286f628f7fb861002e747bc4fa5c03960596524b5bc7c5dcff2c1f0ddf93a86d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74f1f1dc823301b381fdd0fe39136543.exe
Size

184KB
MD5

74f1f1dc823301b381fdd0fe39136543
SHA1

231dcb19d1666163060c43b28630b61a0b49b32a
SHA256

286f628f7fb861002e747bc4fa5c03960596524b5bc7c5dcff2c1f0ddf93a86d
SHA512

ab43662ae5a29221912ef2751c4c3b1070fd80b2dc74dc4377ebb29e2c608e0d5d14cd28b32c29f44102749778b2b408a05df23e8479efa09c7c77b2f0f235ae
SSDEEP

3072:ruRroT0xcOAEAmj3Mh2Oc8AMEXYMTxXldk7xKDP7VylPvpFv:ruhoxDEAIMYOc8M1BlylPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-2363.exeUnicorn-7838.exeUnicorn-61678.exeUnicorn-49338.exeUnicorn-61782.exeUnicorn-62337.exeUnicorn-25192.exeUnicorn-9602.exeUnicorn-1647.exeUnicorn-51403.exeUnicorn-9815.exeUnicorn-60215.exeUnicorn-48710.exeUnicorn-64491.exeUnicorn-11398.exeUnicorn-27735.exeUnicorn-19545.exeUnicorn-16526.exeUnicorn-49561.exeUnicorn-8056.exeUnicorn-33307.exeUnicorn-9125.exeUnicorn-12332.exeUnicorn-58004.exeUnicorn-49281.exeUnicorn-19925.exeUnicorn-16395.exeUnicorn-13928.exeUnicorn-57955.exeUnicorn-17712.exeUnicorn-63383.exeUnicorn-4307.exeUnicorn-14011.exeUnicorn-45807.exeUnicorn-25941.exeUnicorn-45807.exeUnicorn-25941.exeUnicorn-25941.exeUnicorn-45807.exeUnicorn-25941.exeUnicorn-53975.exeUnicorn-61536.exeUnicorn-61796.exeUnicorn-12102.exeUnicorn-27147.exeUnicorn-65439.exeUnicorn-50084.exeUnicorn-47702.exeUnicorn-16722.exeUnicorn-30100.exeUnicorn-36797.exeUnicorn-10808.exeUnicorn-49724.exeUnicorn-27197.exeUnicorn-35173.exeUnicorn-20503.exeUnicorn-25438.exeUnicorn-17701.exeUnicorn-38121.exeUnicorn-1748.exeUnicorn-23574.exeUnicorn-43440.exeUnicorn-7441.exeUnicorn-65002.exe

pid	process
2848	Unicorn-2363.exe
2732	Unicorn-7838.exe
2808	Unicorn-61678.exe
2620	Unicorn-49338.exe
2412	Unicorn-61782.exe
2604	Unicorn-62337.exe
2568	Unicorn-25192.exe
2884	Unicorn-9602.exe
2908	Unicorn-1647.exe
856	Unicorn-51403.exe
1592	Unicorn-9815.exe
588	Unicorn-60215.exe
976	Unicorn-48710.exe
1472	Unicorn-64491.exe
1228	Unicorn-11398.exe
756	Unicorn-27735.exe
1496	Unicorn-19545.exe
1744	Unicorn-16526.exe
904	Unicorn-49561.exe
2532	Unicorn-8056.exe
2488	Unicorn-33307.exe
1152	Unicorn-9125.exe
948	Unicorn-12332.exe
1028	Unicorn-58004.exe
1716	Unicorn-49281.exe
2444	Unicorn-19925.exe
1776	Unicorn-16395.exe
2188	Unicorn-13928.exe
2972	Unicorn-57955.exe
1656	Unicorn-17712.exe
2676	Unicorn-63383.exe
792	Unicorn-4307.exe
2856	Unicorn-14011.exe
2692	Unicorn-45807.exe
2760	Unicorn-25941.exe
2160	Unicorn-45807.exe
2708	Unicorn-25941.exe
2792	Unicorn-25941.exe
2804	Unicorn-45807.exe
2744	Unicorn-25941.exe
2608	Unicorn-53975.exe
2852	Unicorn-61536.exe
1812	Unicorn-61796.exe
2996	Unicorn-12102.exe
1868	Unicorn-27147.exe
1372	Unicorn-65439.exe
2484	Unicorn-50084.exe
536	Unicorn-47702.exe
312	Unicorn-16722.exe
2180	Unicorn-30100.exe
1808	Unicorn-36797.exe
560	Unicorn-10808.exe
2580	Unicorn-49724.exe
2524	Unicorn-27197.exe
2652	Unicorn-35173.exe
2892	Unicorn-20503.exe
2468	Unicorn-25438.exe
1276	Unicorn-17701.exe
2772	Unicorn-38121.exe
904	Unicorn-1748.exe
2956	Unicorn-23574.exe
620	Unicorn-43440.exe
1668	Unicorn-7441.exe
1124	Unicorn-65002.exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
2028	74f1f1dc823301b381fdd0fe39136543.exe
2028	74f1f1dc823301b381fdd0fe39136543.exe
2848	Unicorn-2363.exe
2028	74f1f1dc823301b381fdd0fe39136543.exe
2848	Unicorn-2363.exe
2028	74f1f1dc823301b381fdd0fe39136543.exe
2808	Unicorn-61678.exe
2808	Unicorn-61678.exe
2732	Unicorn-7838.exe
2732	Unicorn-7838.exe
2848	Unicorn-2363.exe
2848	Unicorn-2363.exe
2620	Unicorn-49338.exe
2620	Unicorn-49338.exe
2808	Unicorn-61678.exe
2808	Unicorn-61678.exe
2412	Unicorn-61782.exe
2412	Unicorn-61782.exe
2604	Unicorn-62337.exe
2604	Unicorn-62337.exe
2732	Unicorn-7838.exe
2732	Unicorn-7838.exe
2568	Unicorn-25192.exe
2568	Unicorn-25192.exe
2620	Unicorn-49338.exe
2620	Unicorn-49338.exe
2884	Unicorn-9602.exe
2884	Unicorn-9602.exe
2908	Unicorn-1647.exe
2908	Unicorn-1647.exe
856	Unicorn-51403.exe
2412	Unicorn-61782.exe
856	Unicorn-51403.exe
2412	Unicorn-61782.exe
588	Unicorn-60215.exe
588	Unicorn-60215.exe
2568	Unicorn-25192.exe
2568	Unicorn-25192.exe
1228	Unicorn-11398.exe
1228	Unicorn-11398.exe
2908	Unicorn-1647.exe
2908	Unicorn-1647.exe
756	Unicorn-27735.exe
756	Unicorn-27735.exe
856	Unicorn-51403.exe
976	Unicorn-48710.exe
856	Unicorn-51403.exe
976	Unicorn-48710.exe
1496	Unicorn-19545.exe
1496	Unicorn-19545.exe
1472	Unicorn-64491.exe
1472	Unicorn-64491.exe
2884	Unicorn-9602.exe
2884	Unicorn-9602.exe
1744	Unicorn-16526.exe
1744	Unicorn-16526.exe
588	Unicorn-60215.exe
588	Unicorn-60215.exe
904	Unicorn-49561.exe
2532	Unicorn-8056.exe
904	Unicorn-49561.exe
2532	Unicorn-8056.exe
1228	Unicorn-11398.exe
1228	Unicorn-11398.exe

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

1964 2488 WerFault.exe Unicorn-33307.exe
1176 948 WerFault.exe Unicorn-12332.exe
1228 1372 WerFault.exe Unicorn-65439.exe

pid	pid_target	process	target process
1964	2488	WerFault.exe	Unicorn-33307.exe
1176	948	WerFault.exe	Unicorn-12332.exe
1228	1372	WerFault.exe	Unicorn-65439.exe

Suspicious use of SetWindowsHookEx 62 IoCs

Processes:

74f1f1dc823301b381fdd0fe39136543.exeUnicorn-2363.exeUnicorn-61678.exeUnicorn-7838.exeUnicorn-49338.exeUnicorn-61782.exeUnicorn-62337.exeUnicorn-25192.exeUnicorn-9602.exeUnicorn-1647.exeUnicorn-9815.exeUnicorn-51403.exeUnicorn-60215.exeUnicorn-48710.exeUnicorn-11398.exeUnicorn-64491.exeUnicorn-27735.exeUnicorn-19545.exeUnicorn-16526.exeUnicorn-49561.exeUnicorn-8056.exeUnicorn-33307.exeUnicorn-58004.exeUnicorn-12332.exeUnicorn-49281.exeUnicorn-16395.exeUnicorn-9125.exeUnicorn-19925.exeUnicorn-13928.exeUnicorn-57955.exeUnicorn-25941.exeUnicorn-53975.exeUnicorn-4307.exeUnicorn-63383.exeUnicorn-45807.exeUnicorn-17712.exeUnicorn-25941.exeUnicorn-14011.exeUnicorn-45807.exeUnicorn-45807.exeUnicorn-25941.exeUnicorn-25941.exeUnicorn-61796.exeUnicorn-27147.exeUnicorn-61536.exeUnicorn-50084.exeUnicorn-16722.exeUnicorn-12102.exeUnicorn-65439.exeUnicorn-36797.exeUnicorn-30100.exeUnicorn-47702.exeUnicorn-49724.exeUnicorn-10808.exeUnicorn-35173.exeUnicorn-27197.exeUnicorn-25438.exeUnicorn-20503.exeUnicorn-38121.exeUnicorn-43440.exeUnicorn-1748.exeUnicorn-65002.exe

pid	process
2028	74f1f1dc823301b381fdd0fe39136543.exe
2848	Unicorn-2363.exe
2808	Unicorn-61678.exe
2732	Unicorn-7838.exe
2620	Unicorn-49338.exe
2412	Unicorn-61782.exe
2604	Unicorn-62337.exe
2568	Unicorn-25192.exe
2884	Unicorn-9602.exe
2908	Unicorn-1647.exe
1592	Unicorn-9815.exe
856	Unicorn-51403.exe
588	Unicorn-60215.exe
976	Unicorn-48710.exe
1228	Unicorn-11398.exe
1472	Unicorn-64491.exe
756	Unicorn-27735.exe
1496	Unicorn-19545.exe
1744	Unicorn-16526.exe
904	Unicorn-49561.exe
2532	Unicorn-8056.exe
2488	Unicorn-33307.exe
1028	Unicorn-58004.exe
948	Unicorn-12332.exe
1716	Unicorn-49281.exe
1776	Unicorn-16395.exe
1152	Unicorn-9125.exe
2444	Unicorn-19925.exe
2188	Unicorn-13928.exe
2972	Unicorn-57955.exe
2792	Unicorn-25941.exe
2608	Unicorn-53975.exe
792	Unicorn-4307.exe
2676	Unicorn-63383.exe
2160	Unicorn-45807.exe
1656	Unicorn-17712.exe
2760	Unicorn-25941.exe
2856	Unicorn-14011.exe
2692	Unicorn-45807.exe
2804	Unicorn-45807.exe
2744	Unicorn-25941.exe
2708	Unicorn-25941.exe
1812	Unicorn-61796.exe
1868	Unicorn-27147.exe
2852	Unicorn-61536.exe
2484	Unicorn-50084.exe
312	Unicorn-16722.exe
2996	Unicorn-12102.exe
1372	Unicorn-65439.exe
1808	Unicorn-36797.exe
2180	Unicorn-30100.exe
536	Unicorn-47702.exe
2580	Unicorn-49724.exe
560	Unicorn-10808.exe
2652	Unicorn-35173.exe
2524	Unicorn-27197.exe
2468	Unicorn-25438.exe
2892	Unicorn-20503.exe
2772	Unicorn-38121.exe
620	Unicorn-43440.exe
904	Unicorn-1748.exe
1124	Unicorn-65002.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 2028 wrote to memory of 2848	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-2363.exe
PID 2028 wrote to memory of 2848	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-2363.exe
PID 2028 wrote to memory of 2848	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-2363.exe
PID 2028 wrote to memory of 2848	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-2363.exe
PID 2848 wrote to memory of 2732	2848	Unicorn-2363.exe	Unicorn-7838.exe
PID 2848 wrote to memory of 2732	2848	Unicorn-2363.exe	Unicorn-7838.exe
PID 2848 wrote to memory of 2732	2848	Unicorn-2363.exe	Unicorn-7838.exe
PID 2848 wrote to memory of 2732	2848	Unicorn-2363.exe	Unicorn-7838.exe
PID 2028 wrote to memory of 2808	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-61678.exe
PID 2028 wrote to memory of 2808	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-61678.exe
PID 2028 wrote to memory of 2808	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-61678.exe
PID 2028 wrote to memory of 2808	2028	74f1f1dc823301b381fdd0fe39136543.exe	Unicorn-61678.exe
PID 2808 wrote to memory of 2620	2808	Unicorn-61678.exe	Unicorn-49338.exe
PID 2808 wrote to memory of 2620	2808	Unicorn-61678.exe	Unicorn-49338.exe
PID 2808 wrote to memory of 2620	2808	Unicorn-61678.exe	Unicorn-49338.exe
PID 2808 wrote to memory of 2620	2808	Unicorn-61678.exe	Unicorn-49338.exe
PID 2732 wrote to memory of 2412	2732	Unicorn-7838.exe	Unicorn-61782.exe
PID 2732 wrote to memory of 2412	2732	Unicorn-7838.exe	Unicorn-61782.exe
PID 2732 wrote to memory of 2412	2732	Unicorn-7838.exe	Unicorn-61782.exe
PID 2732 wrote to memory of 2412	2732	Unicorn-7838.exe	Unicorn-61782.exe
PID 2848 wrote to memory of 2604	2848	Unicorn-2363.exe	Unicorn-62337.exe
PID 2848 wrote to memory of 2604	2848	Unicorn-2363.exe	Unicorn-62337.exe
PID 2848 wrote to memory of 2604	2848	Unicorn-2363.exe	Unicorn-62337.exe
PID 2848 wrote to memory of 2604	2848	Unicorn-2363.exe	Unicorn-62337.exe
PID 2620 wrote to memory of 2568	2620	Unicorn-49338.exe	Unicorn-25192.exe
PID 2620 wrote to memory of 2568	2620	Unicorn-49338.exe	Unicorn-25192.exe
PID 2620 wrote to memory of 2568	2620	Unicorn-49338.exe	Unicorn-25192.exe
PID 2620 wrote to memory of 2568	2620	Unicorn-49338.exe	Unicorn-25192.exe
PID 2808 wrote to memory of 2884	2808	Unicorn-61678.exe	Unicorn-9602.exe
PID 2808 wrote to memory of 2884	2808	Unicorn-61678.exe	Unicorn-9602.exe
PID 2808 wrote to memory of 2884	2808	Unicorn-61678.exe	Unicorn-9602.exe
PID 2808 wrote to memory of 2884	2808	Unicorn-61678.exe	Unicorn-9602.exe
PID 2412 wrote to memory of 2908	2412	Unicorn-61782.exe	Unicorn-1647.exe
PID 2412 wrote to memory of 2908	2412	Unicorn-61782.exe	Unicorn-1647.exe
PID 2412 wrote to memory of 2908	2412	Unicorn-61782.exe	Unicorn-1647.exe
PID 2412 wrote to memory of 2908	2412	Unicorn-61782.exe	Unicorn-1647.exe
PID 2604 wrote to memory of 1592	2604	Unicorn-62337.exe	Unicorn-9815.exe
PID 2604 wrote to memory of 1592	2604	Unicorn-62337.exe	Unicorn-9815.exe
PID 2604 wrote to memory of 1592	2604	Unicorn-62337.exe	Unicorn-9815.exe
PID 2604 wrote to memory of 1592	2604	Unicorn-62337.exe	Unicorn-9815.exe
PID 2732 wrote to memory of 856	2732	Unicorn-7838.exe	Unicorn-51403.exe
PID 2732 wrote to memory of 856	2732	Unicorn-7838.exe	Unicorn-51403.exe
PID 2732 wrote to memory of 856	2732	Unicorn-7838.exe	Unicorn-51403.exe
PID 2732 wrote to memory of 856	2732	Unicorn-7838.exe	Unicorn-51403.exe
PID 2568 wrote to memory of 588	2568	Unicorn-25192.exe	Unicorn-60215.exe
PID 2568 wrote to memory of 588	2568	Unicorn-25192.exe	Unicorn-60215.exe
PID 2568 wrote to memory of 588	2568	Unicorn-25192.exe	Unicorn-60215.exe
PID 2568 wrote to memory of 588	2568	Unicorn-25192.exe	Unicorn-60215.exe
PID 2620 wrote to memory of 976	2620	Unicorn-49338.exe	Unicorn-48710.exe
PID 2620 wrote to memory of 976	2620	Unicorn-49338.exe	Unicorn-48710.exe
PID 2620 wrote to memory of 976	2620	Unicorn-49338.exe	Unicorn-48710.exe
PID 2620 wrote to memory of 976	2620	Unicorn-49338.exe	Unicorn-48710.exe
PID 2884 wrote to memory of 1472	2884	Unicorn-9602.exe	Unicorn-64491.exe
PID 2884 wrote to memory of 1472	2884	Unicorn-9602.exe	Unicorn-64491.exe
PID 2884 wrote to memory of 1472	2884	Unicorn-9602.exe	Unicorn-64491.exe
PID 2884 wrote to memory of 1472	2884	Unicorn-9602.exe	Unicorn-64491.exe
PID 2908 wrote to memory of 1228	2908	Unicorn-1647.exe	Unicorn-11398.exe
PID 2908 wrote to memory of 1228	2908	Unicorn-1647.exe	Unicorn-11398.exe
PID 2908 wrote to memory of 1228	2908	Unicorn-1647.exe	Unicorn-11398.exe
PID 2908 wrote to memory of 1228	2908	Unicorn-1647.exe	Unicorn-11398.exe
PID 856 wrote to memory of 756	856	Unicorn-51403.exe	Unicorn-27735.exe
PID 856 wrote to memory of 756	856	Unicorn-51403.exe	Unicorn-27735.exe
PID 856 wrote to memory of 756	856	Unicorn-51403.exe	Unicorn-27735.exe
PID 856 wrote to memory of 756	856	Unicorn-51403.exe	Unicorn-27735.exe

C:\Users\Admin\AppData\Local\Temp\74f1f1dc823301b381fdd0fe39136543.exe
"C:\Users\Admin\AppData\Local\Temp\74f1f1dc823301b381fdd0fe39136543.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
9⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-65054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65054.exe
8⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
12⤵
- Executes dropped EXE
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
12⤵
- Executes dropped EXE
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
10⤵
- Executes dropped EXE
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
6⤵
- Program crash
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
9⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
7⤵
- Program crash
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-16395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16395.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45807.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
Filesize
184KB

MD5
cdc4b3662e7ce8eb9f5b5014c2a98256

SHA1
e795130e2261c241974a12540d054f047fafd719

SHA256
e82e08743617d1df0ece57365a34e699e067a6d6ab3ff138324d00e011a6bf12

SHA512
bf34486b13c00a2f3b4d91576a899f24615cfeacb61ee6bb3d7de6772979b511e15145440d3ea3727e10232fd1517ec97bf727213c8c03d860ed7561f49d724a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
Filesize
184KB

MD5
927d1143a8e3efff4deeb80886e43e91

SHA1
6717682ee7f3313a19a93e693a853667f0fd2fc0

SHA256
4d1a3968d6582dbc2223e822d8be6ef4684d3a138042bd95320cd6517e0d074f

SHA512
616f2d62c237bcab4f8dd41c5dbffc1c0392c3a4bd4d0dcb1910dab608fc1996a4296d509e48c2c330a75387452eeb018a8723ae760db5726f81ff1e43d09837

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
Filesize
184KB

MD5
20361ad75f70db763baf14ebf69af0fb

SHA1
6a77f73a6556a8d1e34b63c882876a8a9a1a9d92

SHA256
101ca6cc430f9f8493ca8d35e832dae4567df37b413f7d3617fb82c8e754414a

SHA512
88e03ca6b96849b4fadf900218c959f20fed70d2aa3148594e3cba938658239ca5561576fbbe6ce79611d42e360f8ca89ff85c36a05b8d64f224a910b1cee66e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
Filesize
184KB

MD5
45dce93d369bc8e19f2d5bdbdc1ed899

SHA1
4537cfc3c4335d23dff8c74293947b9763adbba8

SHA256
ae95bd7f22215bbb127dadd0baedd6c2b67ed565052f87092349696284bdf205

SHA512
e04eaa0120b654de84d26744e27d4c824061f0f1d02570514a043a3997d6b7469fcda7682e308971481ab564f95765b311b262fb72cd8170080782270ea8c360

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
Filesize
184KB

MD5
b1f1d5ace8b172deb5a5bacc2a0c9060

SHA1
5694290a3e14c54b7334551528438edf94c4d497

SHA256
e88b6f0709abe1fd7f95863893b99b58a8ace3292e930f51aebeb8d7bed3fc76

SHA512
85a591ac371e907b22884fdbdf8e2214aa178dbefd873c2785ba0a10938c86c4a73bb095b4b34c9c6297ebc57cf1330dbb338caf5a38682c850c8ff0eb102d80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
Filesize
184KB

MD5
cd0ddef86708553dbc470b56cbc651fa

SHA1
cdf86c8600f482d19c94769b4da4f0e2b7757e1e

SHA256
1f69b8e851da3f8a2174782a025bdcdbfa37a52c887f57e3e82c868e3850342c

SHA512
bb47f1fe87913748b21e0ff404be7cb833dd2ce7eb448157082632e21a40d3cbe80cff5f746a40be2456a9e3ed7b705042a257c10640fecd003f2d5cb5ebf7e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
Filesize
184KB

MD5
f7cfa7e3a9ec13373ba5a94f5ba97503

SHA1
b4b6e18b9dc76d2daf27cedfceb93e0e49e04ab2

SHA256
d19ae773c86ab0cbf29e85c67461274cd7b98743a5c09ddf2ce7e7a6bb02c948

SHA512
c88e06244e5e927abfec82d1811438b30e7060eb708a58ee82738bd1b4c9294682fb6bde93a9dd1275865ccba7b15d47d6278324362251c815e5666b2f3e14d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
Filesize
128KB

MD5
204e3e652c7e5f9175637b8dd2787c93

SHA1
ffbfcdccc3cf59fe426691cc27ade80a236ee72f

SHA256
395f7b6c040f4e0eeef6142d65962aa8510cd1729f30a902cd0476ed9c3db443

SHA512
d13e1e07d637fe8e4316513ab038508c150f1247e3ce75d8424ab8590482f98d24ec3fb9c335e367f7287f3c006be2bc3b2174810f455de79f03b9ed98d12733

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
Filesize
184KB

MD5
627991c83cd058b66fe5d4fcd7bd1b3e

SHA1
8230bedc0c7186588cc2063e4b4d677783c8fcf4

SHA256
65ef9f6875f99bdf216d74ae815b0e6910f0ae2bacf6a04d5de5f5ee91331f19

SHA512
e6dcfe46eea8a3a181e0172c91ac41618cca83af58b475aa1d27cdd9248405cfa5a2d984d0279f56364d550f62224c1888f08f6377d3174d95cbd5ae40372826

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
Filesize
184KB

MD5
c5e10eed879f609004a25f20a612aa1e

SHA1
211b49160191f5e0656a0fa792f01841605dcc07

SHA256
ca333eb2891be2e1cec92f5ddec3239eaeaf6b5215cd5667815e7c50d8304f03

SHA512
48bd911b9ad491f67b0d0fd41d36163a78c2bb9e4a9e8f285c60250cc68e865b99b9b19e9abb4d3792c0e3756b1b90efe7cab980802a30f21650ee8e85217b5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
Filesize
184KB

MD5
1f0a12e67cb735337f3dab9a080bd5c5

SHA1
6d66f5e9d6771253ea63002661cbd5518258c602

SHA256
9d1d6418b01e406c40851020410d1757ae6cbb41a7114cbfd81cac20ef8912e9

SHA512
cdbddeb78c47b5a29e4c568913be6056074b63b3d528de5e6c09a1e37a9a5e3362b8dc1440ef3291d3eaf5a95af8c0a68833a935ebfc2fa3654bad3241bb1ccf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
Filesize
184KB

MD5
4eb5e01e1553d374011aa50237ac19ce

SHA1
5261f8bb12277c860b57c6e89ecf006b28895df0

SHA256
be0869b8c78455176d05f91f4be7188faccbad335a98325ea9b9edad33010dd1

SHA512
322668a5654fcbc0e758c734999862c6d67ac67701f3dfa28e723271ae91e07f9974cf11d19edebdf5df49368d4d290f5aa34dcb8ee7306eb35d8eef149ac659

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
Filesize
184KB

MD5
b4cfff7555bc3e513c6160bece221b42

SHA1
6f8a4dcb8552ef9a64c86d7c76144bd2b05306c7

SHA256
b5edffbbdba582f22ced2d0655ee8e6a049c9da06877e8ec16620502a825d58e

SHA512
0c80f518eaa013e74b015c1defd2af00e42f6822646f8445cc85b9876308cd4e804749586920aa8eedd25e300d2d34f0ce18eacea74f0b8861281866d59db65d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
Filesize
184KB

MD5
a9f7321a137f72b7193fcebfca14a05e

SHA1
339842866094f4fe73727692f05550565510bf62

SHA256
fd0b6b70d8bae51779a07e615f2d4f0c18db07213e816444a3b70b2f73c9f1b5

SHA512
452f050b0bffd48c04a8a95fa425a5ae4afc2b32c76b326703b51182cc7a551fe360a804ce51ce5df6a7b6200221d29f52d36bdc0ae381b7cc11ea3c6e0d1fd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
Filesize
184KB

MD5
1d9039d4e23489ff9d57ebbc4e563639

SHA1
664412bf560924793902098fbab08fdea08e5338

SHA256
8569276fa9cc79b75621ed9ff4f0928f23180909d7a11539446718c8b083d43a

SHA512
3dcf441af2ee99d08e5d5b412603e04ce6d2395b7d26e61923659540faf984524fa5343530553c676bab280a00608c8a1b0b7deac3bcb7c96bb8a12731f50d1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
Filesize
184KB

MD5
2a7a4952a4f8ce2a00dc199736b32f0a

SHA1
263d3bf31832e9e69f6851364c1d603585b01d15

SHA256
4d1ccd45f1c698aae6b737cc1ed60c8166a3693adb2a90cbd262f7e84598fd7b

SHA512
3d663ff9506393ae8514954086b539c8f624b22bcb78b2f09d5aadd86125556ca2201426610642a5b1d1920350696b20ab5e9af56b9876aa8e149e43ff195a14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
Filesize
184KB

MD5
63b50edadff329783c14fce661db9543

SHA1
59d1a0bddb4fcf41067421d48feb73d429d0d0e7

SHA256
260c345fe7d4268011e64971a54c53d6dd7d67ed5a3905fd8c3c25c442ab1c92

SHA512
2f635ace89f76d771c7d7e75fb24fc64e9d826dbf4dfa831c002041e41e90a4ff6cfb35597a24a906e8176022940b423a753c07b6ef0f6a8c1ce4a76bb19f876

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
Filesize
184KB

MD5
a74e394abca6c90fc308f225419182cb

SHA1
aa8c34d7681e69b777b7c3a05e1f7de1f3272d34

SHA256
df5a606af4c7c2be4824ce0bce9789113633512dbe57cf5349b28ea602dcca72

SHA512
034279cb3f739e56f9ff975eb20401485edd64b1064c69cace8245abbb95135cb91a29472454cd478fc738c794b72d8128f868eb38b5fec24ab6379aced8ff23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
Filesize
184KB

MD5
0fa855ae5fa461a10401070a16dc8014

SHA1
295e3ddb5c2361f4d78b747d1a27ac0b3291a7b2

SHA256
e706faa80cb2d4cf4d97bdbdca04c8d3dd14d3ec5522d9d5d72c33f6760e85f0

SHA512
823b27f893070aa5623e837d42317a72232990e4d1ca04ba58d8b4785725ff3143f0ddc1b3353b37db3c2f9de872dc84eaa0e1129989f066b7930b02a700b902

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads