df76d148bb22bfd4d992398211ac6c08ef058cce0ef6684cb2c1361f48ab20bb

Analysis

max time kernel
90s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a0eea7d04e55cab0b5a1c70052861e3.exe
Size

184KB
MD5

5a0eea7d04e55cab0b5a1c70052861e3
SHA1

ef3c9178f49745e40c785beb678b8bb24665efc4
SHA256

df76d148bb22bfd4d992398211ac6c08ef058cce0ef6684cb2c1361f48ab20bb
SHA512

cd0d61504a31195dd783eb48e837f19e95d27a2d2953ead28461092689e94a4799bc0c986b6a82a75608f5c760e873937e8c6032051384632292b28ba1764f75
SSDEEP

3072:yLkMomAe3Xf0QOj4M3+H3e01FX0Ms8ln8SxK1awSNlPvpF3:yLXouP0Q7MOH3eDMccNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 52 IoCs

pid	Process
2868	Unicorn-60658.exe
2740	Unicorn-13730.exe
2756	Unicorn-1800.exe
2472	Unicorn-41732.exe
2980	Unicorn-12397.exe
2612	Unicorn-32338.exe
2096	Unicorn-61611.exe
2900	Unicorn-28232.exe
2388	Unicorn-34876.exe
2028	Unicorn-30277.exe
2848	Unicorn-978.exe
1524	Unicorn-53324.exe
1876	Unicorn-34492.exe
1488	Unicorn-15078.exe
2040	Unicorn-34814.exe
2064	Unicorn-16174.exe
2152	Unicorn-28077.exe
2108	Unicorn-18094.exe
1996	Unicorn-14310.exe
1336	Unicorn-14730.exe
2376	Unicorn-10781.exe
1144	Unicorn-58768.exe
2772	Unicorn-62297.exe
1112	Unicorn-42239.exe
2488	Unicorn-61913.exe
2616	Unicorn-29049.exe
3040	Unicorn-29926.exe
2500	Unicorn-45037.exe
2400	Unicorn-45037.exe
864	Unicorn-28508.exe
1704	Unicorn-15509.exe
2968	Unicorn-36143.exe
2464	Unicorn-16277.exe
2628	Unicorn-20492.exe
2684	Unicorn-6503.exe
2728	Unicorn-32870.exe
2760	Unicorn-52736.exe
2672	Unicorn-31787.exe
2860	Unicorn-52462.exe
1936	Unicorn-46793.exe
1508	Unicorn-4830.exe
2332	Unicorn-10449.exe
2236	Unicorn-40154.exe
816	Unicorn-19319.exe
2480	Unicorn-38478.exe
2364	Unicorn-51223.exe
1464	Unicorn-7917.exe
2620	Unicorn-23870.exe
664	Unicorn-7533.exe
2012	Unicorn-39822.exe
2120	Unicorn-7149.exe
884	Unicorn-23294.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	5a0eea7d04e55cab0b5a1c70052861e3.exe
1708	5a0eea7d04e55cab0b5a1c70052861e3.exe
1708	5a0eea7d04e55cab0b5a1c70052861e3.exe
2868	Unicorn-60658.exe
1708	5a0eea7d04e55cab0b5a1c70052861e3.exe
2868	Unicorn-60658.exe
2756	Unicorn-1800.exe
2868	Unicorn-60658.exe
2868	Unicorn-60658.exe
2756	Unicorn-1800.exe
2472	Unicorn-41732.exe
2472	Unicorn-41732.exe
2980	Unicorn-12397.exe
2980	Unicorn-12397.exe
2756	Unicorn-1800.exe
2756	Unicorn-1800.exe
2612	Unicorn-32338.exe
2612	Unicorn-32338.exe
2472	Unicorn-41732.exe
2472	Unicorn-41732.exe
2096	Unicorn-61611.exe
2900	Unicorn-28232.exe
2980	Unicorn-12397.exe
2980	Unicorn-12397.exe
2096	Unicorn-61611.exe
2900	Unicorn-28232.exe
2388	Unicorn-34876.exe
1876	Unicorn-34492.exe
1876	Unicorn-34492.exe
2740	Unicorn-13730.exe
2388	Unicorn-34876.exe
2740	Unicorn-13730.exe
2612	Unicorn-32338.exe
2612	Unicorn-32338.exe
2028	Unicorn-30277.exe
2028	Unicorn-30277.exe
1524	Unicorn-53324.exe
1524	Unicorn-53324.exe
2900	Unicorn-28232.exe
2900	Unicorn-28232.exe
2096	Unicorn-61611.exe
2096	Unicorn-61611.exe
2848	Unicorn-978.exe
2848	Unicorn-978.exe
1488	Unicorn-15078.exe
1488	Unicorn-15078.exe
1876	Unicorn-34492.exe
1876	Unicorn-34492.exe
2064	Unicorn-16174.exe
2064	Unicorn-16174.exe
2108	Unicorn-18094.exe
2108	Unicorn-18094.exe
2040	Unicorn-34814.exe
2040	Unicorn-34814.exe
2028	Unicorn-30277.exe
2388	Unicorn-34876.exe
2028	Unicorn-30277.exe
2388	Unicorn-34876.exe
2740	Unicorn-13730.exe
2740	Unicorn-13730.exe
2152	Unicorn-28077.exe
2152	Unicorn-28077.exe
1524	Unicorn-53324.exe
1524	Unicorn-53324.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
1708	5a0eea7d04e55cab0b5a1c70052861e3.exe
2868	Unicorn-60658.exe
2756	Unicorn-1800.exe
2472	Unicorn-41732.exe
2980	Unicorn-12397.exe
2612	Unicorn-32338.exe
2096	Unicorn-61611.exe
2900	Unicorn-28232.exe
2740	Unicorn-13730.exe
2028	Unicorn-30277.exe
2388	Unicorn-34876.exe
1876	Unicorn-34492.exe
2848	Unicorn-978.exe
1524	Unicorn-53324.exe
1488	Unicorn-15078.exe
2040	Unicorn-34814.exe
2064	Unicorn-16174.exe
2108	Unicorn-18094.exe
2152	Unicorn-28077.exe
1336	Unicorn-14730.exe
1996	Unicorn-14310.exe
2376	Unicorn-10781.exe
1144	Unicorn-58768.exe
2772	Unicorn-62297.exe
1112	Unicorn-42239.exe
2616	Unicorn-29049.exe
2488	Unicorn-61913.exe
3040	Unicorn-29926.exe
2464	Unicorn-16277.exe
2968	Unicorn-36143.exe
2728	Unicorn-32870.exe
2672	Unicorn-31787.exe
2400	Unicorn-45037.exe
864	Unicorn-28508.exe
1704	Unicorn-15509.exe
2628	Unicorn-20492.exe
2760	Unicorn-52736.exe
2684	Unicorn-6503.exe
1936	Unicorn-46793.exe
2860	Unicorn-52462.exe
1508	Unicorn-4830.exe
2332	Unicorn-10449.exe
2236	Unicorn-40154.exe
816	Unicorn-19319.exe
2480	Unicorn-38478.exe
2364	Unicorn-51223.exe
1464	Unicorn-7917.exe
664	Unicorn-7533.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2868	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	28
PID 1708 wrote to memory of 2868	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	28
PID 1708 wrote to memory of 2868	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	28
PID 1708 wrote to memory of 2868	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	28
PID 1708 wrote to memory of 2740	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	29
PID 1708 wrote to memory of 2740	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	29
PID 1708 wrote to memory of 2740	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	29
PID 1708 wrote to memory of 2740	1708	5a0eea7d04e55cab0b5a1c70052861e3.exe	29
PID 2868 wrote to memory of 2756	2868	Unicorn-60658.exe	30
PID 2868 wrote to memory of 2756	2868	Unicorn-60658.exe	30
PID 2868 wrote to memory of 2756	2868	Unicorn-60658.exe	30
PID 2868 wrote to memory of 2756	2868	Unicorn-60658.exe	30
PID 2868 wrote to memory of 2472	2868	Unicorn-60658.exe	31
PID 2868 wrote to memory of 2472	2868	Unicorn-60658.exe	31
PID 2868 wrote to memory of 2472	2868	Unicorn-60658.exe	31
PID 2868 wrote to memory of 2472	2868	Unicorn-60658.exe	31
PID 2756 wrote to memory of 2980	2756	Unicorn-1800.exe	32
PID 2756 wrote to memory of 2980	2756	Unicorn-1800.exe	32
PID 2756 wrote to memory of 2980	2756	Unicorn-1800.exe	32
PID 2756 wrote to memory of 2980	2756	Unicorn-1800.exe	32
PID 2472 wrote to memory of 2612	2472	Unicorn-41732.exe	33
PID 2472 wrote to memory of 2612	2472	Unicorn-41732.exe	33
PID 2472 wrote to memory of 2612	2472	Unicorn-41732.exe	33
PID 2472 wrote to memory of 2612	2472	Unicorn-41732.exe	33
PID 2980 wrote to memory of 2096	2980	Unicorn-12397.exe	34
PID 2980 wrote to memory of 2096	2980	Unicorn-12397.exe	34
PID 2980 wrote to memory of 2096	2980	Unicorn-12397.exe	34
PID 2980 wrote to memory of 2096	2980	Unicorn-12397.exe	34
PID 2756 wrote to memory of 2900	2756	Unicorn-1800.exe	35
PID 2756 wrote to memory of 2900	2756	Unicorn-1800.exe	35
PID 2756 wrote to memory of 2900	2756	Unicorn-1800.exe	35
PID 2756 wrote to memory of 2900	2756	Unicorn-1800.exe	35
PID 2612 wrote to memory of 2388	2612	Unicorn-32338.exe	36
PID 2612 wrote to memory of 2388	2612	Unicorn-32338.exe	36
PID 2612 wrote to memory of 2388	2612	Unicorn-32338.exe	36
PID 2612 wrote to memory of 2388	2612	Unicorn-32338.exe	36
PID 2472 wrote to memory of 2028	2472	Unicorn-41732.exe	37
PID 2472 wrote to memory of 2028	2472	Unicorn-41732.exe	37
PID 2472 wrote to memory of 2028	2472	Unicorn-41732.exe	37
PID 2472 wrote to memory of 2028	2472	Unicorn-41732.exe	37
PID 2980 wrote to memory of 2848	2980	Unicorn-12397.exe	39
PID 2980 wrote to memory of 2848	2980	Unicorn-12397.exe	39
PID 2980 wrote to memory of 2848	2980	Unicorn-12397.exe	39
PID 2980 wrote to memory of 2848	2980	Unicorn-12397.exe	39
PID 2900 wrote to memory of 1524	2900	Unicorn-28232.exe	40
PID 2900 wrote to memory of 1524	2900	Unicorn-28232.exe	40
PID 2900 wrote to memory of 1524	2900	Unicorn-28232.exe	40
PID 2900 wrote to memory of 1524	2900	Unicorn-28232.exe	40
PID 2096 wrote to memory of 1876	2096	Unicorn-61611.exe	38
PID 2096 wrote to memory of 1876	2096	Unicorn-61611.exe	38
PID 2096 wrote to memory of 1876	2096	Unicorn-61611.exe	38
PID 2096 wrote to memory of 1876	2096	Unicorn-61611.exe	38
PID 1876 wrote to memory of 1488	1876	Unicorn-34492.exe	42
PID 1876 wrote to memory of 1488	1876	Unicorn-34492.exe	42
PID 1876 wrote to memory of 1488	1876	Unicorn-34492.exe	42
PID 1876 wrote to memory of 1488	1876	Unicorn-34492.exe	42
PID 2388 wrote to memory of 2040	2388	Unicorn-34876.exe	43
PID 2388 wrote to memory of 2040	2388	Unicorn-34876.exe	43
PID 2388 wrote to memory of 2040	2388	Unicorn-34876.exe	43
PID 2388 wrote to memory of 2040	2388	Unicorn-34876.exe	43
PID 2740 wrote to memory of 2064	2740	Unicorn-13730.exe	41
PID 2740 wrote to memory of 2064	2740	Unicorn-13730.exe	41
PID 2740 wrote to memory of 2064	2740	Unicorn-13730.exe	41
PID 2740 wrote to memory of 2064	2740	Unicorn-13730.exe	41

C:\Users\Admin\AppData\Local\Temp\5a0eea7d04e55cab0b5a1c70052861e3.exe
"C:\Users\Admin\AppData\Local\Temp\5a0eea7d04e55cab0b5a1c70052861e3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        8⤵
        Executes dropped EXE
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        8⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        8⤵
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        8⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        7⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        7⤵
        
        PID:696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23294.exe
        9⤵
        Executes dropped EXE
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        10⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        6⤵
        Executes dropped EXE
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        7⤵
        Executes dropped EXE
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        7⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        6⤵
        
        PID:2564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        7⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        8⤵
        
        PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe

Filesize
184KB

MD5
aa4e8776f89c7b93c2011d0b2900b1a1

SHA1
c0c60a030f87445e8dedf326330683397eb37445

SHA256
1769b5bffbc1c0152ac54d6780740b15af2d04a31f167c413842bfb9daf84ffe

SHA512
edd360231a285b0d0546396f5757f0f931e17b94f70b469653076cc7810b85333ba82440c41ef42c743140533cb234109365bead1a2a21e40843017fe38cf9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe

Filesize
184KB

MD5
0bc9470d2aa324eb2126972057f70ca8

SHA1
5e6ba6bcfd1d279799d05b9e1f82a1ce49b70cc7

SHA256
5069cd32942cceae48828676102cf88d8478899b17bd0dfeef54d4cad648c8f1

SHA512
92b80fdbd775a5686e0b6787a266263036119be1afc108037e166a8d0cb7b718617472f261e77ea3ae4bad00fb3af40f5be64912ac7424f004e2ff155b812b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe

Filesize
184KB

MD5
1474d53ad7ebbe29b93dc7d196cfe5a0

SHA1
6c09ed3557a232e619889da1b97fb11b01cba1a5

SHA256
88e23e775e6fbcfa5fcc5367bcf7680ac15edd74abafcc589a301ad83520cb3e

SHA512
30db2111208d99e2664a772e7954d6dc8972ba3fb42feae1279942471e4f7408a9f1eb8a502a78e7acf1e69c916e14f9788a7f8aae225914519962f1bfb86628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe

Filesize
184KB

MD5
2be1694ad5d0dc4b2b5870a3ff7571d2

SHA1
cd053b9311b33ccdfa7b02ce8f347ccc091eb6ae

SHA256
58da13a4bff5c96f3c1a8c6d79915c83c1fb9dcc68dd7dc76c08275b564e88a1

SHA512
66da6fe33af3b759aaab52da3e68bc78e971097d56ced4f42720203a93a1802057dee2ee7e09a5ea8219c2c595011e725a658412f70db7a22a382e4722189253

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe

Filesize
184KB

MD5
676e4431971a1c676e09369f4f8b17e6

SHA1
23e4cb6d427afc1913457b239f33c14d52e1a00c

SHA256
9bc3bb7ded24ce0bc0979fb8f5b2c7da100f1461e3c6e6cee9b8cabadab7e8be

SHA512
d73892b48857e4e560b40f2a70f960ef79fb3d32ae20080a8c6c1d6d50ef0d313c2d8a16af599aa8d24191d94a9058844adc3dd11162af20a95de2ba08e01f08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe

Filesize
184KB

MD5
8be23160f14c5d6a7cef7952850d1d7f

SHA1
e8ea8c66b1a8a075ae5552ccd6f3069108160b66

SHA256
b266e9906e89b9c7bd5b416a80092ebe002c7128d4871aed1c957fd3b10574bf

SHA512
a91b6323b3ef75f226946e273929bc567bf9dfb40f330200ca0d82bf69be5d04b11309526d2556090c4679950955fc712322b9c88f7c9df9227827dd2bf12efe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe

Filesize
184KB

MD5
007932a5b00257b99dec9a3d4a75d48b

SHA1
8929550eeadd4c749cd2740a7806ab37b519d377

SHA256
4874d544a8d31d5b270922e1fb94f16471344c41fc614cedf20547fe106ec618

SHA512
e7d8cca83c1e736516d060e18edd5d3309173e8da0e2edfa8ff0cf162b01f975a245efd345ba6e172d03136f5d9edc4bc4e55c8686af3ca19706e6dd503fed2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe

Filesize
184KB

MD5
0878836c4872066aadaa9adf505ad587

SHA1
c249efab35dcaf54c9deb131fbb690a3d83b2eff

SHA256
3119a322f30d25cc87fda130318ec123e8735e2d7cff8798da5f8cc834974314

SHA512
7d470bdd8e125652946ed5567659856aab5247bbc4c25c21ce965c2bd614a71e98de13829f4f12302502f25e1e90fadf1b547147c43c41a9bdc036524c212c05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe

Filesize
184KB

MD5
882eae7ecfbbc90a9d81b1d6adb4f30c

SHA1
8792d50f1ea26ea0d5c56319c9f1529c701b1b8a

SHA256
254dcba0c13ace683e94f65503e9469decd4690ecf7f0153f9b85106db8f7a04

SHA512
bf361cb0262c8c9c0a048395c5939b4c3b73abcba82dd123b8f8d2f3993f6ba6bcdd629fd979cc9d849a9e0ebfd010ef3dda920680496f5732d7ecf0e5eb96b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe

Filesize
184KB

MD5
e61fb428fd8eba6cfe2eeeda143de6c5

SHA1
a05bd173f6fab66b2a4c2b53dc3ec91a43c10ed4

SHA256
c59f6884a454c98bdfedbc04208d86456586b204472f14c7ed26189a790f0b6f

SHA512
31d2f2ddf53748a9a53695d4cdacdca6bae4b5ca01047392abe3fdbe4e72af1d7c44f9ff7be09b0d8f52cd06f4169df405b853ef0eb7aebb4cf5a061d67c8860

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe

Filesize
184KB

MD5
c63c2541a217fdede753e6435d578fd7

SHA1
35070c0ac6f0e19480aa498082b2e9d0ae6d069c

SHA256
d0c426f5771ce3a7c4539cd887ee42d9b8674f36ea97dd413a4cc7e948654a52

SHA512
cb0977b5fa7f2577e2cc9b79b737f05bdee44bf7e46b9cedb8248147f7c0fb25c4d571c78ea0aa6d535b3107a5720499eb68f9db43a578a07897a5025628d12d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe

Filesize
184KB

MD5
bb63f2e31d0958bf7e4900142253b1e1

SHA1
4abf5ad0604bf986e093030dbcf7905c216af50e

SHA256
59a97a3b6980949a0c1479920e4861baf0bed8fa39fae40ecaf00f7dfcece80e

SHA512
3dc6e96106fda85d4614423b67a607ca76ef84dc6325dcf5a8bc3e99fb2766dff4fd6809eb66e8a9b7bc003ced04956309aec931f866958b2a117a1aa7ef51df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe

Filesize
184KB

MD5
60b2836f8709f863aa06fab9643f1530

SHA1
13d5694981e2ae8e2e2a77af21f85db92bbed1b0

SHA256
ffb1fd47f964654b219fb04585c4206853b7dafead4dc5ceeac9a83828efaeb9

SHA512
1078f714e6c3742edaba9caeb5d4927670d1c31178ea079188197b9b6a70a0d105d363132f24c944a345b326afb363ce9d99d6d9acb57342e11172dd663c597c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe

Filesize
184KB

MD5
5cae451905c88cb600331f1eb4b43add

SHA1
4eb8bb313587be9f510953014df55ca802949ade

SHA256
9d8f3fb645dc89442a74634747ff2f38bd8e65bbe3d0d77a115fca75ce68c364

SHA512
abe1efa8b9698c836d2a6b3ee367e165c066097ec4596223237660f97a46e0148a25ed227a9b895217551f2fd0f74d141a1feaf272cfe4ad8ce09737cdd7f65e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe

Filesize
184KB

MD5
526fe8a4e1f72f6d0dc0da0eed93f87e

SHA1
aad970028e431e24b1242913730488aa74d5f729

SHA256
32c2861b9016b8ca766e699f8c55ea9db5ae5efe201be87b312b54f544a5e00d

SHA512
a1ea1fcfa3e12cb1e28ffc8b963c3c44bb8c543f3049f53ef4db2b07d9979860a65ee55986ffd91dcace6290d2e78ec14d9ce01a8e1da8c6a67ba104b54d1411

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe

Filesize
184KB

MD5
41a673beb23e58ca52239f3ee35b4c21

SHA1
2f886b7e69d57e0dbce7f84dd2f66bcf7cc70389

SHA256
5b86db9526cdd44a19b25c78ab43eee609ffb02e0ee0b2f55202296bd40f21e6

SHA512
d7567e10d9443b4288ae16a2e54aadbb6144582a0df2c5c0a1361e9311cbdca525190b410154bb172c78b7c5eee276a596aa7950dada25495baf27aab20b207a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe

Filesize
184KB

MD5
28fec78690a1b33f21f0cb5d866ee7a4

SHA1
849835f87ba8ad57e260d4f88e8cb05d8061a241

SHA256
061c79cae5f8fc184ae7c7e1a887798293d2e69739bdec253eea6b75005fecfd

SHA512
a28c9e7c8fc2995403821464cb547825874fceaeb3f1815dd4750df7f6cb9ff0b90f63f61ddb8b8fdf11f3ee7a6e9a55d231e82af020a1b51f06e7b5515c1412

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-978.exe

Filesize
184KB

MD5
3b8f81d9d84f5b2ed3ad5286a75b476c

SHA1
eb35cd2e90a255934181d6d46f1de35803894479

SHA256
b96083d0340e2e0bbabbc2315d3937ec68aa4476c3c76a10fb722e079cd8ec98

SHA512
04ffcc4db58b9dbcf878f4ba5e8b65b9e02548de77e0acd038be2bc98c20569e575a6f9fa6bcd85cb75b27f14bd2f0c457673e06f3e14cf35e75b0fb0a2498db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads