bde4054f043de07d7c8ed0e888a159d0e7bae70cd49bc414a69098b8e1a36ccd

Analysis

max time kernel
32s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5439486d441f4e2b4871d1cc3d445dac.exe
Size

184KB
MD5

5439486d441f4e2b4871d1cc3d445dac
SHA1

040cbc83fdec954806a6fce75132aa9b1137b9e6
SHA256

bde4054f043de07d7c8ed0e888a159d0e7bae70cd49bc414a69098b8e1a36ccd
SHA512

6781531e10aa3ddc89e8d4d80e99109bdb644ed0a6177fa78c594ac11bfef83b7d70a60fe20a53fbdd4743764a6e85d085822af85bb6b856175c521965cb88ec
SSDEEP

3072:JeGi5L/10zLCG8jCM+0ZdycAYtJxMFvj/ZO1x2Ql8XklP6pFh:JeT5SPCGrMJdycuTtxklP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 58 IoCs

pid	Process
3008	Unicorn-4616.exe
1448	Unicorn-62068.exe
1740	Unicorn-11476.exe
2604	Unicorn-9935.exe
2720	Unicorn-59691.exe
2552	Unicorn-18104.exe
2496	Unicorn-59183.exe
2120	Unicorn-16759.exe
2344	Unicorn-9982.exe
1436	Unicorn-33095.exe
1952	Unicorn-48877.exe
2900	Unicorn-7050.exe
2944	Unicorn-8674.exe
1660	Unicorn-36708.exe
2968	Unicorn-14149.exe
1560	Unicorn-33178.exe
796	Unicorn-57128.exe
956	Unicorn-61980.exe
1008	Unicorn-50283.exe
2424	Unicorn-33776.exe
2112	Unicorn-52805.exe
1884	Unicorn-11217.exe
836	Unicorn-19386.exe
1828	Unicorn-3604.exe
1204	Unicorn-63132.exe
1164	Unicorn-51435.exe
2188	Unicorn-13931.exe
2080	Unicorn-56910.exe
3052	Unicorn-56910.exe
2296	Unicorn-14486.exe
2076	Unicorn-38436.exe
1944	Unicorn-18570.exe
840	Unicorn-29775.exe
544	Unicorn-13993.exe
1696	Unicorn-11300.exe
2232	Unicorn-59131.exe
2844	Unicorn-47434.exe
2636	Unicorn-9930.exe
2620	Unicorn-22183.exe
2784	Unicorn-2317.exe
1984	Unicorn-34435.exe
2512	Unicorn-3708.exe
2988	Unicorn-4263.exe
1940	Unicorn-58939.exe
1976	Unicorn-51326.exe
2540	Unicorn-5654.exe
920	Unicorn-63578.exe
1132	Unicorn-52717.exe
2816	Unicorn-47818.exe
2912	Unicorn-2146.exe
1240	Unicorn-2146.exe
2244	Unicorn-34518.exe
1964	Unicorn-14652.exe
1716	Unicorn-34518.exe
1736	Unicorn-34518.exe
1212	Unicorn-28296.exe
1296	Unicorn-35612.exe
996	Unicorn-12862.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	5439486d441f4e2b4871d1cc3d445dac.exe
2232	5439486d441f4e2b4871d1cc3d445dac.exe
3008	Unicorn-4616.exe
3008	Unicorn-4616.exe
2232	5439486d441f4e2b4871d1cc3d445dac.exe
2232	5439486d441f4e2b4871d1cc3d445dac.exe
1448	Unicorn-62068.exe
1448	Unicorn-62068.exe
3008	Unicorn-4616.exe
3008	Unicorn-4616.exe
1740	Unicorn-11476.exe
1740	Unicorn-11476.exe
2604	Unicorn-9935.exe
2604	Unicorn-9935.exe
1448	Unicorn-62068.exe
1448	Unicorn-62068.exe
2720	Unicorn-59691.exe
2720	Unicorn-59691.exe
1740	Unicorn-11476.exe
1740	Unicorn-11476.exe
2552	Unicorn-18104.exe
2552	Unicorn-18104.exe
2496	Unicorn-59183.exe
2496	Unicorn-59183.exe
2604	Unicorn-9935.exe
2604	Unicorn-9935.exe
2120	Unicorn-16759.exe
2120	Unicorn-16759.exe
2344	Unicorn-9982.exe
2344	Unicorn-9982.exe
2720	Unicorn-59691.exe
2720	Unicorn-59691.exe
1436	Unicorn-33095.exe
1436	Unicorn-33095.exe
1952	Unicorn-48877.exe
1952	Unicorn-48877.exe
2552	Unicorn-18104.exe
2552	Unicorn-18104.exe
2900	Unicorn-7050.exe
2900	Unicorn-7050.exe
2496	Unicorn-59183.exe
2496	Unicorn-59183.exe
2944	Unicorn-8674.exe
2944	Unicorn-8674.exe
1660	Unicorn-36708.exe
1660	Unicorn-36708.exe
2120	Unicorn-16759.exe
2120	Unicorn-16759.exe
2968	Unicorn-14149.exe
2968	Unicorn-14149.exe
2344	Unicorn-9982.exe
2344	Unicorn-9982.exe
1560	Unicorn-33178.exe
1560	Unicorn-33178.exe
956	Unicorn-61980.exe
796	Unicorn-57128.exe
796	Unicorn-57128.exe
956	Unicorn-61980.exe
1952	Unicorn-48877.exe
1952	Unicorn-48877.exe
1436	Unicorn-33095.exe
1008	Unicorn-50283.exe
1436	Unicorn-33095.exe
1008	Unicorn-50283.exe

Suspicious use of SetWindowsHookEx 44 IoCs

pid	Process
2232	5439486d441f4e2b4871d1cc3d445dac.exe
3008	Unicorn-4616.exe
1448	Unicorn-62068.exe
1740	Unicorn-11476.exe
2604	Unicorn-9935.exe
2720	Unicorn-59691.exe
2552	Unicorn-18104.exe
2496	Unicorn-59183.exe
2120	Unicorn-16759.exe
2344	Unicorn-9982.exe
1436	Unicorn-33095.exe
1952	Unicorn-48877.exe
2900	Unicorn-7050.exe
2944	Unicorn-8674.exe
1660	Unicorn-36708.exe
2968	Unicorn-14149.exe
1560	Unicorn-33178.exe
796	Unicorn-57128.exe
956	Unicorn-61980.exe
1008	Unicorn-50283.exe
2424	Unicorn-33776.exe
2112	Unicorn-52805.exe
1884	Unicorn-11217.exe
836	Unicorn-19386.exe
1828	Unicorn-3604.exe
1164	Unicorn-51435.exe
1204	Unicorn-63132.exe
2188	Unicorn-13931.exe
2080	Unicorn-56910.exe
3052	Unicorn-56910.exe
2296	Unicorn-14486.exe
2076	Unicorn-38436.exe
1944	Unicorn-18570.exe
840	Unicorn-29775.exe
544	Unicorn-13993.exe
1696	Unicorn-11300.exe
2232	Unicorn-59131.exe
2844	Unicorn-47434.exe
2636	Unicorn-9930.exe
2784	Unicorn-2317.exe
1984	Unicorn-34435.exe
2620	Unicorn-22183.exe
2512	Unicorn-3708.exe
2988	Unicorn-4263.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 3008	2232	5439486d441f4e2b4871d1cc3d445dac.exe	28
PID 2232 wrote to memory of 3008	2232	5439486d441f4e2b4871d1cc3d445dac.exe	28
PID 2232 wrote to memory of 3008	2232	5439486d441f4e2b4871d1cc3d445dac.exe	28
PID 2232 wrote to memory of 3008	2232	5439486d441f4e2b4871d1cc3d445dac.exe	28
PID 3008 wrote to memory of 1448	3008	Unicorn-4616.exe	29
PID 3008 wrote to memory of 1448	3008	Unicorn-4616.exe	29
PID 3008 wrote to memory of 1448	3008	Unicorn-4616.exe	29
PID 3008 wrote to memory of 1448	3008	Unicorn-4616.exe	29
PID 2232 wrote to memory of 1740	2232	5439486d441f4e2b4871d1cc3d445dac.exe	30
PID 2232 wrote to memory of 1740	2232	5439486d441f4e2b4871d1cc3d445dac.exe	30
PID 2232 wrote to memory of 1740	2232	5439486d441f4e2b4871d1cc3d445dac.exe	30
PID 2232 wrote to memory of 1740	2232	5439486d441f4e2b4871d1cc3d445dac.exe	30
PID 1448 wrote to memory of 2604	1448	Unicorn-62068.exe	31
PID 1448 wrote to memory of 2604	1448	Unicorn-62068.exe	31
PID 1448 wrote to memory of 2604	1448	Unicorn-62068.exe	31
PID 1448 wrote to memory of 2604	1448	Unicorn-62068.exe	31
PID 3008 wrote to memory of 2720	3008	Unicorn-4616.exe	32
PID 3008 wrote to memory of 2720	3008	Unicorn-4616.exe	32
PID 3008 wrote to memory of 2720	3008	Unicorn-4616.exe	32
PID 3008 wrote to memory of 2720	3008	Unicorn-4616.exe	32
PID 1740 wrote to memory of 2552	1740	Unicorn-11476.exe	33
PID 1740 wrote to memory of 2552	1740	Unicorn-11476.exe	33
PID 1740 wrote to memory of 2552	1740	Unicorn-11476.exe	33
PID 1740 wrote to memory of 2552	1740	Unicorn-11476.exe	33
PID 2604 wrote to memory of 2496	2604	Unicorn-9935.exe	34
PID 2604 wrote to memory of 2496	2604	Unicorn-9935.exe	34
PID 2604 wrote to memory of 2496	2604	Unicorn-9935.exe	34
PID 2604 wrote to memory of 2496	2604	Unicorn-9935.exe	34
PID 1448 wrote to memory of 2120	1448	Unicorn-62068.exe	35
PID 1448 wrote to memory of 2120	1448	Unicorn-62068.exe	35
PID 1448 wrote to memory of 2120	1448	Unicorn-62068.exe	35
PID 1448 wrote to memory of 2120	1448	Unicorn-62068.exe	35
PID 2720 wrote to memory of 2344	2720	Unicorn-59691.exe	38
PID 2720 wrote to memory of 2344	2720	Unicorn-59691.exe	38
PID 2720 wrote to memory of 2344	2720	Unicorn-59691.exe	38
PID 2720 wrote to memory of 2344	2720	Unicorn-59691.exe	38
PID 1740 wrote to memory of 1436	1740	Unicorn-11476.exe	37
PID 1740 wrote to memory of 1436	1740	Unicorn-11476.exe	37
PID 1740 wrote to memory of 1436	1740	Unicorn-11476.exe	37
PID 1740 wrote to memory of 1436	1740	Unicorn-11476.exe	37
PID 2552 wrote to memory of 1952	2552	Unicorn-18104.exe	36
PID 2552 wrote to memory of 1952	2552	Unicorn-18104.exe	36
PID 2552 wrote to memory of 1952	2552	Unicorn-18104.exe	36
PID 2552 wrote to memory of 1952	2552	Unicorn-18104.exe	36
PID 2496 wrote to memory of 2900	2496	Unicorn-59183.exe	39
PID 2496 wrote to memory of 2900	2496	Unicorn-59183.exe	39
PID 2496 wrote to memory of 2900	2496	Unicorn-59183.exe	39
PID 2496 wrote to memory of 2900	2496	Unicorn-59183.exe	39
PID 2604 wrote to memory of 2944	2604	Unicorn-9935.exe	40
PID 2604 wrote to memory of 2944	2604	Unicorn-9935.exe	40
PID 2604 wrote to memory of 2944	2604	Unicorn-9935.exe	40
PID 2604 wrote to memory of 2944	2604	Unicorn-9935.exe	40
PID 2120 wrote to memory of 1660	2120	Unicorn-16759.exe	41
PID 2120 wrote to memory of 1660	2120	Unicorn-16759.exe	41
PID 2120 wrote to memory of 1660	2120	Unicorn-16759.exe	41
PID 2120 wrote to memory of 1660	2120	Unicorn-16759.exe	41
PID 2344 wrote to memory of 2968	2344	Unicorn-9982.exe	46
PID 2344 wrote to memory of 2968	2344	Unicorn-9982.exe	46
PID 2344 wrote to memory of 2968	2344	Unicorn-9982.exe	46
PID 2344 wrote to memory of 2968	2344	Unicorn-9982.exe	46
PID 2720 wrote to memory of 1560	2720	Unicorn-59691.exe	45
PID 2720 wrote to memory of 1560	2720	Unicorn-59691.exe	45
PID 2720 wrote to memory of 1560	2720	Unicorn-59691.exe	45
PID 2720 wrote to memory of 1560	2720	Unicorn-59691.exe	45

C:\Users\Admin\AppData\Local\Temp\5439486d441f4e2b4871d1cc3d445dac.exe
"C:\Users\Admin\AppData\Local\Temp\5439486d441f4e2b4871d1cc3d445dac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        9⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
        8⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        8⤵
        Executes dropped EXE
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        8⤵
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
        8⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        7⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        8⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        7⤵
        
        PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        7⤵
        Executes dropped EXE
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        6⤵
        Executes dropped EXE
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        7⤵
        Executes dropped EXE
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        8⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        6⤵
        Executes dropped EXE
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        7⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        8⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
        7⤵
        
        PID:1072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        7⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        8⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        6⤵
        Executes dropped EXE
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        6⤵
        Executes dropped EXE
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        6⤵
        Executes dropped EXE
        
        PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57128.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        6⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        7⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        5⤵
        Executes dropped EXE
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        6⤵
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
        5⤵
        Executes dropped EXE
        
        PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe

Filesize
96KB

MD5
912a15d8b27fbf85f75e01eb81b168a9

SHA1
be73eeb276beda5056ddc82a896f6976e31443d4

SHA256
55c8e8388f45b23e979161286f80c6af3087944fc8a5282f0a94ba1b8b71f669

SHA512
1789c90f9907733b2deb4cc221ac83e95ccb4ceae17a64e5419d845203967542ebf205c56e03c81e34ac829a9ad6603b6dba76c0cb205ba9779581a3602c4644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe

Filesize
184KB

MD5
9f339b83754871d8afd9396e153e71ef

SHA1
a89fdc52fe2b83b66a2af23944f3f727ad97a9c4

SHA256
70d4348f29e056617c9a09d79639abbc2026ffadad66e94b16dab4758af4989f

SHA512
1c21032778e3fa24e6898d3708643f99806d2a7aa5cae1ee87b22525b81988123f729c4ab9ef6382f0d08903cf1dffba7b356197dbd47818fd780de087ee3b21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe

Filesize
184KB

MD5
7cffc056e1bf254237ad51f1ea2e2976

SHA1
39a2cfa15e1c7ca744b5e250accaa7d369f9240b

SHA256
dc80fa7941c892dfbb675c942fc767bc3207c727ea2c548ba134aef7bef5b3fc

SHA512
5548c55a3fb0b8a175b45c59e6af81dbd8f36d4a6dc68dfe7f7e9ce112ee4e8fa53a0a1dffcc45e8ce1d52e796b49a3d5e3130f1ffce057cd05373e0de65328f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe

Filesize
184KB

MD5
358764b16bbb5576923019fc805365f5

SHA1
4e4ca33f4152110971e203c8f3e3d20a6186ef8a

SHA256
2e2639042cddd6d7efa4e15d2cb7fe6c9be9459344bf2945152266c79455f928

SHA512
5914f486fc7464de4ae2d30b21e3311181ee938e506448ff519b9f0a1206d83deae8631a8753d9568899844d2bcda69709929076e47aa1624b8d1aef87236b98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe

Filesize
184KB

MD5
1380927867115b79114ab674d985be9c

SHA1
40c903b7fe6e0bf9c81a060ef9bb52ed4c23dd16

SHA256
a00bab668ada4f5653c07785e772056357ff80bef9ca1734e6ee0d895c3ee119

SHA512
428336ce758a4e7e62a9a1756864700c978bb1111f1d3d41df211369a0780419a4f6428ffc3a0444102fade3d233f3a25206c81fe86795c3c1633a8b977d2189

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe

Filesize
184KB

MD5
df979d000e50bb98a4fb8497899f0a70

SHA1
dccf59004fd4f2e09c515ed186fdcf46ca6aa63d

SHA256
56834a4a77a36ee1819ca7b58c710e28682e13a7a7ccec5803f5a1778ec63bee

SHA512
dbdce61f23152413dcccae5ee2ba3509f76ed8f8b168cb7723e4451b31d5220c1da419999801b421d685ba38f0c9fe7dc9d6ac30142ef6a309a1ccf13e0935d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe

Filesize
184KB

MD5
c89b8861055f0bce430a94c0c4e36e9e

SHA1
111e6de4d67723b188201bf9a6f5e2eccec62a01

SHA256
8b64714da2d1477f65875f4eb6d24d544c275f46a21512d1b0e118033f9cafcc

SHA512
949d32e36778badee13278b5ac7d7381f14b6b79e9a3baa78eca41cfb6da0ed78c89e4dc4254de82a9bee644a727d77658c530ab6dac93f39e693f308a8e5b85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe

Filesize
92KB

MD5
b76bb45cf79ab192deb6579f995bd733

SHA1
6a9577d13b9226f10b5bca85e156182094f0041e

SHA256
0fef402c3d009b2577bf8ba3b3265a93cc8045478a5f73078de49d7aec72e5a3

SHA512
2e81736aa40b414927444d3052258ad9beb3646960b33298480147fc92eea40bf4501e7b9148ad4624766a11b61330333f767b97b571520265967579b04d72ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe

Filesize
184KB

MD5
92bf79754e2bffe0c83cde670ef4c6fd

SHA1
cdf6916ffba7675137357cd0db5110b51a41931b

SHA256
a06b873ba12581c268702cdcccefee2ba50ce6e444faf4dfcc57942b682d2ac6

SHA512
296bb19833702348f2bc703ecdaf21dfe50b9bd63156dd01438ca3339122ceba0856f421ad488d8e96ab61c246ea9ca8b8e2d62c0e566aef689ebdfdbbb7828d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe

Filesize
184KB

MD5
9e04cdb61e5319475803e02c6c1b68e3

SHA1
178d1e767698ed668b6f1153e652b98852bc4e90

SHA256
0388275075cc5318973fac29011e4e1ab00a227b4901bbe34a38018b3f9f2e2f

SHA512
aed0057579013206bf80fde4a63e009fc43438193aaf82dd1750920320566863efaf3c34fd35d41f6012f476356b48dab2a69e1b836b08d4916e4111e89f495b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe

Filesize
184KB

MD5
91996c0f4754b93ef1a2dd295797fb30

SHA1
40492d314a0abd3806c60e682fcb7e67d538a638

SHA256
c492d3dd0a592cfd044e2306b93a32e4d254b979fef88c49be168a50a7103f4a

SHA512
8f4a1b23f1b9a40fc8e617d161c5ebe79bd01418ca34b5bfefcbb266307114a51187afdbb3937796aff285f7834bbd17f185069d57e6e4272cb6071b234da7a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe

Filesize
184KB

MD5
45ddfd8057fa622253244d3c268d6030

SHA1
4df05fa9d19dc88c1a53d313273a41af4078c51e

SHA256
e96bf712b9f89096141fe6cdb16df23238e000c48ba9b99fca4adb021800510b

SHA512
7730f851a43210bf3d17f1c77a0cefc8d7fe150267a4042a662bea3290b0ca8380162a063b66935e14569f4336b7eab7cdf23dcd0edf33b2cf1d6ca1b4fbbdad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe

Filesize
184KB

MD5
2800fd094693a6d0a59f33b2b5a24819

SHA1
bde8ab12b97c582423e8095b342a09b01551a9fd

SHA256
90bc5005ccc01f5805a14968ec9fc3fe8cdec62b953686de6668a11648f4b2f8

SHA512
b7895fd9ac17147e49eeee63be9b8b3169abec17aa6a423ef849a0e2d4673cceeab2d1fd431aef2bc701281a05fa10416bfccf77a13e614c58f1615b005417e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe

Filesize
184KB

MD5
191658fb264053bfde940bbc0d240bdd

SHA1
eb0796f21f6840a343584e072908694d910a3f7c

SHA256
2e58410ff18efb57c499738d3d417956a28370728b75d89593213433639ede2e

SHA512
52f73575e36f2105783a481ef195157cf93e8c3c47882d257d4ff759ea181dfad7ad2fc566ca09d2e2a08b0729a280996e4ae83b9d22624a3a105b8da47b2f27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe

Filesize
184KB

MD5
2836f516d10e9a3d0cb67308c9f6365a

SHA1
a214420a57532d12725fc04d6d10768004d2cc40

SHA256
5355daef51959cbde344f92a2c91d6baf9c9c086aa0cbd5ada4aba044f4b9b95

SHA512
e070791d64f4c93e76e8d7ac92804c135244375bd7d09b7ada24a782cd4a03004a8c7e6f3aa544854c55ef3ed8e30230461708bc6992759d6b091fbd8f3ac1e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe

Filesize
184KB

MD5
551443e95c82d4c2104cd17378a8aea4

SHA1
c1b8023cc8158e9802221787be5c0678611e7806

SHA256
20aa8bb0aa56c8c34b270a78e29d81168b87a1bfc2c56adef7e9c36e65d001d9

SHA512
3e669e3776518271829be689ebf0bacfd4ebca4c556d5c54e6e77353a6b8d4a4d55728a36dab0b3abe7a069d21463847744e22952ad24699649a91bceec22ec7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe

Filesize
72KB

MD5
707dc1f0b710231b81d6a970dd9b29f1

SHA1
b47f7d919c8d3d74c78cf925fc4892989bf6601c

SHA256
ac8914d2b569bb3c3ee9c1fa7c21bc31b786f994b8d5978c683cb4c49414b694

SHA512
399b051d6a3195fa86da817ad0e7732ad8301911da6042e935fd657986a8eb864dc2ef0158d716e3092f40a5b0057c0085ff2f2161af9e042250a72150cdcebb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe

Filesize
184KB

MD5
a9f0d4d0c1275d8fb192d094f4e2fe13

SHA1
14b9fc46dae87fbcaff5d2db9beb6a46d532aa3a

SHA256
50b59808aa5d0800fb5019a5d50338e7225b196abd5f607154d468766f95e61f

SHA512
78098f6cd673b0a074e2887ed07e92350ac947fbcc9e88b120a28b92b8bb3f59a8d9389557afc1cd8e9886406207fbe0773a3b9ee9eb80044fda03950bbb83e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe

Filesize
184KB

MD5
2a7a5290cec67bae5ad490d8994367c7

SHA1
c3f28f2a5dd70c34b64a5502d9d1c25fc4cbd1d0

SHA256
7b6598e9a2990d2a0cac6d9fe4b86d5485c30b6ca26d29f9977623597c5d28f5

SHA512
c123436dcc5afb3e9b85244417e1283c55676562ae236e181ededae0ad6b8aced06c56c580fc9c2c4e0101e11c5c2d72eac2998c93dc65d4cf9a6c69f22390e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads