bdfdc81b9ccedb2fcb105f0ed6b016cc7f55fe382ff567e20b8120cad531cf65

Analysis

max time kernel
46s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64ca3bf286a52250c3a0210a2bf3cb15.exe
Size

184KB
MD5

64ca3bf286a52250c3a0210a2bf3cb15
SHA1

24e4c37dd54d6cc81f7ff4e0a2f25c19acf40eee
SHA256

bdfdc81b9ccedb2fcb105f0ed6b016cc7f55fe382ff567e20b8120cad531cf65
SHA512

339284f77bc87d3cdc8506c70498303b37d62c98e1f9b0f3f31132b39dcaecddad783493115ffbe90cdf48bf8cdbf4ef5f163fd74d73029f9ec06c70cd1728ae
SSDEEP

3072:tzS7oze3sYAgr9AJdTn4F8NmrvO611fVoDEx8gPzm6lPvpF7:tzeop5gr0db4F8q9kP6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 55 IoCs

pid	Process
2116	Unicorn-62364.exe
2772	Unicorn-15597.exe
2792	Unicorn-61269.exe
2592	Unicorn-43043.exe
2620	Unicorn-62909.exe
2180	Unicorn-62909.exe
2092	Unicorn-33247.exe
1668	Unicorn-37885.exe
2892	Unicorn-49583.exe
1876	Unicorn-8550.exe
2936	Unicorn-54222.exe
1156	Unicorn-22334.exe
292	Unicorn-18804.exe
1356	Unicorn-30502.exe
2360	Unicorn-46838.exe
2224	Unicorn-51477.exe
544	Unicorn-43308.exe
676	Unicorn-63174.exe
2952	Unicorn-49656.exe
1248	Unicorn-39027.exe
348	Unicorn-29790.exe
852	Unicorn-42557.exe
2496	Unicorn-59277.exe
2404	Unicorn-47580.exe
1324	Unicorn-42749.exe
1040	Unicorn-22883.exe
356	Unicorn-11036.exe
1800	Unicorn-55860.exe
3004	Unicorn-51771.exe
2984	Unicorn-45430.exe
2764	Unicorn-45430.exe
2728	Unicorn-45430.exe
2616	Unicorn-43816.exe
2588	Unicorn-60749.exe
2384	Unicorn-40883.exe
340	Unicorn-27885.exe
1928	Unicorn-44413.exe
2168	Unicorn-3956.exe
2832	Unicorn-3956.exe
2484	Unicorn-20293.exe
1864	Unicorn-36629.exe
1912	Unicorn-2612.exe
1568	Unicorn-24931.exe
1624	Unicorn-33099.exe
1732	Unicorn-44797.exe
2032	Unicorn-41647.exe
1976	Unicorn-21781.exe
2996	Unicorn-56468.exe
1740	Unicorn-60230.exe
600	Unicorn-14558.exe
2420	Unicorn-60230.exe
1420	Unicorn-22836.exe
632	Unicorn-2970.exe
2948	Unicorn-29010.exe
2428	Unicorn-10676.exe

Loads dropped DLL 64 IoCs

pid	Process
1728	64ca3bf286a52250c3a0210a2bf3cb15.exe
1728	64ca3bf286a52250c3a0210a2bf3cb15.exe
2116	Unicorn-62364.exe
1728	64ca3bf286a52250c3a0210a2bf3cb15.exe
2116	Unicorn-62364.exe
1728	64ca3bf286a52250c3a0210a2bf3cb15.exe
2116	Unicorn-62364.exe
2116	Unicorn-62364.exe
2772	Unicorn-15597.exe
2792	Unicorn-61269.exe
2792	Unicorn-61269.exe
2772	Unicorn-15597.exe
2180	Unicorn-62909.exe
2792	Unicorn-61269.exe
2180	Unicorn-62909.exe
2792	Unicorn-61269.exe
2592	Unicorn-43043.exe
2592	Unicorn-43043.exe
2772	Unicorn-15597.exe
2620	Unicorn-62909.exe
2620	Unicorn-62909.exe
2772	Unicorn-15597.exe
2092	Unicorn-33247.exe
2092	Unicorn-33247.exe
2180	Unicorn-62909.exe
2180	Unicorn-62909.exe
1668	Unicorn-37885.exe
1668	Unicorn-37885.exe
2892	Unicorn-49583.exe
2892	Unicorn-49583.exe
2592	Unicorn-43043.exe
2592	Unicorn-43043.exe
2620	Unicorn-62909.exe
2620	Unicorn-62909.exe
1876	Unicorn-8550.exe
1876	Unicorn-8550.exe
1156	Unicorn-22334.exe
1156	Unicorn-22334.exe
2092	Unicorn-33247.exe
2092	Unicorn-33247.exe
2936	Unicorn-54222.exe
2936	Unicorn-54222.exe
1356	Unicorn-30502.exe
1356	Unicorn-30502.exe
1668	Unicorn-37885.exe
1668	Unicorn-37885.exe
2224	Unicorn-51477.exe
2224	Unicorn-51477.exe
1876	Unicorn-8550.exe
676	Unicorn-63174.exe
1876	Unicorn-8550.exe
676	Unicorn-63174.exe
544	Unicorn-43308.exe
544	Unicorn-43308.exe
1248	Unicorn-39027.exe
1248	Unicorn-39027.exe
2952	Unicorn-49656.exe
2952	Unicorn-49656.exe
852	Unicorn-42557.exe
2496	Unicorn-59277.exe
1324	Unicorn-42749.exe
2496	Unicorn-59277.exe
852	Unicorn-42557.exe
1324	Unicorn-42749.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
1728	64ca3bf286a52250c3a0210a2bf3cb15.exe
2116	Unicorn-62364.exe
2792	Unicorn-61269.exe
2772	Unicorn-15597.exe
2592	Unicorn-43043.exe
2180	Unicorn-62909.exe
2620	Unicorn-62909.exe
2092	Unicorn-33247.exe
1668	Unicorn-37885.exe
1876	Unicorn-8550.exe
2892	Unicorn-49583.exe
2936	Unicorn-54222.exe
1156	Unicorn-22334.exe
292	Unicorn-18804.exe
1356	Unicorn-30502.exe
2224	Unicorn-51477.exe
676	Unicorn-63174.exe
544	Unicorn-43308.exe
2952	Unicorn-49656.exe
1248	Unicorn-39027.exe
348	Unicorn-29790.exe
2496	Unicorn-59277.exe
852	Unicorn-42557.exe
1324	Unicorn-42749.exe
1800	Unicorn-55860.exe
1040	Unicorn-22883.exe
2728	Unicorn-45430.exe
2404	Unicorn-47580.exe
2764	Unicorn-45430.exe
3004	Unicorn-51771.exe
356	Unicorn-11036.exe
2360	Unicorn-46838.exe
2984	Unicorn-45430.exe
2616	Unicorn-43816.exe
2384	Unicorn-40883.exe
2588	Unicorn-60749.exe
340	Unicorn-27885.exe
1928	Unicorn-44413.exe
2168	Unicorn-3956.exe
2484	Unicorn-20293.exe
2832	Unicorn-3956.exe
1864	Unicorn-36629.exe
1912	Unicorn-2612.exe
1624	Unicorn-33099.exe
2032	Unicorn-41647.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2116	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	28
PID 1728 wrote to memory of 2116	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	28
PID 1728 wrote to memory of 2116	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	28
PID 1728 wrote to memory of 2116	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	28
PID 2116 wrote to memory of 2772	2116	Unicorn-62364.exe	29
PID 2116 wrote to memory of 2772	2116	Unicorn-62364.exe	29
PID 2116 wrote to memory of 2772	2116	Unicorn-62364.exe	29
PID 2116 wrote to memory of 2772	2116	Unicorn-62364.exe	29
PID 1728 wrote to memory of 2792	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	30
PID 1728 wrote to memory of 2792	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	30
PID 1728 wrote to memory of 2792	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	30
PID 1728 wrote to memory of 2792	1728	64ca3bf286a52250c3a0210a2bf3cb15.exe	30
PID 2116 wrote to memory of 2592	2116	Unicorn-62364.exe	31
PID 2116 wrote to memory of 2592	2116	Unicorn-62364.exe	31
PID 2116 wrote to memory of 2592	2116	Unicorn-62364.exe	31
PID 2116 wrote to memory of 2592	2116	Unicorn-62364.exe	31
PID 2792 wrote to memory of 2180	2792	Unicorn-61269.exe	32
PID 2772 wrote to memory of 2620	2772	Unicorn-15597.exe	33
PID 2792 wrote to memory of 2180	2792	Unicorn-61269.exe	32
PID 2792 wrote to memory of 2180	2792	Unicorn-61269.exe	32
PID 2772 wrote to memory of 2620	2772	Unicorn-15597.exe	33
PID 2792 wrote to memory of 2180	2792	Unicorn-61269.exe	32
PID 2772 wrote to memory of 2620	2772	Unicorn-15597.exe	33
PID 2772 wrote to memory of 2620	2772	Unicorn-15597.exe	33
PID 2180 wrote to memory of 2092	2180	Unicorn-62909.exe	34
PID 2180 wrote to memory of 2092	2180	Unicorn-62909.exe	34
PID 2180 wrote to memory of 2092	2180	Unicorn-62909.exe	34
PID 2180 wrote to memory of 2092	2180	Unicorn-62909.exe	34
PID 2792 wrote to memory of 1668	2792	Unicorn-61269.exe	35
PID 2792 wrote to memory of 1668	2792	Unicorn-61269.exe	35
PID 2792 wrote to memory of 1668	2792	Unicorn-61269.exe	35
PID 2792 wrote to memory of 1668	2792	Unicorn-61269.exe	35
PID 2592 wrote to memory of 2892	2592	Unicorn-43043.exe	38
PID 2592 wrote to memory of 2892	2592	Unicorn-43043.exe	38
PID 2592 wrote to memory of 2892	2592	Unicorn-43043.exe	38
PID 2592 wrote to memory of 2892	2592	Unicorn-43043.exe	38
PID 2620 wrote to memory of 1876	2620	Unicorn-62909.exe	36
PID 2620 wrote to memory of 1876	2620	Unicorn-62909.exe	36
PID 2620 wrote to memory of 1876	2620	Unicorn-62909.exe	36
PID 2620 wrote to memory of 1876	2620	Unicorn-62909.exe	36
PID 2772 wrote to memory of 2936	2772	Unicorn-15597.exe	37
PID 2772 wrote to memory of 2936	2772	Unicorn-15597.exe	37
PID 2772 wrote to memory of 2936	2772	Unicorn-15597.exe	37
PID 2772 wrote to memory of 2936	2772	Unicorn-15597.exe	37
PID 2092 wrote to memory of 1156	2092	Unicorn-33247.exe	39
PID 2092 wrote to memory of 1156	2092	Unicorn-33247.exe	39
PID 2092 wrote to memory of 1156	2092	Unicorn-33247.exe	39
PID 2092 wrote to memory of 1156	2092	Unicorn-33247.exe	39
PID 2180 wrote to memory of 292	2180	Unicorn-62909.exe	40
PID 2180 wrote to memory of 292	2180	Unicorn-62909.exe	40
PID 2180 wrote to memory of 292	2180	Unicorn-62909.exe	40
PID 2180 wrote to memory of 292	2180	Unicorn-62909.exe	40
PID 1668 wrote to memory of 1356	1668	Unicorn-37885.exe	45
PID 1668 wrote to memory of 1356	1668	Unicorn-37885.exe	45
PID 1668 wrote to memory of 1356	1668	Unicorn-37885.exe	45
PID 1668 wrote to memory of 1356	1668	Unicorn-37885.exe	45
PID 2892 wrote to memory of 2360	2892	Unicorn-49583.exe	44
PID 2892 wrote to memory of 2360	2892	Unicorn-49583.exe	44
PID 2892 wrote to memory of 2360	2892	Unicorn-49583.exe	44
PID 2892 wrote to memory of 2360	2892	Unicorn-49583.exe	44
PID 2592 wrote to memory of 2224	2592	Unicorn-43043.exe	43
PID 2592 wrote to memory of 2224	2592	Unicorn-43043.exe	43
PID 2592 wrote to memory of 2224	2592	Unicorn-43043.exe	43
PID 2592 wrote to memory of 2224	2592	Unicorn-43043.exe	43

C:\Users\Admin\AppData\Local\Temp\64ca3bf286a52250c3a0210a2bf3cb15.exe
"C:\Users\Admin\AppData\Local\Temp\64ca3bf286a52250c3a0210a2bf3cb15.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        10⤵
        Executes dropped EXE
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        12⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        9⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56468.exe
        9⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        10⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        8⤵
        Executes dropped EXE
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        7⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        9⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        8⤵
        Executes dropped EXE
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        7⤵
        Executes dropped EXE
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        8⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        9⤵
        
        PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        7⤵
        
        PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
        7⤵
        
        PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
        9⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        7⤵
        
        PID:1956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        10⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        7⤵
        Executes dropped EXE
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        8⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        7⤵
        Executes dropped EXE
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        8⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        6⤵
        Executes dropped EXE
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
        7⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        5⤵
        Executes dropped EXE
        
        PID:632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe

Filesize
184KB

MD5
72455357f32538803df24834b7d0f1c1

SHA1
08b4ceba2752b6c1d2f5d8ffc1f8dc1d72d01357

SHA256
8cfd594d575c37c64e067a8df8681e9d81786bafcb1cb2e9dfcd02c807c1766c

SHA512
ce1fc85c980a609d672a83afefa8ab097090f23a969f110a828fea9c104d90fb4ed84d805fbbd0470d7efa7ffa0f554cf06f4b49afdb8c759286fafbd3503523

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe

Filesize
184KB

MD5
134d35584ed93e0babf804016ace959d

SHA1
c7e0fd930f496f99ebe157ebd5d59795eede45dd

SHA256
3a203fed4c8a1eb43e0370b5feeba15203a4c3f62a5661674b6803651248b7e4

SHA512
d0832cb7b8e23ecc47ca2c4076d3feac091a6b38a16aa5a2db22090d6dfc6860bb618564c092203c7e462d90940f9a6141e0fb1808541401c00254538c54404e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe

Filesize
124KB

MD5
0d86ee21dfd8dd7d511d1f65e0117844

SHA1
0cd61e4029182ce8c479e4201a762e8eb2d67042

SHA256
321a4644236bf092e5bd5878daad1e85badf643072ed837e19a3ab7ce5f00822

SHA512
5c489179191c8068654c0ec9b1549e97d04013af5db8776888482b3ef08b7c60f933944c50fed82fdab57cab05e6493a4255440e4336129f8e9e4aa1d0cd5336

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe

Filesize
184KB

MD5
3e4bd3be03749968fd1f66c21796738c

SHA1
59774daaa4a0a61e125771025ad2001a0f65ddaf

SHA256
af5c55bec9fc8bcf5b21590ad2a4721f4589bdb338605be5b168aef25ae1a9b7

SHA512
9669ad6f3fb69009e31b3aef11dadf5c41f712cb0703b9baf4a1eea4ca0629aafc4b4aadbd51790b7740f73a7cdb60784b5f015bd1156f33b4312cf6342fe307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe

Filesize
184KB

MD5
77454c6478c5c34b1319f162655d3c6d

SHA1
9d818c3a9a4beafa4815db013790a96eebb91d41

SHA256
83613508356dff2097e108340e211c561b331d3c3f3b3e0400679b8cb254bf67

SHA512
59d9295a0d023f52bb7f344206165cf1cfcddaacb6fcb4b82d5c48003d8a1e8996aa44d2a18ebfb1fec5e7d740ed71d53e991a8d7c032f946adfd66511695ae8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe

Filesize
184KB

MD5
cce37c754313ed01b48cce63d4069dc4

SHA1
1be559cc4af3f0963f6bc46c62014ca27d319cee

SHA256
e48797d37a6bdc20270e9ee1348f982a7f17f423bf114f22632a5a3688838912

SHA512
cb8fd8dd618a2326a8125117a720286b14e280193a1ff65fd6d1b7e61736165f6718751896ff609d388f6e06d9d35bc5a6af5e379f2bae53085b90fb15d13d8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe

Filesize
184KB

MD5
9a543c2d79443864c04073d9828746d0

SHA1
4c3ef391cb9dbda55d1dca397a83ef9eac972d0c

SHA256
f6ecc168e3a4ce60ea88e52cdfa65d7cf082d403b24fe8d29e24b8f05d2ca3a5

SHA512
509a487c4f754e42fd013868b73a07c4fc5f494fa860e852ed354a35db652371ef60f7195498a978bfaf2ecde77bf664b105bc7e4900a62e1f5edbe2abf8f9dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe

Filesize
77KB

MD5
e7d167c8e3c71ccc80205df2d5847518

SHA1
80ec5954c7aade27c436b8c8194ac69650a71891

SHA256
a7d7997eef939336ad91b36de0842ff70932fa5dbb9b71b35c12d37ca834bce3

SHA512
103fb61ff849be7a531b6a2102b96ed9e3957039c383d6d9a3ba33375981b22071114a01bb329e8895a2187f38d3d737f9e8ffb39600ea117c0d3fdc0161b3e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe

Filesize
184KB

MD5
3aa859a4b6ee69dfc25df315095a8bb9

SHA1
47d84db0d26ef9f285cd8049f2eced572eabd995

SHA256
95c5f9269cb26c577effbd284bc68a53ec04e29b537e11c6b59df111e448787c

SHA512
fda799d612c6ed48f287d4b180c867922c222d3fe8b9b9ce09c32fb83070803da2329fbe98eebc29e8c138f7335da42be2b5c062ad3c29c4ad78c4caa25798a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe

Filesize
184KB

MD5
c9bec1bfef92eca015e5669738757d06

SHA1
5b3d8329793ebb457447a39114f60a21e19c1d35

SHA256
b800d1d4cf4842a0c3f00c30f136f8848ab0c486d60e206f2e41c0ed03710d5b

SHA512
44e35f35fed08231ed87c0f812ad72dd1d4a3a9df0dbdc0025af24d0edd5a1d9c75b245be28ccae9f7b9941693c2175a87606e01d19df638ac39314788031f98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe

Filesize
184KB

MD5
a6ce7d3722480ae5c067002a3efd5b67

SHA1
0f4250b77c95d274494e3813e882ab6ab826f62f

SHA256
5ca8b6ea849bf4036d70a297c7b64857cef826c68a655f7efc2eb9e28fb14856

SHA512
418e837838a18fc595babf9fdcc59b2a82ff1478d712f801fcd186e692527ebbc302f9bf9d629b7ca224f707e3e611bce2e5a1c1758d05a3026d0c05661aa818

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe

Filesize
184KB

MD5
d97da318a85d84bce98077e76e4e0b9c

SHA1
67f23d08fcc5a9d6daa0c9945b96c67adc08231a

SHA256
622d792224f75b46b2411d5eec6fedf588365a8555b1f0b17f29cd7f8309ac2d

SHA512
7a7d74c4986c73e608ce950c91abf303ad7d1f56f0d7eff9dceb49c89780ccc318ba279652ac2e870f831654c6d659070c43dbe9eb7aa73a54a724eab60ef100

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe

Filesize
184KB

MD5
64c5aaf49493f2e0cc0febd264226929

SHA1
c9ae554686db82f69fc074ccb9bc9f24fe40090f

SHA256
57ecd3b26cb6d25cec31e6a530a0004aa2f0806e16e409dd62cf9f128b5718ac

SHA512
1e4da9a2f61b6acf30cf2f2d0417064adf076a7cf8e1a09a3bb19d58b703b80d8bd678c0325294cfad36bfb0f3d36b871b54358f5fba9899d6fde38973f9f9d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe

Filesize
184KB

MD5
f743cd6c1d93f3fb297eeb59b69a1149

SHA1
1bc7ce0f7db17dfeecc56b8b204e73da296f005f

SHA256
b642ae03ee26d7fb6cc665f66fd516c0dc788faf8827980391e0f484c056a965

SHA512
ed728ad0b47288471e1cf58a9ad9c31b1948e8f9be5f2e1ea059d082d0f8449b62b2b3baf1ce47bd818be3a83eb58197f75415148b103aa43d3b55c2b667d78b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe

Filesize
184KB

MD5
46df40c858ca05630dc7c427634da061

SHA1
6bb165235b0a49e85f48ad05e3a7ca8498603a2a

SHA256
0adf62ab9a8cfe29f49043d61df391819b046dbc2bdd9265d6ced6c5ef3e6f77

SHA512
c1242c14e22fd106f9efe7d4c476406c02da9ee005211d2102e67606638fb0c2a4f0c6e163a257cd82babc9af8e70451d8bf5b15d184768488ee53c07668646e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe

Filesize
184KB

MD5
40203b093d9ec06864f7b5cea0d9bad9

SHA1
57f433f7ea3c33787118672e4a667d675af42101

SHA256
e040b55f02b2997f34802fb15b57628a8af43cc90ac3a12ac86e13773435bef6

SHA512
a699ed134a089c83e6be64ee8c33b1bd5791f567ec2193557449f9f04fef8f2402e90c41a8df958b9b3f2b072ca2568a0075bc4040acf2a2a4f2295c0f1bb08d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe

Filesize
184KB

MD5
cadb771e44e9415d0b5baf5263de5001

SHA1
a53381340edc53fbdbcfd1af21d34d1a2309f15d

SHA256
8b5f35bfad9ed744f8638de6180578040f23e326ed07c55292fb66ed5c7dd6df

SHA512
b91a68c9f2129eb88900f24f3299da7906821873dfc87b8ec5dfa2008359e3bb05412050234b62e06072ef57640346a256b3cc5979204edd8bd8fd5f3b5676b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe

Filesize
184KB

MD5
ace61648f25be9f8fb5e4cada57c067a

SHA1
8b558e8c68a976702e12e370ad33e02c1605e02f

SHA256
68f06848e4d078818b4e501e0115960e478b0408140e4ac2e07074bf6d9cb995

SHA512
1117e888cea503dc061dec370056e1bca94fc5dc2929aaa3ccc264a318d9ecdd6137815df4ed63064b57ee00188db859860f807562866adee098ba204a2be8a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe

Filesize
184KB

MD5
8dacb4c9225a59d9d407166e3677e094

SHA1
42e63096d5fde25f3506e00ab68108f4e5c07770

SHA256
16e169faec49620ce535f78fa88a6fd87bbf5ffaeb74757745556646960c4635

SHA512
004b58266cfdf79a41761bc6e84e51fe72601a91eb722284588034f5ace8df4a86a1d597d238b7a172994b2b51d53a96ff30fc4b41d3fc5de36f88a18bfb7b1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe

Filesize
184KB

MD5
d135e3d4238957ff6cf352e639a9fc67

SHA1
5dbec76da6ee3474b838981794dfe733e9cedb0e

SHA256
d4762891d4f0d85f53e97b652f7b9a161718804cc39267240a0a24cbcb5ae64a

SHA512
254d35d0df6ed6c365837d94572a87b474f11d7c9df9ba52709ff661f1700a30fed4cdda8e0b97821f51cde33cca28b9a47cfda6d8f23c7a7f2dde89dcb855dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads