9a7109bea134d02f89ee8ab098c4fdd6970ec8059dcd57d9939c20bb5cec8c41

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d897af3d6c58b9efad85a83599b5a63.exe
Size

184KB
MD5

4d897af3d6c58b9efad85a83599b5a63
SHA1

12298625f04eccc8a813fe565136338efc1008de
SHA256

9a7109bea134d02f89ee8ab098c4fdd6970ec8059dcd57d9939c20bb5cec8c41
SHA512

746d0bc75c0b687e94c079a78f1e6ec15b1c64a22e133e6a2d77baefd9121ff48dc2dfbf3b3d1e0a1f2cf82697a2e15e76ab1ac2975cbc16875f7c2c1b270066
SSDEEP

3072:SaEnoYjkfeA01OHIdssDl8FbIs06/yWI0DYx2/POaNlPvpFl:Sa8oZT01jd1Dl8UXupNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 46 IoCs

pid	Process
2552	Unicorn-23085.exe
2684	Unicorn-822.exe
2992	Unicorn-63022.exe
3060	Unicorn-13214.exe
2752	Unicorn-33080.exe
2576	Unicorn-57584.exe
2836	Unicorn-18589.exe
1640	Unicorn-39672.exe
2908	Unicorn-33965.exe
380	Unicorn-18698.exe
748	Unicorn-22075.exe
2160	Unicorn-35750.exe
2012	Unicorn-37373.exe
1108	Unicorn-40903.exe
2244	Unicorn-47063.exe
1700	Unicorn-21852.exe
2364	Unicorn-35365.exe
1632	Unicorn-9045.exe
2040	Unicorn-19731.exe
2256	Unicorn-24177.exe
1192	Unicorn-60763.exe
832	Unicorn-14769.exe
936	Unicorn-2169.exe
1824	Unicorn-13160.exe
840	Unicorn-24858.exe
892	Unicorn-24858.exe
1396	Unicorn-57914.exe
2100	Unicorn-46217.exe
2520	Unicorn-545.exe
1892	Unicorn-11147.exe
884	Unicorn-56819.exe
1156	Unicorn-13347.exe
1772	Unicorn-53031.exe
2228	Unicorn-53031.exe
1904	Unicorn-33165.exe
2780	Unicorn-17583.exe
2036	Unicorn-23414.exe
1204	Unicorn-59937.exe
1736	Unicorn-60952.exe
1336	Unicorn-42821.exe
1748	Unicorn-16641.exe
2568	Unicorn-44347.exe
1164	Unicorn-57341.exe
2052	Unicorn-32090.exe
1608	Unicorn-6379.exe
2484	Unicorn-873.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	4d897af3d6c58b9efad85a83599b5a63.exe
2532	4d897af3d6c58b9efad85a83599b5a63.exe
2552	Unicorn-23085.exe
2552	Unicorn-23085.exe
2532	4d897af3d6c58b9efad85a83599b5a63.exe
2532	4d897af3d6c58b9efad85a83599b5a63.exe
2552	Unicorn-23085.exe
2552	Unicorn-23085.exe
2992	Unicorn-63022.exe
2992	Unicorn-63022.exe
2684	Unicorn-822.exe
2684	Unicorn-822.exe
2992	Unicorn-63022.exe
2752	Unicorn-33080.exe
2992	Unicorn-63022.exe
3060	Unicorn-13214.exe
2752	Unicorn-33080.exe
3060	Unicorn-13214.exe
2576	Unicorn-57584.exe
2576	Unicorn-57584.exe
2684	Unicorn-822.exe
2684	Unicorn-822.exe
2836	Unicorn-18589.exe
2836	Unicorn-18589.exe
2908	Unicorn-33965.exe
2908	Unicorn-33965.exe
3060	Unicorn-13214.exe
3060	Unicorn-13214.exe
380	Unicorn-18698.exe
380	Unicorn-18698.exe
2576	Unicorn-57584.exe
748	Unicorn-22075.exe
2576	Unicorn-57584.exe
748	Unicorn-22075.exe
2752	Unicorn-33080.exe
2752	Unicorn-33080.exe
2160	Unicorn-35750.exe
2160	Unicorn-35750.exe
2836	Unicorn-18589.exe
2836	Unicorn-18589.exe
1632	Unicorn-9045.exe
1632	Unicorn-9045.exe
1108	Unicorn-40903.exe
1108	Unicorn-40903.exe
748	Unicorn-22075.exe
748	Unicorn-22075.exe
2908	Unicorn-33965.exe
2908	Unicorn-33965.exe
2244	Unicorn-47063.exe
2012	Unicorn-37373.exe
2244	Unicorn-47063.exe
2012	Unicorn-37373.exe
2364	Unicorn-35365.exe
2364	Unicorn-35365.exe
380	Unicorn-18698.exe
1700	Unicorn-21852.exe
380	Unicorn-18698.exe
1700	Unicorn-21852.exe
2256	Unicorn-24177.exe
2256	Unicorn-24177.exe
2160	Unicorn-35750.exe
2160	Unicorn-35750.exe
2040	Unicorn-19731.exe
2040	Unicorn-19731.exe

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
2532	4d897af3d6c58b9efad85a83599b5a63.exe
2552	Unicorn-23085.exe
2684	Unicorn-822.exe
2992	Unicorn-63022.exe
2752	Unicorn-33080.exe
2576	Unicorn-57584.exe
3060	Unicorn-13214.exe
1640	Unicorn-39672.exe
2836	Unicorn-18589.exe
2908	Unicorn-33965.exe
380	Unicorn-18698.exe
748	Unicorn-22075.exe
2160	Unicorn-35750.exe
1108	Unicorn-40903.exe
2012	Unicorn-37373.exe
1632	Unicorn-9045.exe
2364	Unicorn-35365.exe
2244	Unicorn-47063.exe
1700	Unicorn-21852.exe
2040	Unicorn-19731.exe
2256	Unicorn-24177.exe
832	Unicorn-14769.exe
1192	Unicorn-60763.exe
936	Unicorn-2169.exe
892	Unicorn-24858.exe
840	Unicorn-24858.exe
1156	Unicorn-13347.exe
1396	Unicorn-57914.exe
884	Unicorn-56819.exe
1772	Unicorn-53031.exe
2520	Unicorn-545.exe
1824	Unicorn-13160.exe
1892	Unicorn-11147.exe
2780	Unicorn-17583.exe
2228	Unicorn-53031.exe
1904	Unicorn-33165.exe
2036	Unicorn-23414.exe
1204	Unicorn-59937.exe
1736	Unicorn-60952.exe
1748	Unicorn-16641.exe
1164	Unicorn-57341.exe
1336	Unicorn-42821.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2552	2532	4d897af3d6c58b9efad85a83599b5a63.exe	28
PID 2532 wrote to memory of 2552	2532	4d897af3d6c58b9efad85a83599b5a63.exe	28
PID 2532 wrote to memory of 2552	2532	4d897af3d6c58b9efad85a83599b5a63.exe	28
PID 2532 wrote to memory of 2552	2532	4d897af3d6c58b9efad85a83599b5a63.exe	28
PID 2552 wrote to memory of 2684	2552	Unicorn-23085.exe	29
PID 2552 wrote to memory of 2684	2552	Unicorn-23085.exe	29
PID 2552 wrote to memory of 2684	2552	Unicorn-23085.exe	29
PID 2552 wrote to memory of 2684	2552	Unicorn-23085.exe	29
PID 2532 wrote to memory of 2992	2532	4d897af3d6c58b9efad85a83599b5a63.exe	30
PID 2532 wrote to memory of 2992	2532	4d897af3d6c58b9efad85a83599b5a63.exe	30
PID 2532 wrote to memory of 2992	2532	4d897af3d6c58b9efad85a83599b5a63.exe	30
PID 2532 wrote to memory of 2992	2532	4d897af3d6c58b9efad85a83599b5a63.exe	30
PID 2552 wrote to memory of 3060	2552	Unicorn-23085.exe	31
PID 2552 wrote to memory of 3060	2552	Unicorn-23085.exe	31
PID 2552 wrote to memory of 3060	2552	Unicorn-23085.exe	31
PID 2552 wrote to memory of 3060	2552	Unicorn-23085.exe	31
PID 2992 wrote to memory of 2752	2992	Unicorn-63022.exe	32
PID 2992 wrote to memory of 2752	2992	Unicorn-63022.exe	32
PID 2992 wrote to memory of 2752	2992	Unicorn-63022.exe	32
PID 2992 wrote to memory of 2752	2992	Unicorn-63022.exe	32
PID 2684 wrote to memory of 2576	2684	Unicorn-822.exe	33
PID 2684 wrote to memory of 2576	2684	Unicorn-822.exe	33
PID 2684 wrote to memory of 2576	2684	Unicorn-822.exe	33
PID 2684 wrote to memory of 2576	2684	Unicorn-822.exe	33
PID 2992 wrote to memory of 1640	2992	Unicorn-63022.exe	34
PID 2992 wrote to memory of 1640	2992	Unicorn-63022.exe	34
PID 2992 wrote to memory of 1640	2992	Unicorn-63022.exe	34
PID 2992 wrote to memory of 1640	2992	Unicorn-63022.exe	34
PID 2752 wrote to memory of 2836	2752	Unicorn-33080.exe	35
PID 2752 wrote to memory of 2836	2752	Unicorn-33080.exe	35
PID 2752 wrote to memory of 2836	2752	Unicorn-33080.exe	35
PID 2752 wrote to memory of 2836	2752	Unicorn-33080.exe	35
PID 3060 wrote to memory of 2908	3060	Unicorn-13214.exe	36
PID 3060 wrote to memory of 2908	3060	Unicorn-13214.exe	36
PID 3060 wrote to memory of 2908	3060	Unicorn-13214.exe	36
PID 3060 wrote to memory of 2908	3060	Unicorn-13214.exe	36
PID 2576 wrote to memory of 380	2576	Unicorn-57584.exe	38
PID 2576 wrote to memory of 380	2576	Unicorn-57584.exe	38
PID 2576 wrote to memory of 380	2576	Unicorn-57584.exe	38
PID 2576 wrote to memory of 380	2576	Unicorn-57584.exe	38
PID 2684 wrote to memory of 748	2684	Unicorn-822.exe	37
PID 2684 wrote to memory of 748	2684	Unicorn-822.exe	37
PID 2684 wrote to memory of 748	2684	Unicorn-822.exe	37
PID 2684 wrote to memory of 748	2684	Unicorn-822.exe	37
PID 2836 wrote to memory of 2160	2836	Unicorn-18589.exe	39
PID 2836 wrote to memory of 2160	2836	Unicorn-18589.exe	39
PID 2836 wrote to memory of 2160	2836	Unicorn-18589.exe	39
PID 2836 wrote to memory of 2160	2836	Unicorn-18589.exe	39
PID 2908 wrote to memory of 1108	2908	Unicorn-33965.exe	45
PID 2908 wrote to memory of 1108	2908	Unicorn-33965.exe	45
PID 2908 wrote to memory of 1108	2908	Unicorn-33965.exe	45
PID 2908 wrote to memory of 1108	2908	Unicorn-33965.exe	45
PID 3060 wrote to memory of 2012	3060	Unicorn-13214.exe	40
PID 3060 wrote to memory of 2012	3060	Unicorn-13214.exe	40
PID 3060 wrote to memory of 2012	3060	Unicorn-13214.exe	40
PID 3060 wrote to memory of 2012	3060	Unicorn-13214.exe	40
PID 380 wrote to memory of 2244	380	Unicorn-18698.exe	44
PID 380 wrote to memory of 2244	380	Unicorn-18698.exe	44
PID 380 wrote to memory of 2244	380	Unicorn-18698.exe	44
PID 380 wrote to memory of 2244	380	Unicorn-18698.exe	44
PID 2576 wrote to memory of 1700	2576	Unicorn-57584.exe	43
PID 2576 wrote to memory of 1700	2576	Unicorn-57584.exe	43
PID 2576 wrote to memory of 1700	2576	Unicorn-57584.exe	43
PID 2576 wrote to memory of 1700	2576	Unicorn-57584.exe	43

C:\Users\Admin\AppData\Local\Temp\4d897af3d6c58b9efad85a83599b5a63.exe
"C:\Users\Admin\AppData\Local\Temp\4d897af3d6c58b9efad85a83599b5a63.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
        8⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        6⤵
        Executes dropped EXE
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        8⤵
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        8⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        7⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        8⤵
        
        PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        8⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        7⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        8⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        7⤵
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16641.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        10⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        11⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        7⤵
        Executes dropped EXE
        
        PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe

Filesize
184KB

MD5
e303f7d848d753b5ab79553d79d1ee67

SHA1
84916c190aba8007e94aeb990d2e5c3bf0e42aee

SHA256
6b3d4a86b814bb0f5ecce748b888758b69f5d74bdc2fcc81ccc8f7022cbe14a2

SHA512
d3c2a7b92eeac88aa50756143b016b85b648e1708b21128c3d3169970dd0956c389674ce74ffe5005602a450efe21a2de4565d3a3cd09e06347478abbfa0f8d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe

Filesize
184KB

MD5
4960995227d33c0848e1b7ffb39423bb

SHA1
7dc35a8e7d795e03671ec35b89b5272fd9e70a2f

SHA256
a03e4bc0494b82a3dfdbe46de73559a9bc2dc0074f9b2599d295cae738edf19f

SHA512
5dde32e537dd338b7a1add7d4e6636b65325c0d8c752fa41578339cd0b9be0a3715188da950c4212beedfcaa7d3a33feae7b8fff0674359cc2bf10da6feaf5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe

Filesize
184KB

MD5
173e49ff2908ad6f952741eae278d52f

SHA1
4ffb16fa729f6fa1d3aa2ff2ed370572d1f4e784

SHA256
b1b595a74d7244ada40786eaea2d48f3424eabace4510803540751f726bc2abb

SHA512
76255ea3525135b278ac1fd97edf3c93c2d842082bef680c568dfab3e15fb0f6f67d7300a8f0ce8ba43bb9dcc82a5c30c5f6a142bb9dc603bb02697ae17acdaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe

Filesize
184KB

MD5
20996c19c5ae5a50b2c1500425ba9017

SHA1
26c2a2ba4ef4ce07eaeb7e4c4a827d82297f2c4b

SHA256
dcb9ec3fc545fd0fdb40e8541c7507e9f58773bcc1eb9504d86df3d3fbf52b15

SHA512
fc15bbe1315ddd06cc62ebdd6f5103007d38ea284cb26c7f181ce61a00d2759f81c1497d3c3d2f521546577b113ff41a5cb606b2485d51e9389ca1caf24737b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe

Filesize
184KB

MD5
733a65160cffc8d3b559e565f9d1742d

SHA1
8d65b3a5382b81e1c2f455323d9658bd9bc1e736

SHA256
7cc741d9e58324706e6da802102fd864778f1af43fba1581256ad0d3fee548fb

SHA512
5f71f18f61d450af071790dacd90cbc2841b119d8affb54c3d51dd65e5930b8787fc011a59b77a5c7c3ec584fbb4d2fae45a946f535fffb2f43b37a67a9f5632

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe

Filesize
184KB

MD5
018e2666aaa79100679c73cb8408a679

SHA1
569d3d3341df0ef67f9ad87ba38de37bfda763bf

SHA256
9113c0ede4b7e8afaec29aba8c21083ad01dd78b5d20b7256a27ff0f7440a5c9

SHA512
dca9ebd8c408658dda92a798942e1b30620c1a5340eef69a7b2a5cf3260de552dd237ba203fa1c58d4fe13c341d9891a13e82539d439744277a41ebf122f8a56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe

Filesize
184KB

MD5
9500ca1dca06a23fa21ea25b19c9c3b2

SHA1
04b13437a04dc209563f3770095d976019161658

SHA256
da5a0bfda2911ec4691ae4d91ce1541a34030143cf50513b2e0f94735b02cf8a

SHA512
1e1fcb7bfa9446184b95c752b719acb658a48c1386808f45ec06fd43ff7f1472a7e43e81b00d3ad912234f00f79416af86c9f8784e721342df25cd9c78588c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe

Filesize
184KB

MD5
bd5ad3fd66cec057165ad1752d6a0038

SHA1
42992b500caf34370f22cfc4e277f7e8ce581c46

SHA256
43e326249ab7ecdab4bd4e118b498ff8a1164865c3399a641965dc1f904bf1a5

SHA512
1fe02359fe088ded65b7a67045e7b575d4969a2d7d2eeead76c2dabf38769497db69fcc5e9e12eae5c59bc26be14ddca981d22250fef00ce1c66b24f30c33577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe

Filesize
184KB

MD5
8fde6cbe3d5df0beed8825e5ef88e590

SHA1
b7988a8f1eda356bd0fdf01e0e2d07a40269098a

SHA256
d96b7723edae4ac2c4c927624572b22c0fff44ea803ada6c3943d4d0b9fef160

SHA512
82a66c7ec340fe9af72aae2981675282882bcba22f8cf56246464ebeb8950c95913d441b74b44cd559dafdf2fc0982118248ddc11a30b8560b2e5801404f0c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe

Filesize
184KB

MD5
6f89b351e8abd442f61934d7bf1fe0b4

SHA1
f0e9dcd3e92c5276c2159c957d5cd75e11f2c081

SHA256
ca07f9a06786a6346011af4f1120a689adc57a1796fbfccd99cd3f0f7abc18a2

SHA512
05bdd374ea1a36eb950fd04151ae918dbf00e9c3dad286de2b1182589409864d869a2b26cf7938cb83a938de0f79d07463cbef3c0c26571af6045d593cd60906

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe

Filesize
64KB

MD5
354be15cb6727c564bf948b1b06c7cac

SHA1
2c29293e3f1a952213b6935e13c35b3f27e1bf76

SHA256
6ab6acabf4aee7538c3823d81add8cc2f3c2588074fcf9ff5ff3aa233b969262

SHA512
436edf6c0211602631be01a53ca5d5a04176a38f94a63b7a47fb875b53b2aea06601bb1f457cdaf8f6005838de0ab9f0eaf6ee988244ec40e3510ba8f658d24d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe

Filesize
184KB

MD5
3ef1ceafbc718d92f92d75e531811d2d

SHA1
c44a15999be1c6c3742a8e8b63d0e642fb142afa

SHA256
3c96528bbac6eaf3a2a65e2658b8f4c608158cdac8e8cca3fbfbdd08a7cacc01

SHA512
8c3826ef5faade7608090f0744ce96f148a1f680fbb92fd023b4c03ed6598a86aa19a8a722a4a74a1a5262d6bb013d5b58250b1ba855090f459c3789abd779e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe

Filesize
184KB

MD5
98dfb0ca005944748f70b5749b34d47a

SHA1
f6b7b6ae4db6ed50fecea61a4148367225a8a45c

SHA256
93819c726878422f9b42f1d3a2559e916d4bcbc9fc18a0e6f367f6101ccae6c5

SHA512
88377293cb0e4b713a6529251e76953dfde7a469dc791bc61b3c4871f69b4e16c5460d99ebf686aa3711ea9b23cdc9c45d923c835ba8663fe674177825b0d0ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe

Filesize
184KB

MD5
d84e9a9fc909cc42f95f8c4583d0870e

SHA1
2804299bd74a3c4916bb70595a35f7b94be9fdb4

SHA256
f2bd0016b3050b9d8c9a157baf069eb9e4bc6c09859a4920922543b5498c91bc

SHA512
204cfb25987cc0b22df5eea2a733fdc0c52981dee6e765f255087c5f015fe1c1513b794469cd03536f1e83a80a71fe582634724752a2e1cd63c6e5d23b4b1a5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe

Filesize
184KB

MD5
04b398ffdee8d9052b1d8e76b70f6210

SHA1
7dd742dcf000bb936fe44424df13ce846363e942

SHA256
4e50223e363c74962fa94fe969913c27cc21a781353ec595e711e767c4679dee

SHA512
566513e81a0dd6677014fe9ad3b13182f26c4ba7162ceec732a23148433db9f0079d7231c29caed868e9beed9dd5325cba5caa2922b91d6958043348c741544b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe

Filesize
184KB

MD5
c00cefc66eed9992fe75033e84a03292

SHA1
66c451b67f605c5a5327e187720f27e3bd21213d

SHA256
7d4bc18f7927bc5392a6f32749cb05f4d4edfd1c07e8166599f71fba7c5d9c0e

SHA512
c1f262c9b66b07e75a31347a061a0e8275ba9cb51dd7501073fa0c3c25fcc8d4547ea5e2dc6a11adce6f6cc20791028354b09d0842a08a1948f2738cffd8fff3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe

Filesize
184KB

MD5
63b1872e37a38c1121f527aa4f2796ba

SHA1
603e59eb8a95d22c10bba0fe47c2571114d2b168

SHA256
f259d15e01331e60d9bf6ceac369a72684be4fa5ecfd685a5c765528dfe5b815

SHA512
818b65edf2b77b7c1925d6a8b3bafd2a3fff283259b11ce7a73b2e42ac9c5db895c0e6d80e7f24753b6e426cad4466b59fa6f7e4910bf71c2837c72b1b5243b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe

Filesize
184KB

MD5
6c721790103dd9910758606f5d8a7e01

SHA1
2e8404c17edf8864272159b19c7a91ce944b661f

SHA256
3d98c1ea7be3d6b8e24eec53b6b940cc3702fa5f71c42694374fee06cd13267f

SHA512
3e18538963bb26a3207e077c6c72176a106633daf6c036b8d71c183179d89b3b61d2414df936503bbaa0170a4e53f0c2e7406b8b66a6d4c0bdb664ecc873efb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe

Filesize
184KB

MD5
9c7d64344c477faa643366d707e3ba84

SHA1
2c8c05ba264fcc9212b39bc688bdd1a671810efe

SHA256
a2fb3fb6a6bf83f7ef0a1abdc99ab03baf30f2daf40d2d3b502c8aeab011ce86

SHA512
4293a12616ad63c716ce7dd570d086ad4a80bb41324b1c2ba5980a04b538506969a2f87cba70dde76820f46fcaf2598c06c3de14bdbd5a5ea7a632cd7b564db1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe

Filesize
184KB

MD5
236fde14a5d0419becfd04b2fd7da795

SHA1
966a505eb179894ad9d54888b23cdaadf03685c5

SHA256
1d55d2f002ad09d8d8a8ba1f0ddc87eb60ddf5bbeaa00b0a04a9f35a927fe23a

SHA512
87b2bc625bde953cb42163924ed306fadaeef7926072371bd71e05b7c1f2639e3e304c9db64ee09dc58eee86cb620b6421191ffbd0f9fae4e46fbbf6a770b81e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-822.exe

Filesize
184KB

MD5
7b2e5f78bd6392192c8081b7b8af8a94

SHA1
4e4c538558359e7635a7183e46b9afd0e186d3dc

SHA256
aa3dc2e0e76f6476039f3ecafd90bb34df4170d179c442d0e0aae5144ead9d9a

SHA512
1aff2aede32423a4df84ef8067a1d104bb378137e4cff0f11de6a0c7fab286f5e4ff6146230ff1ab41770677524adcaa849c19f657294ece1f8a8a1c00f85211

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads