memory of 1608	2636	Unicorn-23753.exe	38
PID 1976 wrote to memory of 764	1976	Unicorn-14982.exe	39
PID 1976 wrote to memory of 764	1976	Unicorn-14982.exe	39
PID 1976 wrote to memory of 764	1976	Unicorn-14982.exe	39
PID 1976 wrote to memory of 764	1976	Unicorn-14982.exe	39
PID 1604 wrote to memory of 2068	1604	Unicorn-52528.exe	40
PID 1604 wrote to memory of 2068	1604	Unicorn-52528.exe	40
PID 1604 wrote to memory of 2068	1604	Unicorn-52528.exe	40
PID 1604 wrote to memory of 2068	1604	Unicorn-52528.exe	40
PID 2720 wrote to memory of 1640	2720	Unicorn-28583.exe	41
PID 2720 wrote to memory of 1640	2720	Unicorn-28583.exe	41
PID 2720 wrote to memory of 1640	2720	Unicorn-28583.exe	41
PID 2720 wrote to memory of 1640	2720	Unicorn-28583.exe	41
PID 1900 wrote to memory of 292	1900	Unicorn-47847.exe	42
PID 1900 wrote to memory of 292	1900	Unicorn-47847.exe	42
PID 1900 wrote to memory of 292	1900	Unicorn-47847.exe	42
PID 1900 wrote to memory of 292	1900	Unicorn-47847.exe	42
PID 1608 wrote to memory of 2128	1608	Unicorn-34848.exe	43
PID 1608 wrote to memory of 2128	1608	Unicorn-34848.exe	43
PID 1608 wrote to memory of 2128	1608	Unicorn-34848.exe	43
PID 1608 wrote to memory of 2128	1608	Unicorn-34848.exe	43

C:\Users\Admin\AppData\Local\Temp\45d1c873ba9dec4f3e9b49754cc5c924.exe
"C:\Users\Admin\AppData\Local\Temp\45d1c873ba9dec4f3e9b49754cc5c924.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10161.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        8⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        8⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
        11⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        8⤵
        Executes dropped EXE
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        7⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        8⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        7⤵
        Executes dropped EXE
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        7⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        9⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        6⤵
        Executes dropped EXE
        
        PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        8⤵
        Executes dropped EXE
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        7⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        8⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        6⤵
        Executes dropped EXE
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        7⤵
        
        PID:2616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        5⤵
        Executes dropped EXE
        
        PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        7⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29438.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        9⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        6⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
        7⤵
        Program crash
        
        PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        6⤵
        Executes dropped EXE
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        8⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        6⤵
        Executes dropped EXE
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        7⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        5⤵
        Executes dropped EXE
        
        PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe

Filesize
184KB

MD5
900b2dd60cd985cfa7f096285a21d150

SHA1
b422c67a15f50a1ca95bb8dc13342c7d8ddc02cc

SHA256
9ef42e42667cf80abbbd4bbed8c54ea6718ee246592c3ab226737b42c403815d

SHA512
e226366022fc41dfbe2939e73b4cc2808c97945e65e9a9c19d6e582fb433d6f5baa815271b320757ff5204d67185c5748956f9ffb4b433cdc1b763a3385a848a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe

Filesize
184KB

MD5
d639a22ea724287ab42f07e4c7dbfe00

SHA1
d08e3f72571bff672ec46d7e3efe544c1337d185

SHA256
f579e99dc3d25444033361af523e90756c68496ce057e8720f1ce154b1212f4d

SHA512
ebc93fb9933bb443da7fc3ed4aa5e5ef281c4f46f7420b29f78425be8a1521159f6d62e711d8f3cdc0277792b88272fae6cc7a5c2c901e16029eb99a7696f2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe

Filesize
184KB

MD5
37503e107b9598a7d6d3d868629997c1

SHA1
b339078fc8a68f7609570047303711fb84941cc1

SHA256
5a8976d972cdc251f0e15ab7c6f954ea961ac8854c6e27e3e6c02c6abb01eef6

SHA512
b84d1f65f7b26f485b32033ce7e3d0ee99e92c4e0ca477f545f3ed49214ca52d70f2d1c527cf290d68da0d31fc7f5a78df176849f924822c7df20a5428dcaa0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe

Filesize
128KB

MD5
e254bb20aa05484e9d51afdbff860970

SHA1
5ddd664b16e1795586c8010ee706c80cfce9104b

SHA256
00fe297be20d6a2e50f6381faa482e3ff9b8e068fd3ba92ec7cc63addc0f93cc

SHA512
db2e16640d18d15dac9bde2fa60666343d1038690b589ee6a782b891f3032727addc42fcf22d73b180a2a1d1f11cad093f28731dd5cdfd37f9c87def2c76d851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe

Filesize
184KB

MD5
4871b5aaf2851db20153d70b3e9fb97e

SHA1
a79f2191a9899182f1a85a607995a4c12197abb2

SHA256
f30addef8d5fa2b55769b9489037ce4d6c28d9c6d4108f446e6330cd29dffaee

SHA512
fb3bc095e3158844dd4978ce0f766c8585e22d7b4701b613af19c37cb283852c5253d7a3188be2bee4e0e14cd470109fb528c905e973fa86a11074784426f677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe

Filesize
184KB

MD5
8f802ff9f96903cec10493ded79aebf7

SHA1
f5b4e2aefbbd631e8191b188b4083c9ed372f5b0

SHA256
e7813d58de560b9f6085556214cf3a1e75ad62b7976d4b4095e1efd2cb8e3116

SHA512
ad8b5089d672549ce61bb58e6c15b2b8a7b0b28e5e6950604974abde226117d1f0a95ad147e01e9484166edd702fa362760d1ddca3b165aa3778b0de1e0e1a2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10161.exe

Filesize
184KB

MD5
f8850455090d57f7831aa34bf4143c63

SHA1
7291b8900973fa82812522b6a91ad596311e8c47

SHA256
f18e7094f5ca568f34e256e11a19a1173e92e1837bfa37a40425a968113027eb

SHA512
265f826c12349e7233e87959e3dc8b01e31ed8f3e9e0b1a7dbe16bb8ec5e9856dfa5922bbf30c842a1556e104058c9099f0c80459b1012c8dd1fdc1613c92fb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe

Filesize
184KB

MD5
fe64fa41b394fea1a2dedb873e3b45a3

SHA1
4822dac97265ca6a741092fe04424b3b48c307b8

SHA256
c0159017ee1b795354175eeec7bf197edb87fa4b985dc6de61801238dc795fd9

SHA512
fb99bb8ae541f4124d91a331f6d0dba6a758af8884b239c79648f7549e8c972e64aca980897ebc58c7b5aa112867c97477c6989891519f6f133eac07994bff36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe

Filesize
184KB

MD5
f30a67b4532bc93fa61baeb95a6b8aa6

SHA1
4204f536745e5567b49e010193d93f71f0c93e44

SHA256
0abf8577438b4ef448831f9b59378ad512e5cf6e9ea1ffdd04e953e69458b950

SHA512
848bcdbf6dc26f28bb71d0a337ce91801de39a6397b77134edb6cf32b74ab081aabc0ce240c78691fa506bec9b3ebe2acbff2a7fb611ecd6bffef2cbb5c7567b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe

Filesize
184KB

MD5
ed21215affc24cdc7fdb57156999b231

SHA1
8d4746153cf45cd6764ccdc71ac4dfda64e8c1b3

SHA256
776d8c1e95780083cf1de639aa2b8018f91f7c05a8bcc4212dcee5a0ff57944a

SHA512
d4cb26c9d1ad87c55ce71537f13fb19f6f99ba43ebea6d92ae46959549ad2777384497788485bedbca038e4600a332ad1c318c7f41c9af5d0325cc8eec93b371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe

Filesize
184KB

MD5
216a8c38088179574f70c11a0362c65f

SHA1
41df1aca59c5545a8fdbc96440c130db774ffd5d

SHA256
12e78c97dadd929b5ab9e78dc51d076fc1126ebcafc3bba1570854833514b936

SHA512
d0bf533c0ecff75ce352939f8af497a0810ad1af5fc7a1693d379bc5140bde64456940eb0a7b3b3e0a834217bff6119d2a74403d3ec26ba86a359f9b95dd887f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe

Filesize
184KB

MD5
143805b95db853e6ad62b9194302f431

SHA1
b1c505bbea4b36fcfb4f34ea265e267b190aa665

SHA256
9998338237970da93adcc79af3d63372e50b92777b1294d2083aaa47d90e0fca

SHA512
f3946a3cd21b4b93b4ea7729bd4faa3cb4fb035be5e152de3c9726658a78902be0008c7a303344d5ffac660aa2ae0c5f00dab0e610e8c4759d3f24c6e26c0c6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe

Filesize
184KB

MD5
85cc2c49b89663981e9bfbb30190546a

SHA1
263565c227d5c6f67a96e98fde99c9afadab7a3c

SHA256
9d84b44339e8a1f490bf6642e3a0ee9df352d83b739a6e74639e23a8b434879e

SHA512
74343464c795d1e336bee6d558352f50404a3cd2ad0b052e11d4932674c3263fbf6838a9c4ae784a6f7b6066afe07b17dd552ac3b9dfd75b77f6d5ce5b29a173

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe

Filesize
184KB

MD5
0183192f8dbca5cd24a99e6a724d7df9

SHA1
db68863a9ea7fb3334000ed196e14e1905e9bed3

SHA256
f1b3b385dac87ccf9800c65c155eac6cafdb2f5f83cf536fc657e315a7ac6330

SHA512
f2391af3ba8b6a9d4ffaca6ecdcf6217ba66e7a40838c296b6a686e9bbbb3351ae949b8e0bdfbf32196659cbefa8a131545b31fa37d505fbdbc14efb996c3022

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe

Filesize
184KB

MD5
2aee8ff07996b258aaf533ba8d00d22f

SHA1
7ac7790f1c5578e289a3579db73f80806bc7b38c

SHA256
e2c1b94eeff449b97aacf0cea03c013ad40ec7b516a827fb11115b6f36f8a62a

SHA512
95f02ebc5a8c349a4e92e979efe6c549f82265467730c90816e3d73d0a4345b270405cf8caa6d4c17b5e62bcd7b73cd81c3de2cedaafce759bf7e7891a71dc26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe

Filesize
184KB

MD5
acc0848ddd61f742a93aa1a2b8c12def

SHA1
2df245556f00eb70a2b2ae55510b8dbcf69f27a2

SHA256
65eb24cdd97103b5f3c1cd360fe8bf6177b3b84df707a66dcc8a1c97463c5791

SHA512
07486627d653702f21e02ff50c7a6e8be1480423b14fff3a5ca3a778108dfe43151f53d3c50efa1aa0110db05ee15bcf36062f00c562d48e8537de4524b40201

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe

Filesize
184KB

MD5
9fad81159ab15f8afd88a3b96611e690

SHA1
5121838b8f53833b700b251416702307455df917

SHA256
49c5b5847d060c050ec19da155739ee04e28de1fc3cc660878925f22d04e5919

SHA512
50fda45883ca46e4059864da28ab92717b32e5e217bf1cd1337d8d488cfe6bf7611cadd052d11143d856891b63892f03dc6d12e224cb7af6d4ad7fa665adaf10

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe

Filesize
184KB

MD5
49a18c579c5826c9c2ec524716118b7d

SHA1
20c3c39531795d5a104ed6e19a00ea34550fe294

SHA256
b1be2a6fafc76321abdd4b3ea74638b97bd98f17025d809babc7dff157b15653

SHA512
83cfce7e7440b9a61f118bb2bf1d69b9d9e13d6fd1f83288f959d000f34534501e7e7feb252d3503b5e4b186cf86ee3e127805cebaae4a4257e12c2fd6ff2c53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe

Filesize
184KB

MD5
de9263464ab617d93ae734cf5d4fb682

SHA1
a71b0e6126e3544bf2d0190f17901e7172fc08bc

SHA256
d9678ca6eefa7237c453dc7d58148a28af07616e52cdd9b1655d65f1a0998d85

SHA512
0fb92b90cec29b6b9f144074d63eac93bebd9dea699ec3fcfaa3b8fad24bbc9a8a548de411b1cd5839621be171c6bb0a67a43cb264f65e773969e78993b4e557

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe

Filesize
179KB

MD5
f7b66b8bd5c020911827deb190a5d0f1

SHA1
dee045ba25e6f450dc198bf6639f4289d519f7bf

SHA256
bc8071600bbb63c43d151a826413e54fef3a6c96915959b448f0b4b803c9d645

SHA512
553798493631fd97797be24d30194feb31794958b4d0b6f866f8de3cf167009f1673e13061be0c596066f146e23637e7076d471272af86d74f2d3dba1512600d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9990.exe

Filesize
184KB

MD5
2a0639700d0296174b58666d32bdd9cf

SHA1
7925282f04a1250e9468602ebad71f29426d4cba

SHA256
a125f02d98c8d1bc71ce6300f63f6e8d5ff57e461720b4f055206aa4ebfb3fb2

SHA512
59623821f0598653dfdce9657f4a5f06cc94c123100bea7a1b61012c31ac7bf20d150135aa4706f7c80643ad35c01d6242048df193079883c6d1a10a08f116a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads