8db146f0e5d7fdb7e8400cd76754527b572be19bf3a111d8aa109ec32d6ba3a6

Analysis

max time kernel
26s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78094690a537ac8756dcdb1c411c57f5.exe
Size

184KB
MD5

78094690a537ac8756dcdb1c411c57f5
SHA1

19f764184b62e4dae3adfde99d77a2292d0c5c11
SHA256

8db146f0e5d7fdb7e8400cd76754527b572be19bf3a111d8aa109ec32d6ba3a6
SHA512

87f279d9a9e05148ab188b3975038034e7f89baf0fa1ca3a2a5db545b906e27ef67761f2f4f23870385efad61cc91c044623109aae01fa7dee198eed94f34e4f
SSDEEP

3072:1Z6roVUmeWAG4ePJHaLTJAcZCLJJMeDkl3ErxKELI4plP6pFq:1ZGoC7G4OHyJAc2ET4plP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 48 IoCs

pid	Process
752	Unicorn-7643.exe
2720	Unicorn-47965.exe
2984	Unicorn-19931.exe
2892	Unicorn-5609.exe
2640	Unicorn-34944.exe
2780	Unicorn-46642.exe
2596	Unicorn-58375.exe
2712	Unicorn-27025.exe
1840	Unicorn-22387.exe
2908	Unicorn-35708.exe
320	Unicorn-15842.exe
2116	Unicorn-26793.exe
3056	Unicorn-18625.exe
640	Unicorn-60212.exe
1332	Unicorn-26985.exe
1592	Unicorn-39237.exe
920	Unicorn-3035.exe
1944	Unicorn-42745.exe
2216	Unicorn-22879.exe
2504	Unicorn-50778.exe
1712	Unicorn-18660.exe
2408	Unicorn-21422.exe
1168	Unicorn-14000.exe
1104	Unicorn-9361.exe
612	Unicorn-38142.exe
664	Unicorn-6792.exe
2568	Unicorn-44255.exe
2400	Unicorn-39102.exe
2256	Unicorn-11068.exe
1588	Unicorn-60269.exe
1620	Unicorn-10513.exe
1652	Unicorn-14597.exe
2620	Unicorn-37047.exe
2648	Unicorn-13097.exe
2636	Unicorn-8458.exe
2472	Unicorn-37793.exe
2220	Unicorn-17696.exe
1716	Unicorn-20903.exe
2004	Unicorn-9719.exe
2788	Unicorn-33901.exe
2652	Unicorn-55246.exe
2164	Unicorn-9574.exe
2812	Unicorn-59844.exe
2912	Unicorn-60036.exe
2936	Unicorn-40170.exe
984	Unicorn-47016.exe
568	Unicorn-36854.exe
532	Unicorn-56720.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	78094690a537ac8756dcdb1c411c57f5.exe
2084	78094690a537ac8756dcdb1c411c57f5.exe
752	Unicorn-7643.exe
752	Unicorn-7643.exe
2084	78094690a537ac8756dcdb1c411c57f5.exe
2084	78094690a537ac8756dcdb1c411c57f5.exe
2720	Unicorn-47965.exe
2720	Unicorn-47965.exe
752	Unicorn-7643.exe
2984	Unicorn-19931.exe
2984	Unicorn-19931.exe
752	Unicorn-7643.exe
2780	Unicorn-46642.exe
2780	Unicorn-46642.exe
2984	Unicorn-19931.exe
2984	Unicorn-19931.exe
2892	Unicorn-5609.exe
2892	Unicorn-5609.exe
2640	Unicorn-34944.exe
2720	Unicorn-47965.exe
2640	Unicorn-34944.exe
2720	Unicorn-47965.exe
2712	Unicorn-27025.exe
2596	Unicorn-58375.exe
2712	Unicorn-27025.exe
2596	Unicorn-58375.exe
2780	Unicorn-46642.exe
2780	Unicorn-46642.exe
2908	Unicorn-35708.exe
1840	Unicorn-22387.exe
2908	Unicorn-35708.exe
1840	Unicorn-22387.exe
2640	Unicorn-34944.exe
2640	Unicorn-34944.exe
2892	Unicorn-5609.exe
320	Unicorn-15842.exe
320	Unicorn-15842.exe
2892	Unicorn-5609.exe
2072	WerFault.exe
2072	WerFault.exe
2072	WerFault.exe
2072	WerFault.exe
2072	WerFault.exe
2116	Unicorn-26793.exe
2116	Unicorn-26793.exe
2712	Unicorn-27025.exe
2712	Unicorn-27025.exe
3056	Unicorn-18625.exe
3056	Unicorn-18625.exe
2596	Unicorn-58375.exe
2596	Unicorn-58375.exe
640	Unicorn-60212.exe
640	Unicorn-60212.exe
1332	Unicorn-26985.exe
1332	Unicorn-26985.exe
1840	Unicorn-22387.exe
1840	Unicorn-22387.exe
1592	Unicorn-39237.exe
920	Unicorn-3035.exe
2908	Unicorn-35708.exe
1592	Unicorn-39237.exe
920	Unicorn-3035.exe
2908	Unicorn-35708.exe
320	Unicorn-15842.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2072	2640	WerFault.exe	32
2976	2908	WerFault.exe	37
1844	2788	WerFault.exe	69
1760	1592	WerFault.exe	44
1768	2568	WerFault.exe	57
2372	2256	WerFault.exe	56
1732	920	WerFault.exe	42
2528	2912	WerFault.exe	75

Suspicious use of SetWindowsHookEx 44 IoCs

pid	Process
2084	78094690a537ac8756dcdb1c411c57f5.exe
752	Unicorn-7643.exe
2720	Unicorn-47965.exe
2984	Unicorn-19931.exe
2892	Unicorn-5609.exe
2780	Unicorn-46642.exe
2640	Unicorn-34944.exe
2712	Unicorn-27025.exe
2596	Unicorn-58375.exe
1840	Unicorn-22387.exe
2908	Unicorn-35708.exe
320	Unicorn-15842.exe
2116	Unicorn-26793.exe
3056	Unicorn-18625.exe
640	Unicorn-60212.exe
1944	Unicorn-42745.exe
1332	Unicorn-26985.exe
1592	Unicorn-39237.exe
920	Unicorn-3035.exe
2216	Unicorn-22879.exe
2504	Unicorn-50778.exe
1712	Unicorn-18660.exe
2408	Unicorn-21422.exe
1168	Unicorn-14000.exe
1104	Unicorn-9361.exe
612	Unicorn-38142.exe
664	Unicorn-6792.exe
2568	Unicorn-44255.exe
2400	Unicorn-39102.exe
2256	Unicorn-11068.exe
1588	Unicorn-60269.exe
1620	Unicorn-10513.exe
1652	Unicorn-14597.exe
2620	Unicorn-37047.exe
2636	Unicorn-8458.exe
2648	Unicorn-13097.exe
2472	Unicorn-37793.exe
2220	Unicorn-17696.exe
2004	Unicorn-9719.exe
2652	Unicorn-55246.exe
2788	Unicorn-33901.exe
2812	Unicorn-59844.exe
1716	Unicorn-20903.exe
2164	Unicorn-9574.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 752	2084	78094690a537ac8756dcdb1c411c57f5.exe	28
PID 2084 wrote to memory of 752	2084	78094690a537ac8756dcdb1c411c57f5.exe	28
PID 2084 wrote to memory of 752	2084	78094690a537ac8756dcdb1c411c57f5.exe	28
PID 2084 wrote to memory of 752	2084	78094690a537ac8756dcdb1c411c57f5.exe	28
PID 752 wrote to memory of 2720	752	Unicorn-7643.exe	29
PID 752 wrote to memory of 2720	752	Unicorn-7643.exe	29
PID 752 wrote to memory of 2720	752	Unicorn-7643.exe	29
PID 752 wrote to memory of 2720	752	Unicorn-7643.exe	29
PID 2084 wrote to memory of 2984	2084	78094690a537ac8756dcdb1c411c57f5.exe	30
PID 2084 wrote to memory of 2984	2084	78094690a537ac8756dcdb1c411c57f5.exe	30
PID 2084 wrote to memory of 2984	2084	78094690a537ac8756dcdb1c411c57f5.exe	30
PID 2084 wrote to memory of 2984	2084	78094690a537ac8756dcdb1c411c57f5.exe	30
PID 2720 wrote to memory of 2892	2720	Unicorn-47965.exe	31
PID 2720 wrote to memory of 2892	2720	Unicorn-47965.exe	31
PID 2720 wrote to memory of 2892	2720	Unicorn-47965.exe	31
PID 2720 wrote to memory of 2892	2720	Unicorn-47965.exe	31
PID 2984 wrote to memory of 2780	2984	Unicorn-19931.exe	33
PID 2984 wrote to memory of 2780	2984	Unicorn-19931.exe	33
PID 2984 wrote to memory of 2780	2984	Unicorn-19931.exe	33
PID 2984 wrote to memory of 2780	2984	Unicorn-19931.exe	33
PID 752 wrote to memory of 2640	752	Unicorn-7643.exe	32
PID 752 wrote to memory of 2640	752	Unicorn-7643.exe	32
PID 752 wrote to memory of 2640	752	Unicorn-7643.exe	32
PID 752 wrote to memory of 2640	752	Unicorn-7643.exe	32
PID 2780 wrote to memory of 2596	2780	Unicorn-46642.exe	34
PID 2780 wrote to memory of 2596	2780	Unicorn-46642.exe	34
PID 2780 wrote to memory of 2596	2780	Unicorn-46642.exe	34
PID 2780 wrote to memory of 2596	2780	Unicorn-46642.exe	34
PID 2984 wrote to memory of 2712	2984	Unicorn-19931.exe	35
PID 2984 wrote to memory of 2712	2984	Unicorn-19931.exe	35
PID 2984 wrote to memory of 2712	2984	Unicorn-19931.exe	35
PID 2984 wrote to memory of 2712	2984	Unicorn-19931.exe	35
PID 2892 wrote to memory of 1840	2892	Unicorn-5609.exe	36
PID 2892 wrote to memory of 1840	2892	Unicorn-5609.exe	36
PID 2892 wrote to memory of 1840	2892	Unicorn-5609.exe	36
PID 2892 wrote to memory of 1840	2892	Unicorn-5609.exe	36
PID 2640 wrote to memory of 2908	2640	Unicorn-34944.exe	37
PID 2640 wrote to memory of 2908	2640	Unicorn-34944.exe	37
PID 2640 wrote to memory of 2908	2640	Unicorn-34944.exe	37
PID 2640 wrote to memory of 2908	2640	Unicorn-34944.exe	37
PID 2720 wrote to memory of 320	2720	Unicorn-47965.exe	38
PID 2720 wrote to memory of 320	2720	Unicorn-47965.exe	38
PID 2720 wrote to memory of 320	2720	Unicorn-47965.exe	38
PID 2720 wrote to memory of 320	2720	Unicorn-47965.exe	38
PID 2712 wrote to memory of 2116	2712	Unicorn-27025.exe	39
PID 2712 wrote to memory of 2116	2712	Unicorn-27025.exe	39
PID 2712 wrote to memory of 2116	2712	Unicorn-27025.exe	39
PID 2712 wrote to memory of 2116	2712	Unicorn-27025.exe	39
PID 2596 wrote to memory of 3056	2596	Unicorn-58375.exe	40
PID 2596 wrote to memory of 3056	2596	Unicorn-58375.exe	40
PID 2596 wrote to memory of 3056	2596	Unicorn-58375.exe	40
PID 2596 wrote to memory of 3056	2596	Unicorn-58375.exe	40
PID 2780 wrote to memory of 640	2780	Unicorn-46642.exe	41
PID 2780 wrote to memory of 640	2780	Unicorn-46642.exe	41
PID 2780 wrote to memory of 640	2780	Unicorn-46642.exe	41
PID 2780 wrote to memory of 640	2780	Unicorn-46642.exe	41
PID 2908 wrote to memory of 1592	2908	Unicorn-35708.exe	44
PID 2908 wrote to memory of 1592	2908	Unicorn-35708.exe	44
PID 2908 wrote to memory of 1592	2908	Unicorn-35708.exe	44
PID 2908 wrote to memory of 1592	2908	Unicorn-35708.exe	44
PID 1840 wrote to memory of 1332	1840	Unicorn-22387.exe	43
PID 1840 wrote to memory of 1332	1840	Unicorn-22387.exe	43
PID 1840 wrote to memory of 1332	1840	Unicorn-22387.exe	43
PID 1840 wrote to memory of 1332	1840	Unicorn-22387.exe	43

C:\Users\Admin\AppData\Local\Temp\78094690a537ac8756dcdb1c411c57f5.exe
"C:\Users\Admin\AppData\Local\Temp\78094690a537ac8756dcdb1c411c57f5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        8⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        7⤵
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        6⤵
        Executes dropped EXE
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        7⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        6⤵
        Executes dropped EXE
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
        7⤵
        
        PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 384
        6⤵
        Program crash
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        6⤵
        Executes dropped EXE
        
        PID:984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 372
        6⤵
        Program crash
        
        PID:2372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 384
        5⤵
        Program crash
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        6⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
        7⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 380
        7⤵
        Program crash
        
        PID:2528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 372
        6⤵
        Program crash
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        5⤵
        Executes dropped EXE
        
        PID:2936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 380
        5⤵
        Program crash
        
        PID:1732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:2072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        9⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        7⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        7⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        6⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        7⤵
        
        PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        7⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        6⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        7⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        6⤵
        Program crash
        
        PID:1844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        8⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        6⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        7⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        7⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        6⤵
        
        PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe

Filesize
184KB

MD5
167d515bf1a700e0d0acc3aa2960d600

SHA1
2dc31e0f7f32334a28d5047fba2eb0bec662fe5c

SHA256
e8c04b163df46dd94b3a3c273ff4ca558ec0cc0c208721a408e086f210efe5ea

SHA512
3504e2174b0c12cf48f62f4851c194df6053630cbbe5f5de100b7cd540ee54d1d276be93c89e0aa3b40bb69e9fafffe84bcfe778ea51df92f9ba067fc940b4cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe

Filesize
184KB

MD5
91e3a8bc363de1228b6f302701443d94

SHA1
021e855c9201b9d6c7be2a6a8b4a2a9f2cad6cb6

SHA256
b4efd886329b9f4da3809595a40bc0d22c70161c3db4580903f85dc6ceb95199

SHA512
b954349de28d695f6a301edae9d01e759cb351d5d8a5b6976d26f08c8cfca12807fe67ef8ffbd566453840968d28a17708bde442c2cf63a77229701cf62020f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe

Filesize
184KB

MD5
07d8eb7162b10c5c007bd6c4a9da71f1

SHA1
5f5052ee395dd39e8352003d5093eb682bc37ec6

SHA256
2b07396c62e92fcb1c7f8d606289e7ef7558f1837cc10547d9c1705ac13ef7fb

SHA512
d465433ad3fc8593240bc54fa85efc8158d1fddfbca6ec92687986ade692f24d490b8628f3e76b5fecb774b04ed80719f50fae2d5ac993b78bb2e57cf90414a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe

Filesize
184KB

MD5
acdb9b1633c9b154b8e82f75ef144437

SHA1
ec8c342d23ead5d1ed32ff91311c9f1868a47713

SHA256
8096b72b7ad3618d94bbb6ce23917c33f7886c9ed2d87a80f6a10e8637cca785

SHA512
98eb04c7878a376c54e2411cd7fdffdacd3f963b1265698d856af672c904a7dac05ee8d68acc27b575130b9d4303d93d0f31341955c216c73edb32e23328fd67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe

Filesize
184KB

MD5
e6a0e0f79892c21bb5b16331209cf167

SHA1
55f52f70193269503a487422dad9edfc92163c4f

SHA256
715e178947b3f690b085cc040d0a64636651c7ad939f4e16afd7f18eeee7579a

SHA512
7a30fb353ed3439c2248ac777a34ea22c28e67170836e8322e91ff82dd80e1217a3a56ff816039fd943b13b5c2e27ef7c147e820058cb81ae9f48c47392c7cee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe

Filesize
184KB

MD5
f3938d835af68d2a10e5ca2b10ee5831

SHA1
0acf947c7f64a8d669b383e80cf44ae881383b51

SHA256
fec715e6cc86f1b4d73163210746ad48d5038bdd2e529eb41031892151f152cf

SHA512
82eaa6d34fd41ee6bda52918e3e12d0e54e522e791916f08a451d2cd3d83300020a7992055587ba2d14d166332f29a9eadec94a8fde86c85fe9a9bd7dc668661

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe

Filesize
184KB

MD5
e08a55d0ff48a2a2c9310889148e00f8

SHA1
d764d61dbb1355bfbc2bba89d47c418b0fbb4c70

SHA256
12e8c9304b8b64ae93ada15544d0b4044fd590135e8c15a47ec0805bb9d8309b

SHA512
c8bcb046a7686c1974c4345d73e6bf55212cce594181aac792a0d83a628af6fd5b6980784ef0f3ea7fc8ec056e3d51fa49c5315bc70505ef9d6ca8502ed29a84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe

Filesize
184KB

MD5
701e015267c456ff36b787501456a3b0

SHA1
5f071c5347575e7ee76e2910203b73235cc01723

SHA256
450acd168004313b2479bc5a55266153505e643147d9ed15aee3409bf92b0ab8

SHA512
f228eca30af9980a4e826e733f7a2960d28bbf0c7054bb64459cdace64862681ea53680fedef382869cbd4d38525e3e1af13cf73e3b3806c07ce573ec5ae6351

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe

Filesize
184KB

MD5
500ca3d53ab1680eff02c2935405adf5

SHA1
f3c878e2f4cdb286c10b211afc7d11925b47bc05

SHA256
f393e52b1c342a83caa2a6f8d971c5253a7bdc2150afdbb153481888b911d590

SHA512
76d3bee9c72c0a5befabce48b8cb34060ea4974e1c66095c1c9bdd4afdefb47c2e0be288fcda59bd65f4ec1d8ea7b7bcd227f4ddd0298c95848859312fba0097

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe

Filesize
184KB

MD5
3678ea7ba9e40002bfc5ac24334c722e

SHA1
1f1b5b056e987dc53cf7bf3ce2726bce79e12e03

SHA256
880bba3e223b7672977139f79cd4c897e822175efc92a7018baefb8e2cd545d2

SHA512
ee1318c5e0c4ad16a801555d5afd3d11d6e08c37ae9ec66cd435a794edcb6ce8aa5a12898ad5ef4b73ec700dc8eac50fdbd84f525e5be01e2ce7078cad70c560

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe

Filesize
184KB

MD5
29227ed5f165e12246447f0ea6ddb32d

SHA1
35bf5c5f958f6d6f1e0faf956c7e892ce83fd815

SHA256
db6dc59ba36c798a4b760348483f391c2fa4bd5b970bec8c6005a08e0278cbc0

SHA512
ffa2cb47c0f07431217dbd7bb2db37aa0565acf773ecdb6e8b47c4efa3d35d14e45ec8a3c222d8667438f8d6de5557db11ac30fddadd89bf0cb49ede12a6fed2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe

Filesize
184KB

MD5
b6d87e2c18b206fed6be87777d68b19b

SHA1
bea97e2347affd8300c4a8d58e3491eb9b39fcf8

SHA256
fa8b7fec768af085dcec190634c3017c9898cf00bf5ec3dbbeae730831cc26a0

SHA512
51e437c5ef22ffbe58b5fb92070b010f08b322570b101d4242f789531cc69773e708a3233d8e311fb98912121f18c0b99e4d04609e074e8aabe7ed39fae67b75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe

Filesize
184KB

MD5
48a72462683536609b01fee572680b0f

SHA1
f818e92707dc6cfbc35bcce9b75c6d5ac6e75338

SHA256
8515c826b0cc669702ac02b93369ae82e202ea39341c9660bf4b7d61470cd8f3

SHA512
a78402101d6f4e0cc0895a50bc5847dab256d2cbb3a44a69c35fe91f037f6eaed014ff8cd0a8a89fee92ff0f3e2414a615ced6ffd75eabb61d40d5eaca1a835f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe

Filesize
184KB

MD5
c66cf72a9583e1a20ccd8f58acb5d051

SHA1
dfb22e31a184007bb78b52cab3a9ed82bf92e3bc

SHA256
79e82c05de80c4a024c51878918742776df0f381f9060f6db087a58a3dce2c4e

SHA512
a7a3be0d1c5f025eb2d996e507bf1ed18a4f4136af4a981e89d1a424cedb7fed1e636ce8d341c3f3666450e3cfac96fcf2168fce94b5dd5270004c1bc47b9b6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe

Filesize
184KB

MD5
26e53cb42f2eb3979fcfd41afee0c18b

SHA1
9f0c4048abcdc5467e505bf55b5eecddbecd3e76

SHA256
ac49daffe21947fb9eef1066ecbcbb783c95686823cbdd971dbb14b21621df92

SHA512
d77cd084c16a71fe9828587b2da852d285dd33672c07726f29de52a87bb5acc3844bce39224cc065ea36a153f606998f4b56f09eb898302e4a70e544d56431f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe

Filesize
184KB

MD5
5364be883df2aa70574000d8ffbd6dc7

SHA1
d9fd9ae614593811309b72f1d85470ba985404d7

SHA256
76f5b284d882be60ea1d01e20003aefd8fd56b6ec05a2581477111b41915de27

SHA512
d938d1b583282504ea712decd63c36c674ab17dfda9e7d608b30c363b705196158aea00580d7c9e97c08f4bcc96689014c324e7f1d0ee7129bf37010d56e703b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe

Filesize
184KB

MD5
df27341bc93637c91103bc73ed1279c2

SHA1
c8270217c257bda700711e59eac5439386914cdc

SHA256
c0abd0263911475a69953fdf3270b8015865acc8403e294a93c10ed836a68ce5

SHA512
5c0e1ad3962855b6f7fd5cf46b71f6bd768d605ceb1e851f2c8ccedaab5d861ce028656a16945eb3f8adad6004f881214aaca239c0964108cbcd81a5c781cf09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe

Filesize
184KB

MD5
a69547addd93cc82619b0cc20579bce4

SHA1
fb0bc861f6ec86689a4dae7f46134d89ff781043

SHA256
669e4320be8880d624cfc49513da9f166dbb6fc0a8ae591600f0075ecf0fb40b

SHA512
d8715ab5a11d65639536662e2c756121df6095a062780a5762b204ad9a974dd36a48d567dec0ab99ddc03175c4f9fd6070c78484f8d9f864b7eb481e65dfe276

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe

Filesize
184KB

MD5
74e75376dba11a51b659d83eff9730cd

SHA1
49e29ca1aa6175bdd970ecf418608b0ad18ecd1b

SHA256
73be8b2c86e5abdc805a29179657d7023db1b23bb569567fd4aa07de8edceeb0

SHA512
008a4993e26ce5f16f86c508eb7fb4ea5b92516691685e02e7c82a70ae21f9a1e8446ad5839bc7def37c5a9768935b6dc5b082c78ea578bcb719b496f9441529

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads