a6fe28c5dd965b3dbc959dfedc10c1580ae27f451c63af3f4b6ee513ac21838b

Analysis

max time kernel
137s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4735c8c7bc40cb4993dd155130cc868e.exe
Size

184KB
MD5

4735c8c7bc40cb4993dd155130cc868e
SHA1

062b4959ba4f7d16d7ffc2599cc3969abd124692
SHA256

a6fe28c5dd965b3dbc959dfedc10c1580ae27f451c63af3f4b6ee513ac21838b
SHA512

36b3a2aaeec4a4abf2d64a0de54e007c627c6f7f523efe18a00631faf8c12066587e00c17053369d7247fa924c794d8262270c40921d3df37246f8d475dc0e18
SSDEEP

3072:G4n9ocQ/jA0lEjWdTuWNzTbOfMP633IISvexnwPq+olPdpj9:G49ohc0lPdqWNzg1n0olPdpj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2328	Unicorn-20214.exe
2428	Unicorn-61905.exe
2824	Unicorn-21619.exe
2720	Unicorn-7276.exe
2432	Unicorn-31226.exe
2576	Unicorn-14889.exe
2536	Unicorn-54936.exe
2660	Unicorn-60966.exe
2900	Unicorn-49269.exe
1996	Unicorn-59575.exe
1732	Unicorn-3597.exe
1108	Unicorn-49373.exe
1496	Unicorn-35537.exe
2280	Unicorn-13171.exe
1812	Unicorn-33037.exe
1640	Unicorn-63763.exe
2300	Unicorn-47235.exe
2012	Unicorn-10478.exe
2456	Unicorn-47982.exe
2416	Unicorn-49648.exe
1796	Unicorn-53732.exe
1660	Unicorn-37950.exe
1332	Unicorn-11329.exe
1668	Unicorn-62476.exe
956	Unicorn-44002.exe
2008	Unicorn-65169.exe
2120	Unicorn-3716.exe
2212	Unicorn-45948.exe
2468	Unicorn-34250.exe
1608	Unicorn-33011.exe
2868	Unicorn-17791.exe
2756	Unicorn-63099.exe
2968	Unicorn-23629.exe
2896	Unicorn-3763.exe
2852	Unicorn-50271.exe
2308	Unicorn-41309.exe
2752	Unicorn-41479.exe
3068	Unicorn-24759.exe
2636	Unicorn-24759.exe
2728	Unicorn-44625.exe
2288	Unicorn-61345.exe
1728	Unicorn-60333.exe
868	Unicorn-25583.exe
2168	Unicorn-11898.exe
2384	Unicorn-4005.exe
1176	Unicorn-15354.exe
1168	Unicorn-2630.exe
2472	Unicorn-52407.exe
2364	Unicorn-55588.exe
2760	Unicorn-48235.exe
764	Unicorn-40098.exe
676	Unicorn-17779.exe
2356	Unicorn-10186.exe
240	Unicorn-20493.exe
2000	Unicorn-16409.exe
1512	Unicorn-33299.exe
1528	Unicorn-8048.exe
472	Unicorn-36637.exe
2340	Unicorn-52973.exe
1508	Unicorn-21261.exe
1200	Unicorn-21261.exe
2040	Unicorn-20685.exe
2304	Unicorn-29045.exe
2220	Unicorn-44888.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	4735c8c7bc40cb4993dd155130cc868e.exe
2420	4735c8c7bc40cb4993dd155130cc868e.exe
2328	Unicorn-20214.exe
2328	Unicorn-20214.exe
2420	4735c8c7bc40cb4993dd155130cc868e.exe
2420	4735c8c7bc40cb4993dd155130cc868e.exe
2328	Unicorn-20214.exe
2428	Unicorn-61905.exe
2328	Unicorn-20214.exe
2428	Unicorn-61905.exe
2824	Unicorn-21619.exe
2824	Unicorn-21619.exe
2720	Unicorn-7276.exe
2720	Unicorn-7276.exe
2432	Unicorn-31226.exe
2432	Unicorn-31226.exe
2428	Unicorn-61905.exe
2428	Unicorn-61905.exe
2576	Unicorn-14889.exe
2576	Unicorn-14889.exe
2824	Unicorn-21619.exe
2824	Unicorn-21619.exe
2536	Unicorn-54936.exe
2576	Unicorn-14889.exe
2536	Unicorn-54936.exe
2576	Unicorn-14889.exe
2720	Unicorn-7276.exe
2720	Unicorn-7276.exe
2660	Unicorn-60966.exe
2660	Unicorn-60966.exe
2900	Unicorn-49269.exe
2900	Unicorn-49269.exe
1732	Unicorn-3597.exe
1732	Unicorn-3597.exe
1996	Unicorn-59575.exe
1996	Unicorn-59575.exe
2432	Unicorn-31226.exe
2432	Unicorn-31226.exe
1812	Unicorn-33037.exe
1812	Unicorn-33037.exe
1496	Unicorn-35537.exe
1496	Unicorn-35537.exe
2900	Unicorn-49269.exe
2900	Unicorn-49269.exe
2280	Unicorn-13171.exe
2280	Unicorn-13171.exe
1640	Unicorn-63763.exe
1640	Unicorn-63763.exe
1732	Unicorn-3597.exe
2300	Unicorn-47235.exe
1732	Unicorn-3597.exe
2300	Unicorn-47235.exe
2660	Unicorn-60966.exe
2660	Unicorn-60966.exe
2012	Unicorn-10478.exe
2012	Unicorn-10478.exe
1996	Unicorn-59575.exe
1996	Unicorn-59575.exe
2456	Unicorn-47982.exe
2456	Unicorn-47982.exe
2416	Unicorn-49648.exe
1660	Unicorn-37950.exe
2008	Unicorn-65169.exe
2416	Unicorn-49648.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
896	868	WerFault.exe	72

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
2420	4735c8c7bc40cb4993dd155130cc868e.exe
2328	Unicorn-20214.exe
2428	Unicorn-61905.exe
2824	Unicorn-21619.exe
2720	Unicorn-7276.exe
2432	Unicorn-31226.exe
2576	Unicorn-14889.exe
2536	Unicorn-54936.exe
2660	Unicorn-60966.exe
1996	Unicorn-59575.exe
2900	Unicorn-49269.exe
1732	Unicorn-3597.exe
1812	Unicorn-33037.exe
2280	Unicorn-13171.exe
1496	Unicorn-35537.exe
2300	Unicorn-47235.exe
1640	Unicorn-63763.exe
2012	Unicorn-10478.exe
2456	Unicorn-47982.exe
2416	Unicorn-49648.exe
1796	Unicorn-53732.exe
1332	Unicorn-11329.exe
1660	Unicorn-37950.exe
2008	Unicorn-65169.exe
1668	Unicorn-62476.exe
2120	Unicorn-3716.exe
956	Unicorn-44002.exe
2468	Unicorn-34250.exe
2212	Unicorn-45948.exe
1608	Unicorn-33011.exe
3068	Unicorn-24759.exe
2852	Unicorn-50271.exe
2288	Unicorn-61345.exe
2756	Unicorn-63099.exe
2636	Unicorn-24759.exe
2968	Unicorn-23629.exe
2308	Unicorn-41309.exe
1728	Unicorn-60333.exe
2896	Unicorn-3763.exe
2752	Unicorn-41479.exe
2868	Unicorn-17791.exe
2728	Unicorn-44625.exe
2384	Unicorn-4005.exe
868	Unicorn-25583.exe
1176	Unicorn-15354.exe
2168	Unicorn-11898.exe
1168	Unicorn-2630.exe
2364	Unicorn-55588.exe
2472	Unicorn-52407.exe
2760	Unicorn-48235.exe
764	Unicorn-40098.exe
676	Unicorn-17779.exe
2356	Unicorn-10186.exe
240	Unicorn-20493.exe
1512	Unicorn-33299.exe
1508	Unicorn-21261.exe
472	Unicorn-36637.exe
2036	Unicorn-25022.exe
2220	Unicorn-44888.exe
2872	Unicorn-44888.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2328	2420	4735c8c7bc40cb4993dd155130cc868e.exe	28
PID 2420 wrote to memory of 2328	2420	4735c8c7bc40cb4993dd155130cc868e.exe	28
PID 2420 wrote to memory of 2328	2420	4735c8c7bc40cb4993dd155130cc868e.exe	28
PID 2420 wrote to memory of 2328	2420	4735c8c7bc40cb4993dd155130cc868e.exe	28
PID 2328 wrote to memory of 2428	2328	Unicorn-20214.exe	29
PID 2328 wrote to memory of 2428	2328	Unicorn-20214.exe	29
PID 2328 wrote to memory of 2428	2328	Unicorn-20214.exe	29
PID 2328 wrote to memory of 2428	2328	Unicorn-20214.exe	29
PID 2420 wrote to memory of 2824	2420	4735c8c7bc40cb4993dd155130cc868e.exe	30
PID 2420 wrote to memory of 2824	2420	4735c8c7bc40cb4993dd155130cc868e.exe	30
PID 2420 wrote to memory of 2824	2420	4735c8c7bc40cb4993dd155130cc868e.exe	30
PID 2420 wrote to memory of 2824	2420	4735c8c7bc40cb4993dd155130cc868e.exe	30
PID 2328 wrote to memory of 2720	2328	Unicorn-20214.exe	31
PID 2328 wrote to memory of 2720	2328	Unicorn-20214.exe	31
PID 2328 wrote to memory of 2720	2328	Unicorn-20214.exe	31
PID 2328 wrote to memory of 2720	2328	Unicorn-20214.exe	31
PID 2428 wrote to memory of 2432	2428	Unicorn-61905.exe	32
PID 2428 wrote to memory of 2432	2428	Unicorn-61905.exe	32
PID 2428 wrote to memory of 2432	2428	Unicorn-61905.exe	32
PID 2428 wrote to memory of 2432	2428	Unicorn-61905.exe	32
PID 2824 wrote to memory of 2576	2824	Unicorn-21619.exe	33
PID 2824 wrote to memory of 2576	2824	Unicorn-21619.exe	33
PID 2824 wrote to memory of 2576	2824	Unicorn-21619.exe	33
PID 2824 wrote to memory of 2576	2824	Unicorn-21619.exe	33
PID 2720 wrote to memory of 2536	2720	Unicorn-7276.exe	34
PID 2720 wrote to memory of 2536	2720	Unicorn-7276.exe	34
PID 2720 wrote to memory of 2536	2720	Unicorn-7276.exe	34
PID 2720 wrote to memory of 2536	2720	Unicorn-7276.exe	34
PID 2432 wrote to memory of 2660	2432	Unicorn-31226.exe	35
PID 2432 wrote to memory of 2660	2432	Unicorn-31226.exe	35
PID 2432 wrote to memory of 2660	2432	Unicorn-31226.exe	35
PID 2432 wrote to memory of 2660	2432	Unicorn-31226.exe	35
PID 2428 wrote to memory of 2900	2428	Unicorn-61905.exe	36
PID 2428 wrote to memory of 2900	2428	Unicorn-61905.exe	36
PID 2428 wrote to memory of 2900	2428	Unicorn-61905.exe	36
PID 2428 wrote to memory of 2900	2428	Unicorn-61905.exe	36
PID 2576 wrote to memory of 1732	2576	Unicorn-14889.exe	37
PID 2576 wrote to memory of 1732	2576	Unicorn-14889.exe	37
PID 2576 wrote to memory of 1732	2576	Unicorn-14889.exe	37
PID 2576 wrote to memory of 1732	2576	Unicorn-14889.exe	37
PID 2824 wrote to memory of 1996	2824	Unicorn-21619.exe	38
PID 2824 wrote to memory of 1996	2824	Unicorn-21619.exe	38
PID 2824 wrote to memory of 1996	2824	Unicorn-21619.exe	38
PID 2824 wrote to memory of 1996	2824	Unicorn-21619.exe	38
PID 2536 wrote to memory of 1108	2536	Unicorn-54936.exe	40
PID 2536 wrote to memory of 1108	2536	Unicorn-54936.exe	40
PID 2536 wrote to memory of 1108	2536	Unicorn-54936.exe	40
PID 2536 wrote to memory of 1108	2536	Unicorn-54936.exe	40
PID 2576 wrote to memory of 1496	2576	Unicorn-14889.exe	39
PID 2576 wrote to memory of 1496	2576	Unicorn-14889.exe	39
PID 2576 wrote to memory of 1496	2576	Unicorn-14889.exe	39
PID 2576 wrote to memory of 1496	2576	Unicorn-14889.exe	39
PID 2720 wrote to memory of 2280	2720	Unicorn-7276.exe	44
PID 2720 wrote to memory of 2280	2720	Unicorn-7276.exe	44
PID 2720 wrote to memory of 2280	2720	Unicorn-7276.exe	44
PID 2720 wrote to memory of 2280	2720	Unicorn-7276.exe	44
PID 2660 wrote to memory of 1640	2660	Unicorn-60966.exe	43
PID 2660 wrote to memory of 1640	2660	Unicorn-60966.exe	43
PID 2660 wrote to memory of 1640	2660	Unicorn-60966.exe	43
PID 2660 wrote to memory of 1640	2660	Unicorn-60966.exe	43
PID 2900 wrote to memory of 1812	2900	Unicorn-49269.exe	42
PID 2900 wrote to memory of 1812	2900	Unicorn-49269.exe	42
PID 2900 wrote to memory of 1812	2900	Unicorn-49269.exe	42
PID 2900 wrote to memory of 1812	2900	Unicorn-49269.exe	42

C:\Users\Admin\AppData\Local\Temp\4735c8c7bc40cb4993dd155130cc868e.exe
"C:\Users\Admin\AppData\Local\Temp\4735c8c7bc40cb4993dd155130cc868e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        8⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        9⤵
        Executes dropped EXE
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        8⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        8⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        5⤵
        Executes dropped EXE
        
        PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        7⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21261.exe
        8⤵
        Executes dropped EXE
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        8⤵
        Executes dropped EXE
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        8⤵
        Executes dropped EXE
        
        PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        6⤵
        Executes dropped EXE
        
        PID:2000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        6⤵
        Program crash
        
        PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe

Filesize
184KB

MD5
ba8791d942e739002317ecc8d0834ab8

SHA1
1915e0ce59028843823d94fda47b56411faa8981

SHA256
3eec8159c0df960728b6524fcd02f1985d84655f0b23ab41e3c1f816e36cd936

SHA512
5fdc41926bca441d1215cfafe16d13715a79b83dc1f226618e2809af733659fdf5d3fb70c0169a92432ff532018f3f7eb1ae6e0df4193206c71e6ea41f7aae8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe

Filesize
128KB

MD5
4d1cc03c14d59377ec0a1915cd25a032

SHA1
7566d0b4fa0a23ae1fbd8f7e2a9125befcc6bdd0

SHA256
2fe8318a2a088331b5157b3fbcf2bf82d07286045ff10f6bfe666caee6d73318

SHA512
675b48b9318468c7d1498e8f67382ea8c88f21787a8ffc03b470afea2914eaf25bc70632fb82eedb2d3c96b48c819ba7945ac4dabdfb85f3c6cfa6b3eb3574d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe

Filesize
184KB

MD5
aaf424d7ffb93d02e13631f768246d4b

SHA1
f21f751eb00eb75a224591b183d00ec7adf230fa

SHA256
69527b3b0e7a8d41ca179a8c46fa146dcf96857c6e30bfeea123fda3b885c74c

SHA512
b38117fdc11e83dd533e56d42460a423fa549c2a9e9ba381b670c9e9699714d02f139cd2f46948fbd18a2ea9073f0fc648c6bbc4917966da6a6df9240302df26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe

Filesize
184KB

MD5
ee8c34c60fec38d373e17a76703f7157

SHA1
43aae2ce95b38ef10b8ce893e23cd7f1bd2f7fad

SHA256
6f89b09b7eea0b32edaef48647dd94ab00ac7a4ce8bd9feb1c991a2dc1d1058a

SHA512
ef305e11a6934ff8087c5e706e4c95df99f1086dc91dfd1dde010f59f1fe2f5cb1f645f445fd77727500b6cd5e2f09d70c786eb88d4e5cff9f3e9c3592feaf28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe

Filesize
184KB

MD5
9f27955962c9be85c58f5cb9e97f901d

SHA1
8bb2f38656e0eb9757b366e68775c89a3e34d7ef

SHA256
868b70a46049ea9fbef0e4619eb2bdf932f660efac7a6cf96fb46c0a02fd791b

SHA512
e5a5427c2df3e6472e4a36a30a669ec514f12ca023dcccb606f4773b72949f94cbeda8891b943a93be7f8f9591f7880a2a1f5128bcda4b272262338243808ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe

Filesize
184KB

MD5
6ba9ee0345ef40a38a68a865821cb854

SHA1
d4accf6782bc7d15ce2fca0e730e84c154e8dbb8

SHA256
6c5907803dada990e2fb2b8e8dc45f70ddcaef7d66b91d9be106fc203c1ace6b

SHA512
4d26eb17a0cb87c97563390e2a6ca8ebb0d864f0618b1f1700e29b4b956fd4f104498d58c8071b915495268b4a6ac368b45fd1961cca622c1956464e6b682c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe

Filesize
184KB

MD5
e629b0e22dd5fbace26835c306d61fbe

SHA1
228b9f8d4638d53bcebf4b80ddd3aebec285f8d2

SHA256
9a915aadde6e720b70d82aaf974e593574c6d96b549ab80c3db77b3ca459fef4

SHA512
58d5bb5673f46fa1f7f5dd1c1508953010c6cb3142078110f5cb24dacdccec4c662cdb2e0d2237971ee8103b2b1b70670bc7e0b417399c61bdfc3078f8f7b769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe

Filesize
184KB

MD5
6a7cc87f50302923251f07a9f0f50f83

SHA1
43e2f63cb50c63bbbb125c55215bff768eaf3e6e

SHA256
f2b587b928a70b431d9f8609efff5944b9bb0ed469fcbd9eac43bb053b3c9b12

SHA512
6409a2a2d4b31ad50db389f4ca503ea4c40901a8c9e78f80ac2cc70fe038b541af46f3d264d900725757523ab97fb821706b5f40d13c93d04449962dd74c7cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe

Filesize
184KB

MD5
cc201c64adf5281427fdb41b4676b34e

SHA1
5b894757192f0519923a809aa823de89da79e371

SHA256
27e887bbc206c9648b760efec8672fcaa1c5adbcc26076052da8d02b585a920a

SHA512
e00abaad57c6edc350dac2dba7a4374b033bac4b9ed9433f2d0872bf0bec1268ccdc489e5f4b47f7f74db545b764efacfb6ce3779a5865c58a45b751934a74c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe

Filesize
184KB

MD5
cc97cb60b61551003c3d2c10b977980e

SHA1
2c8de8cfea056a420ae17b2f8a12783602eb7b20

SHA256
03b0d695a71c5aa6390e34d738e9efdf2f1b224009af9058b1ee96c3ec26ad03

SHA512
e532431b7f58ee5f255838901bd228733deb7afe8ff65abf99ff444f4463275cb1d150062d220fec369516beb8212e0856b72e7a3b9dd02b27af91bf66a0dcef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe

Filesize
184KB

MD5
20c7c88c0eff8d06a53ac4a5982d7537

SHA1
5d96b9b66c447f3560a5701f277002407688a481

SHA256
6f949da6e508d2cc4e0d5948f98342ead1d1ca443136599a4a2b125da1524886

SHA512
2628401e2e624cd85a64132b402999da69252efb7c463440ce6d34d2f5d934d29ce52a8cf967d3de82ce66fc0b3793d8d44006311743e477ac27cd6375eb6a0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe

Filesize
184KB

MD5
fe5c8d8cfa48d03bdff0a0bfb656ec93

SHA1
1da50a2bd23c9bde18dd247726846083a23f06ff

SHA256
0d4aac40dd7675c6a54a78ff25ed16bcdb00a1da106ef3bd8d271d135d62bb50

SHA512
123754b592bc0c23d9ab70680c1b5e3fc975304f0f531ec11fb23f8bd6743dafc47e458dffc1a0ad740c558b63ae3d2601e06aa7ace344c8fd253e577bfa1bad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe

Filesize
184KB

MD5
78d7985c4f5dcceedd03856dfd672718

SHA1
beaeb8a907fca0dd414e080590e91720b658b3dd

SHA256
9eed92c7711cfd7e1f25d0df4d02886084257d1d89a98a111489c51a27b1a373

SHA512
cf0b5e6050fe4a356f80a00b2279ab8ac7473fe645009297c6c392659ccdc9b6fce2084f299fb5e7aa79208b5765310ebd08e27f3942895fcd56470700a3c92c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe

Filesize
184KB

MD5
9c6a0f08c78867644dd4cdd2720b0fb9

SHA1
ecee5b414f1333b62286711499c1c9666e35155c

SHA256
c63dbf7e14137518039ab0c2bf64fffd10e11d5fec19c3716f2a750946ebf61b

SHA512
c50e4790081558f9a88c86e79f874de806edd8674bdc2615cf94c2c5a436a1a9d68e012f7b35368a093e6d7fcfa6024e016d55c10bde0257b65ac5210727035a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe

Filesize
184KB

MD5
045b0e04c7a6d6d75e83445addccdfd6

SHA1
f564f6e5d4978b0197ba2889b8aba4958a525f30

SHA256
7898cfba056f0ae49e31c9a510a119111f0c2ad449ce4621a0f5eb1693480d51

SHA512
ff7a3c31f654cf604b6892d8c72c3ce3b225ed3b7a88303f00903d99305f808f97f87cd8f8229d05d8626e03266e2bca17543fc83cb4bc0f2896fa8e760b4aa0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe

Filesize
184KB

MD5
f3d7ebdb706eb44ea0431624c2dc6844

SHA1
5d690c595de54a1dbc441ad8b15dcc80d269612f

SHA256
59abeaced3e1c337d4a56102d635ed3054f130f2d16f22f3a9f84cacbe6fe753

SHA512
e7d4f7a734bfcf6abf4295bf665ee158a5f5677edd5c5091fbfe69ddae81777d8db26354ea8d38e9a254a5d5312619c9c7e9409a7d39af87baf074e9f31a988e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe

Filesize
184KB

MD5
57d35a053ac52ee71a9d16c6a7ffed8d

SHA1
8556ae97900cd2ae3684518da6a0e9524d97a070

SHA256
4cd42a73fc5e480dae1a128671c7773a80161213669f18d0eb866b4e4a90cb71

SHA512
c84eb93cb055d02fa8c7273ea1a34c1b5291a99a84130ae25e844d37006ca62d76d6f48ff113bff0e5045ea93c176d568397a9d6466357f65d85663317d6e2b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe

Filesize
184KB

MD5
82d754a05e55c9f8b0abd9ed3414e54e

SHA1
0d7a0d8457fa0c206d05b7959eae49e9a58daf7b

SHA256
20014da22005772ca63eb3826ac5fd5799432131e62e81e754f42ff9b35c276d

SHA512
d1f6fe1982f36a7580b2f143ebfd1baba72ec77b32713c2c8a8d7ee0ffaf9f7b558e4039cb7e215b09e4397ed3fdc16d5e030acffb1cfbcde82526b8b4b3b5e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe

Filesize
184KB

MD5
467f1d04bae1b28e2b2ef3aa7501d053

SHA1
ed4322667eab3bd247fb3020d745bfccba37c77b

SHA256
6dd79c789cf65f243cffbb0142cb33343e8ded9a174c87faec01a683e28309c9

SHA512
a30e365fe920704b16ed4e7c0c193226a162c088dd5a5e576d56b7efb31431cdea64d4a20170caab66e629e959ae0d0ababad9033ecd2042218e377797048329

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads