f373c6ce2587bf9846a79d5aecdcb4ee1979460f744c8ab9083556a80dc50072

Analysis

max time kernel
33s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65334284c7152f733972d7e17b3df349.exe
Size

184KB
MD5

65334284c7152f733972d7e17b3df349
SHA1

60de40b1ed2f07894ac5fdab7b61ef2a874c5fd5
SHA256

f373c6ce2587bf9846a79d5aecdcb4ee1979460f744c8ab9083556a80dc50072
SHA512

70b6ebb6e99794330772a64a63a63d1aceffc0c826dac3dca88e13d95ad68d0912e8713e49b03fa6d2ceccc64c1ac88dd45c7a9e5ebdb786f998e916a3fdcfbd
SSDEEP

3072:pdl4ocRPqaAV7ejhMzP3JecvLc9yMR17lcnrxKuPX0ylP6pFX:pduoNPV76MbJecQJfTylP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 52 IoCs

pid	Process
2088	Unicorn-31672.exe
1056	Unicorn-22565.exe
1472	Unicorn-60068.exe
2692	Unicorn-21854.exe
2836	Unicorn-6072.exe
2476	Unicorn-13685.exe
2500	Unicorn-26104.exe
2988	Unicorn-5491.exe
2644	Unicorn-62860.exe
1200	Unicorn-42994.exe
1904	Unicorn-47079.exe
2680	Unicorn-12912.exe
1276	Unicorn-42247.exe
848	Unicorn-41501.exe
3060	Unicorn-21081.exe
1716	Unicorn-1215.exe
1496	Unicorn-12720.exe
792	Unicorn-8636.exe
1456	Unicorn-33887.exe
392	Unicorn-28538.exe
2992	Unicorn-53789.exe
1148	Unicorn-65294.exe
1824	Unicorn-40790.exe
2288	Unicorn-4396.exe
2300	Unicorn-12009.exe
2164	Unicorn-42134.exe
1076	Unicorn-30436.exe
2872	Unicorn-5740.exe
1984	Unicorn-4993.exe
1772	Unicorn-22076.exe
1632	Unicorn-31779.exe
2184	Unicorn-53823.exe
2572	Unicorn-62780.exe
2704	Unicorn-30470.exe
2748	Unicorn-9303.exe
2608	Unicorn-33808.exe
2604	Unicorn-50699.exe
2616	Unicorn-62396.exe
2088	Unicorn-49952.exe
3064	Unicorn-50507.exe
2544	Unicorn-35514.exe
2356	Unicorn-51296.exe
1936	Unicorn-18432.exe
1924	Unicorn-59443.exe
2172	Unicorn-13771.exe
1704	Unicorn-8784.exe
1444	Unicorn-54477.exe
1480	Unicorn-34611.exe
2532	Unicorn-54477.exe
1284	Unicorn-34611.exe
572	Unicorn-1685.exe
2656	Unicorn-50388.exe

Loads dropped DLL 64 IoCs

pid	Process
1724	65334284c7152f733972d7e17b3df349.exe
1724	65334284c7152f733972d7e17b3df349.exe
2088	Unicorn-31672.exe
2088	Unicorn-31672.exe
1724	65334284c7152f733972d7e17b3df349.exe
1724	65334284c7152f733972d7e17b3df349.exe
1056	Unicorn-22565.exe
2088	Unicorn-31672.exe
1056	Unicorn-22565.exe
2088	Unicorn-31672.exe
1472	Unicorn-60068.exe
1472	Unicorn-60068.exe
2836	Unicorn-6072.exe
2836	Unicorn-6072.exe
2692	Unicorn-21854.exe
2692	Unicorn-21854.exe
1056	Unicorn-22565.exe
2476	Unicorn-13685.exe
1472	Unicorn-60068.exe
1056	Unicorn-22565.exe
2476	Unicorn-13685.exe
1472	Unicorn-60068.exe
2500	Unicorn-26104.exe
2500	Unicorn-26104.exe
2836	Unicorn-6072.exe
2836	Unicorn-6072.exe
2644	Unicorn-62860.exe
2644	Unicorn-62860.exe
1904	Unicorn-47079.exe
1904	Unicorn-47079.exe
2476	Unicorn-13685.exe
2476	Unicorn-13685.exe
1200	Unicorn-42994.exe
1200	Unicorn-42994.exe
2988	Unicorn-5491.exe
2988	Unicorn-5491.exe
2692	Unicorn-21854.exe
2692	Unicorn-21854.exe
2680	Unicorn-12912.exe
2680	Unicorn-12912.exe
2500	Unicorn-26104.exe
2500	Unicorn-26104.exe
1276	Unicorn-42247.exe
1276	Unicorn-42247.exe
848	Unicorn-41501.exe
848	Unicorn-41501.exe
2644	Unicorn-62860.exe
3060	Unicorn-21081.exe
2644	Unicorn-62860.exe
3060	Unicorn-21081.exe
1904	Unicorn-47079.exe
1904	Unicorn-47079.exe
792	Unicorn-8636.exe
792	Unicorn-8636.exe
2988	Unicorn-5491.exe
2988	Unicorn-5491.exe
1496	Unicorn-12720.exe
1496	Unicorn-12720.exe
1200	Unicorn-42994.exe
1200	Unicorn-42994.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2820	1456	WerFault.exe	42
2444	1148	WerFault.exe	49

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
1724	65334284c7152f733972d7e17b3df349.exe
2088	Unicorn-31672.exe
1056	Unicorn-22565.exe
1472	Unicorn-60068.exe
2836	Unicorn-6072.exe
2692	Unicorn-21854.exe
2476	Unicorn-13685.exe
2500	Unicorn-26104.exe
1200	Unicorn-42994.exe
2988	Unicorn-5491.exe
1904	Unicorn-47079.exe
2644	Unicorn-62860.exe
2680	Unicorn-12912.exe
1276	Unicorn-42247.exe
848	Unicorn-41501.exe
3060	Unicorn-21081.exe
1716	Unicorn-1215.exe
792	Unicorn-8636.exe
1496	Unicorn-12720.exe
1456	Unicorn-33887.exe
392	Unicorn-28538.exe
1148	Unicorn-65294.exe
2992	Unicorn-53789.exe
2300	Unicorn-12009.exe
2164	Unicorn-42134.exe
1076	Unicorn-30436.exe
1824	Unicorn-40790.exe
2872	Unicorn-5740.exe
1772	Unicorn-22076.exe
2288	Unicorn-4396.exe
1984	Unicorn-4993.exe
1632	Unicorn-31779.exe
2184	Unicorn-53823.exe
2572	Unicorn-62780.exe
2748	Unicorn-9303.exe
2704	Unicorn-30470.exe
2608	Unicorn-33808.exe
3064	Unicorn-50507.exe
2616	Unicorn-62396.exe
2604	Unicorn-50699.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2088	1724	65334284c7152f733972d7e17b3df349.exe	28
PID 1724 wrote to memory of 2088	1724	65334284c7152f733972d7e17b3df349.exe	28
PID 1724 wrote to memory of 2088	1724	65334284c7152f733972d7e17b3df349.exe	28
PID 1724 wrote to memory of 2088	1724	65334284c7152f733972d7e17b3df349.exe	28
PID 2088 wrote to memory of 1056	2088	Unicorn-31672.exe	30
PID 2088 wrote to memory of 1056	2088	Unicorn-31672.exe	30
PID 2088 wrote to memory of 1056	2088	Unicorn-31672.exe	30
PID 2088 wrote to memory of 1056	2088	Unicorn-31672.exe	30
PID 1724 wrote to memory of 1472	1724	65334284c7152f733972d7e17b3df349.exe	29
PID 1724 wrote to memory of 1472	1724	65334284c7152f733972d7e17b3df349.exe	29
PID 1724 wrote to memory of 1472	1724	65334284c7152f733972d7e17b3df349.exe	29
PID 1724 wrote to memory of 1472	1724	65334284c7152f733972d7e17b3df349.exe	29
PID 1056 wrote to memory of 2692	1056	Unicorn-22565.exe	31
PID 1056 wrote to memory of 2692	1056	Unicorn-22565.exe	31
PID 1056 wrote to memory of 2692	1056	Unicorn-22565.exe	31
PID 1056 wrote to memory of 2692	1056	Unicorn-22565.exe	31
PID 2088 wrote to memory of 2836	2088	Unicorn-31672.exe	32
PID 2088 wrote to memory of 2836	2088	Unicorn-31672.exe	32
PID 2088 wrote to memory of 2836	2088	Unicorn-31672.exe	32
PID 2088 wrote to memory of 2836	2088	Unicorn-31672.exe	32
PID 1472 wrote to memory of 2476	1472	Unicorn-60068.exe	33
PID 1472 wrote to memory of 2476	1472	Unicorn-60068.exe	33
PID 1472 wrote to memory of 2476	1472	Unicorn-60068.exe	33
PID 1472 wrote to memory of 2476	1472	Unicorn-60068.exe	33
PID 2836 wrote to memory of 2500	2836	Unicorn-6072.exe	34
PID 2836 wrote to memory of 2500	2836	Unicorn-6072.exe	34
PID 2836 wrote to memory of 2500	2836	Unicorn-6072.exe	34
PID 2836 wrote to memory of 2500	2836	Unicorn-6072.exe	34
PID 2692 wrote to memory of 2988	2692	Unicorn-21854.exe	35
PID 2692 wrote to memory of 2988	2692	Unicorn-21854.exe	35
PID 2692 wrote to memory of 2988	2692	Unicorn-21854.exe	35
PID 2692 wrote to memory of 2988	2692	Unicorn-21854.exe	35
PID 1056 wrote to memory of 1200	1056	Unicorn-22565.exe	38
PID 1056 wrote to memory of 1200	1056	Unicorn-22565.exe	38
PID 1056 wrote to memory of 1200	1056	Unicorn-22565.exe	38
PID 1056 wrote to memory of 1200	1056	Unicorn-22565.exe	38
PID 2476 wrote to memory of 2644	2476	Unicorn-13685.exe	37
PID 2476 wrote to memory of 2644	2476	Unicorn-13685.exe	37
PID 2476 wrote to memory of 2644	2476	Unicorn-13685.exe	37
PID 2476 wrote to memory of 2644	2476	Unicorn-13685.exe	37
PID 1472 wrote to memory of 1904	1472	Unicorn-60068.exe	36
PID 1472 wrote to memory of 1904	1472	Unicorn-60068.exe	36
PID 1472 wrote to memory of 1904	1472	Unicorn-60068.exe	36
PID 1472 wrote to memory of 1904	1472	Unicorn-60068.exe	36
PID 2500 wrote to memory of 2680	2500	Unicorn-26104.exe	39
PID 2500 wrote to memory of 2680	2500	Unicorn-26104.exe	39
PID 2500 wrote to memory of 2680	2500	Unicorn-26104.exe	39
PID 2500 wrote to memory of 2680	2500	Unicorn-26104.exe	39
PID 2836 wrote to memory of 1276	2836	Unicorn-6072.exe	40
PID 2836 wrote to memory of 1276	2836	Unicorn-6072.exe	40
PID 2836 wrote to memory of 1276	2836	Unicorn-6072.exe	40
PID 2836 wrote to memory of 1276	2836	Unicorn-6072.exe	40
PID 2644 wrote to memory of 848	2644	Unicorn-62860.exe	46
PID 2644 wrote to memory of 848	2644	Unicorn-62860.exe	46
PID 2644 wrote to memory of 848	2644	Unicorn-62860.exe	46
PID 2644 wrote to memory of 848	2644	Unicorn-62860.exe	46
PID 1904 wrote to memory of 3060	1904	Unicorn-47079.exe	45
PID 1904 wrote to memory of 3060	1904	Unicorn-47079.exe	45
PID 1904 wrote to memory of 3060	1904	Unicorn-47079.exe	45
PID 1904 wrote to memory of 3060	1904	Unicorn-47079.exe	45
PID 2476 wrote to memory of 1716	2476	Unicorn-13685.exe	44
PID 2476 wrote to memory of 1716	2476	Unicorn-13685.exe	44
PID 2476 wrote to memory of 1716	2476	Unicorn-13685.exe	44
PID 2476 wrote to memory of 1716	2476	Unicorn-13685.exe	44

C:\Users\Admin\AppData\Local\Temp\65334284c7152f733972d7e17b3df349.exe
"C:\Users\Admin\AppData\Local\Temp\65334284c7152f733972d7e17b3df349.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        8⤵
        Executes dropped EXE
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        8⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        7⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        8⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        6⤵
        Executes dropped EXE
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        6⤵
        Executes dropped EXE
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        7⤵
        
        PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        8⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        7⤵
        Executes dropped EXE
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        7⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        8⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        6⤵
        Program crash
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        5⤵
        Executes dropped EXE
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        6⤵
        
        PID:540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        7⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        6⤵
        Executes dropped EXE
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        8⤵
        
        PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        7⤵
        Executes dropped EXE
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        6⤵
        Executes dropped EXE
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        7⤵
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        6⤵
        Executes dropped EXE
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        7⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        5⤵
        Executes dropped EXE
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        6⤵
        
        PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe

Filesize
146KB

MD5
7c9ed7e060b10cb959f287f96c2fb4b0

SHA1
a84c9ddc5a4551a9fb5ce516ae050407e35729f7

SHA256
04b8ae39bc19bb0c51032109e22b64438fd79e96c04b490a0341868bbe009c56

SHA512
bbf732770564922e0f6ec435305923131a820c68f69c92de5d8935b23f59725671ae060dd6978ba6e3fabf0920599ec6f593d817a40e3b7fa5b7d0b6d8f90d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe

Filesize
98KB

MD5
202a5ff978e16afd80b630e2f21cc921

SHA1
e76308c0a92fe8a530ed7557c454000b370f82c4

SHA256
9e57a2b7cb64e122fb310b2166beff6b2267ca4bd1ea20b033a643ea2b43d8b7

SHA512
b6447563d17c7396426b62eac2541c0c0dd90b0e111f8084acb27fab922282b6effd86a51852446bdbee9a485fa80d1e45228dfdc15d75b5288bf40ac85ce892

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe

Filesize
151KB

MD5
fb454817c686279b5601018f98d4a1c8

SHA1
07cf3953e4244d57a4023d3a23cced50873683b6

SHA256
a3e4fc41749840a5030512378d55ec502a78e1497d92088105862052b84dc65e

SHA512
f147c01f2a48d639440b50524ea2ab9b587f843dc1a6c5d62f53be3cdb1535caf42fd69a826e4a88a110692a8011ed1e35c364b9399084e869cd20ff1067df1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe

Filesize
184KB

MD5
b4fd934b8f61c870178137e9a583c152

SHA1
3c9b7b82f49c2effc7018f07d623c6f93ddcd68c

SHA256
a60c5177dae7c1af6e16d50ed42a75a9f83b8b2c18d32131e734407db65d0530

SHA512
fe5aab514fc85f12ee54f2d4aea3cf94c79e95c5591ffc3ee8b81d806f091d4bc99d10e3689940e0c2b3e23df149124d9afeef5b0c0f872928e28d0a8f4d6646

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe

Filesize
184KB

MD5
432eda7da7b5c7c821c351810bba27ae

SHA1
1a4605e2b35e3b9cb3553c4015f22043655cc13d

SHA256
4c851852e394efdb624151d7d24165bf0b90dbae002f36076ce2903158b04d65

SHA512
5b7f0c62f908579d8d6613944cd990bb150e4f39d25648744768b28fbcc6c7447700ba059964d3e24fc087982d4d4558d877e8723cabc08bea19c805b03c85e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe

Filesize
184KB

MD5
11ff8e4398fb1c40394edcb14698f14a

SHA1
4cd0d54fd23a3fba29a47a79594d1e65dd5022fa

SHA256
29a3f212fdab3d0be96ef5f0ed55914a702e1624d46d789c661b995cbbb282a3

SHA512
c2fcb6b61e53f8234029b78d93c363dc192940c88fb34a8b804d782d93c871d38e43cecdfefb1662ed1bb1c626010909197d028c2edf6575ff33b5c38bb4d85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe

Filesize
163KB

MD5
36dd783a07fa844283d588c4f266da2f

SHA1
cbe5cb980d06c7afdeab1e6f987f4bce87297bc7

SHA256
c5d82eccca7320b391c4a5382dfbb4b6cab94332340529f43a934c4f7c8be132

SHA512
52d9a08c14210a229e6204e056019f2f473a9e193290fb48104c82691fd4ba3ced762c4aee355f8354df48061165b9fc28802c24c03e7413bd8541f14ac12700

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe

Filesize
140KB

MD5
a7d1af46798905ade4ad3be10c3e982c

SHA1
f7357a61e5deb8821ac9cae55ff1f6fd0fdf3e06

SHA256
7dc72c298a9b24dcd6ea950d60e1da404602a01b14eb319d46139e23c3acea9e

SHA512
fe818fa0a8753b15608cff20f758eed3b9c7354666483361564a3e468ef363094b0ccfa596880163d33d28142a79f8d2d6d7b39202e92dc5747fdd92a7accad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe

Filesize
61KB

MD5
73bfbaaa6719efac5a0e003e533b9353

SHA1
9d41ef7496bc504a8daace480df2034d67840329

SHA256
275c7f9c4ae0eb3994299807c971dc4deefcf8bd79689feffc9e0bb2fbf33e9d

SHA512
dab82f7641b39dac27389d93682018b5e6c1ccb14dab9eaf291864df84299ff01f13248e2ce3d062259b49d3abf798757ec4d8ce3876a06f3d7e9979d6481f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe

Filesize
184KB

MD5
e642fc7d41cc843fbe9ba529c5c20fd1

SHA1
d3a876b69c70dff672272008b7d6a1ece33b9836

SHA256
095c32c88290d8dda5febbad2635c7ad068228852edf676b2f182d5e303586b3

SHA512
4b66e4df095cd06d525629a1025d4d62f230b822c73f82d1f09ea33aee9038b14998a87239431a2e3e16a682a75e1a14de613a336a0e60e70cc36a8ba042156b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe

Filesize
184KB

MD5
89775c9665d27328b1883ef1a7b333c6

SHA1
2d6bea62141c5ce93b3237b750177fc66a65680f

SHA256
bb914aa9bc27be57aca55d363f76cd6bd5a95f80525ef6dacf1631d6a3edf411

SHA512
164917c6af761d820e9f2889acba11c5dc72d777cce6a8ec477cfca43a513bf9ac007cb39e3629d475ed15b5df6ad9889c849b8a3deb3b95ae6f78f598f7f5b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe

Filesize
184KB

MD5
f08a0fff7c9a33b88bc135a2375d85c8

SHA1
a6505bac57cd8744cf0a8cb8aad7adf652235cce

SHA256
399bc50a1912660da35fabed106a796b207e031340cd8d2e95788ff208289704

SHA512
88afe136b524df31b4997a4fddf41cbb650413b20fcc00594fc684ebfed40251027f760642e27e49447aea713c9680eec2857c6220ae4e7939e295651f3f5702

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe

Filesize
133KB

MD5
a2daef55b58a5ae5b71d017bb7d0d7b9

SHA1
de3826a9445a011748523c9ff06b876bdd0f7f57

SHA256
715c9b0acebac354d739afb5131649f8ff9cb2eeae78eb020264067927aeec89

SHA512
28c60502047da15c7145f3ea1ba77675018591d45192258e8ab83792ad96432b11c558322b59ed664b846cd338cf8a9a5108db75a88a44273f59e1dcc54fe31a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe

Filesize
110KB

MD5
5edaf320fe3e4d9534b3cb350ff80206

SHA1
dc7ff074f003f14113eb4486360eef827e6c15bb

SHA256
3776f0cbaae964ec6ce41f43ac8c35b01403d2c2f5609ae3766a37ed7995320e

SHA512
0f792d1f4ced866f85afabc6e5a00b6f30fc0b0ab777c8aa46382722ee4e8e4efedfd8d7528f0743c113d5f7905369c53c5d8d0ddccb58483ce0e6033ebb4b17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe

Filesize
91KB

MD5
245b3de9027856247f6d831fb0dd2b04

SHA1
d282ae2267312f31ee2f5d58d58c4a619ef5f5d4

SHA256
f3f42d85b9f4ea6ccbee09ac004ba2391ecacd13d8ddb9339ffa9db15e61851a

SHA512
c7be4658fe222f7b106dbff33eaa01602617893f03fdf76c9514782d80e8ba985053fe6c70e90f0e07903c266b14b79634c2e399fec3585200024bf178cae9c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe

Filesize
184KB

MD5
cdaec9dfaea13ff07622df50181aacc8

SHA1
057f55e8fdfdd1a328d87684377fcd6bdc221c6d

SHA256
ba90d684b63a21fb37361378bd8f54cb948b1f799aeb53edf0db22e53bd2c205

SHA512
9c57224f5031efb4f9e49ad02bc757141038ffa396493024bc2ae8570b8d458027bfab48aa795f61c79e10eb27fc8456cbb7ca8957d8964878d72ba7b2605b92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe

Filesize
140KB

MD5
b69cc2e200cfcd349a7e8d3a66d40d18

SHA1
85535921a511b06039f1cf4c43eca44384470ebd

SHA256
ec60f9baaec59223e86d981c7e976a23dbb01b1d457dec46b53a89f4f6d0b7f0

SHA512
37a05b2f9d9946c5ee5728bc6b9b92e997d0b1d8a58b8e46045b75c21726ee0c7764eaa77215318f9315a6807afdf3be7eee22ef4795723d7aaf5d626eab79ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe

Filesize
184KB

MD5
1f436459f347356f7880e8bcb045a346

SHA1
4c663bcdbb8dc0bf04ddb03c98e919d3fb114df6

SHA256
32b2def9e98105f84854ae8145825fbbdc2e6d2e02bd06e501089068d8e5370e

SHA512
c54bd9907c4e8aa6229754c054c865b9892a8df07a2e39bb9dc244c832c98c7edbb2ff50797b304fafbada77cb008314e4e0513e89d355cd683b19ed78293a6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe

Filesize
184KB

MD5
fedc809c8596c2eda64510744dbbdc6b

SHA1
7d5456eda8066e05b954b6d696dc7f93cfe19726

SHA256
0c2563fe606e1d79f93c7a89e48c6499dfc9ceb95fd92a0a355a1d335cc0d877

SHA512
8cc8229f7c9e306b81fc8de001b42071cee6bef7548424e122631553fe128984f6939e2c7183e628bdc3269d60a65b8ced21e7d1b6575a27000325ca11a29e64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe

Filesize
184KB

MD5
cfdf2be10655eef4b61fff21185f2378

SHA1
263e6638636bd179443f360cce0d475ff0cef2a3

SHA256
645c18910bffa852ec8833c6c02ad406c0b0ca8de84a1e338e411d93282f0081

SHA512
6ce1c932254e04bd9e6d4229e10f526736125da4ea7c1f4537c9caebe94a2fd3641f84f83c712137c4fd1ec0a18294da2d2cc4edae132e4caacdfc187087c1f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe

Filesize
184KB

MD5
1211bc43d1424cb7a801b47130a9a5f2

SHA1
22998e7d66175abe3a8fa65ba498fedbe82c0c0d

SHA256
bce36d3f17da5a70b2c9535aa3b8c53880aa03dc6caa1f0f660e6e36ec5eea44

SHA512
531af660362f8bd3665530c02084795fb5fcb79d14dbfce75daf77cfa31d9481b2edaddd3268913bebac84ce88baf9c8e11dc6b67eae34784f240dc468e06cf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe

Filesize
179KB

MD5
6092f96e65a35e1c83c5d4dc6d43a816

SHA1
cc6898d3acaf6739ad9dae612f369d065ece58a4

SHA256
34ec84d9b9b87e577409c781d5198fd32b7f73d6deca518123acd401e4766631

SHA512
bdb084247e72e477029156f91122a88d44f3bbde768ddf7bf658ecf2c3d6e5b0733df3cab3570e93d8bc4743689ef8c3f47952ed86bcfc4b7a4065ee02104873

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe

Filesize
170KB

MD5
c2fcd8e97838f2a9b6cfa290192ec724

SHA1
df0be5388022634683f47a87c088e18edb2524d2

SHA256
c711413a52be947c264cf031d3c494de41f3afa6885aa794ffa0d0f639099f90

SHA512
d2c7383250aa678e7f0163b4d27e23ab4163b590bcb402ff49cc7f4e09843155a19eb53dd30c8ce36e1fc70a6ad7fd129897691c00a0684e595cf5a1407cb577

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe

Filesize
143KB

MD5
a524673fbac826b19edc03d7b71a5d3b

SHA1
220b12cfbab2def2e6cf0f92c3d3827460e40e83

SHA256
5932e11753cb12bcb77ffb17372e2a31975f1b1c0d62e5976c31f448ea77a30b

SHA512
62af28b5fa6852b7429dff6a686a8913ce009e77718b9a4e88580ecde81b1ed5ed3ea9867a40620281d7e3301f0b11856df7fc6182676406d8559fb9280336e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe

Filesize
184KB

MD5
4c5b1873749c1f498bce4deeadb29d64

SHA1
681c57fede658640af7df007f67d0ec3145db6c6

SHA256
a0e1587532f71a39aead31bc17ec3f56cad0c188fca7ada329580396b4db7b6b

SHA512
a8ba989c5f8de2116e4472930934227c8a80482aca22fbac7510104caac7bbcb54942ba37e93a107fc000689e01f967cf79113204a3ee64c75186957dae6f834

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe

Filesize
184KB

MD5
26f6b7dc87a7dca45da377743849b465

SHA1
2071e9cc6e943b6af19ef1d14587b651a05f0993

SHA256
a89b7706c3a5734ce7f6464503249c7719b1575fcf5f5f08e012bf3978a03c9e

SHA512
b017137010299a18a3bed3bf95f3f0a65192639b693336e25a24e69fb07152ab5c75412f10ecabaa500b05e9d2dc7ee1891980abe9f0640eb0b9e03e6e346cb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe

Filesize
184KB

MD5
fe5b2455bc37acdbd043010ccad0f9de

SHA1
836c14141b9d088ff5013d23265e4b92af8a910b

SHA256
d2caa8d1825f17f029db2001c50c88be8cca55412c7a3bfdbfcaccfea1ee51a2

SHA512
2e963d1b5185399104803a0dfd37af693ba54af363b8bc87093fd3fba2596cff6fffb77bf9e45f9998147388dbf6f7b52168922ed8f048cac10eb26835b580e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe

Filesize
184KB

MD5
9bc79ba7ff7264ee00bd64186eaaef6a

SHA1
044e8d6341d1bfa89e4bf623bf55ef112c1b7e01

SHA256
ed38460f60bb5987cca6567d8a257a3f4ac9eb441499628c150325a5870f3d43

SHA512
e8b10e902840557b94b487eed663f1b48a18dae858756514f92db61a41dd19b93b063291645caee11acef3e9f584c9d1bc743b096946571f5a37bfbeaf7bcf6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe

Filesize
49KB

MD5
9bae37146d213041fa6f6cb9f2ce10ec

SHA1
34a13b8752e688782510f574f751e0745c8ec749

SHA256
5728e6032230e1b1d78bffc6d91a1368463dc1c2cf6729e99847228ae8c02ef4

SHA512
cf7271e764b5ad773e68c1b7de1c69bef86efc5ab2273339cc8e9a8d213043eb8cb1c18d328d73cf7a599f19903a086a940daf00cadb848d9b7999d8e8670949

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe

Filesize
89KB

MD5
55f57d61796271a25f5bbbcf9d73c91e

SHA1
e858da264b7eb9abca286375f5b8ebfbeb644ab3

SHA256
205a46fe0445db201d4b71e8863410d48ed9d8a3ab1e9a6c8a859ca21842e3ed

SHA512
aa51b48482035ea78f168ce2044abfa6b1c3e3eb437fe4f871c446a17d2a66c0ba27f0837cbf09837a24f7f61d5e603e8f2b8ad3e657f9399576efcb36720081

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads