7d98f7ecd053bbe27d588318bcd012d06f6e732e782f96c9772012a004a45e11

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78c3c84a4ed3bbd21ae14c685a6db19a.exe
Size

184KB
MD5

78c3c84a4ed3bbd21ae14c685a6db19a
SHA1

9d6f00e13151689a1403ae2e3e6687a6104ed936
SHA256

7d98f7ecd053bbe27d588318bcd012d06f6e732e782f96c9772012a004a45e11
SHA512

c28a87d4409766d4b5ad844cfbffdbff3592e01a0ad15aa5551329645e5a37a4a8bde9c501f66b61f73b099ef54fe012b705f0ebf1305794a0230b83a91eb17d
SSDEEP

3072:dhikokm1VuFmeLjgIFpVl8SYqOAWtxolG1SxcMP6wylw3pF6:dhNoj+mewIHVl8r4maylw3pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
2984	Unicorn-47871.exe
2836	Unicorn-29518.exe
2752	Unicorn-53233.exe
2696	Unicorn-49789.exe
2824	Unicorn-46400.exe
2620	Unicorn-18819.exe
2568	Unicorn-27632.exe
1816	Unicorn-58602.exe
2660	Unicorn-37688.exe
676	Unicorn-15343.exe
476	Unicorn-25924.exe
1924	Unicorn-45158.exe
884	Unicorn-58811.exe
912	Unicorn-50254.exe
1112	Unicorn-22603.exe
1136	Unicorn-62130.exe
1700	Unicorn-16459.exe
2308	Unicorn-42821.exe
2940	Unicorn-25861.exe
2268	Unicorn-32181.exe
1308	Unicorn-33843.exe
1448	Unicorn-15058.exe
1224	Unicorn-7866.exe
1040	Unicorn-64996.exe
1120	Unicorn-51307.exe
560	Unicorn-52708.exe
2396	Unicorn-47545.exe
1748	Unicorn-5280.exe
2176	Unicorn-40636.exe
2976	Unicorn-14626.exe
1536	Unicorn-34492.exe
1592	Unicorn-13.exe
2532	Unicorn-41640.exe
2812	Unicorn-13082.exe
2596	Unicorn-59310.exe
2612	Unicorn-31734.exe
2768	Unicorn-37706.exe
2664	Unicorn-21994.exe
2200	Unicorn-64069.exe
2648	Unicorn-23852.exe
1684	Unicorn-47570.exe
2000	Unicorn-27014.exe
1092	Unicorn-32267.exe
564	Unicorn-61535.exe
1692	Unicorn-25785.exe
1436	Unicorn-48199.exe
1148	Unicorn-22189.exe
1772	Unicorn-12620.exe
552	Unicorn-24434.exe
1184	Unicorn-44300.exe
1240	Unicorn-44300.exe
1252	Unicorn-44300.exe
272	Unicorn-20115.exe
2492	Unicorn-39981.exe
460	Unicorn-5439.exe
312	Unicorn-51111.exe
1116	Unicorn-51111.exe
768	Unicorn-36410.exe
2816	Unicorn-38692.exe
2732	Unicorn-12094.exe
2416	Unicorn-15065.exe

Loads dropped DLL 64 IoCs

pid	Process
2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe
2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe
2984	Unicorn-47871.exe
2984	Unicorn-47871.exe
2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe
2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe
2836	Unicorn-29518.exe
2984	Unicorn-47871.exe
2836	Unicorn-29518.exe
2984	Unicorn-47871.exe
2752	Unicorn-53233.exe
2752	Unicorn-53233.exe
2824	Unicorn-46400.exe
2824	Unicorn-46400.exe
2696	Unicorn-49789.exe
2696	Unicorn-49789.exe
2836	Unicorn-29518.exe
2836	Unicorn-29518.exe
2620	Unicorn-18819.exe
2620	Unicorn-18819.exe
2752	Unicorn-53233.exe
2752	Unicorn-53233.exe
2568	Unicorn-27632.exe
2568	Unicorn-27632.exe
2824	Unicorn-46400.exe
2824	Unicorn-46400.exe
2660	Unicorn-37688.exe
2660	Unicorn-37688.exe
1816	Unicorn-58602.exe
1816	Unicorn-58602.exe
2696	Unicorn-49789.exe
2696	Unicorn-49789.exe
476	Unicorn-25924.exe
476	Unicorn-25924.exe
2620	Unicorn-18819.exe
676	Unicorn-15343.exe
676	Unicorn-15343.exe
2620	Unicorn-18819.exe
1924	Unicorn-45158.exe
1924	Unicorn-45158.exe
2568	Unicorn-27632.exe
2568	Unicorn-27632.exe
884	Unicorn-58811.exe
884	Unicorn-58811.exe
912	Unicorn-50254.exe
912	Unicorn-50254.exe
2660	Unicorn-37688.exe
2660	Unicorn-37688.exe
1112	Unicorn-22603.exe
1112	Unicorn-22603.exe
1816	Unicorn-58602.exe
1816	Unicorn-58602.exe
1136	Unicorn-62130.exe
1136	Unicorn-62130.exe
2940	Unicorn-25861.exe
2940	Unicorn-25861.exe
1700	Unicorn-16459.exe
1700	Unicorn-16459.exe
476	Unicorn-25924.exe
476	Unicorn-25924.exe
2308	Unicorn-42821.exe
2308	Unicorn-42821.exe
676	Unicorn-15343.exe
676	Unicorn-15343.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2132	1632	WerFault.exe	102
3028	1580	WerFault.exe	101

Suspicious use of SetWindowsHookEx 47 IoCs

pid	Process
2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe
2984	Unicorn-47871.exe
2836	Unicorn-29518.exe
2752	Unicorn-53233.exe
2696	Unicorn-49789.exe
2824	Unicorn-46400.exe
2620	Unicorn-18819.exe
2568	Unicorn-27632.exe
2660	Unicorn-37688.exe
1816	Unicorn-58602.exe
676	Unicorn-15343.exe
476	Unicorn-25924.exe
1924	Unicorn-45158.exe
884	Unicorn-58811.exe
912	Unicorn-50254.exe
1112	Unicorn-22603.exe
1136	Unicorn-62130.exe
1700	Unicorn-16459.exe
2940	Unicorn-25861.exe
2308	Unicorn-42821.exe
2268	Unicorn-32181.exe
1308	Unicorn-33843.exe
1448	Unicorn-15058.exe
1224	Unicorn-7866.exe
1120	Unicorn-51307.exe
1040	Unicorn-64996.exe
560	Unicorn-52708.exe
2396	Unicorn-47545.exe
1748	Unicorn-5280.exe
2176	Unicorn-40636.exe
1536	Unicorn-34492.exe
2976	Unicorn-14626.exe
1592	Unicorn-13.exe
2532	Unicorn-41640.exe
2812	Unicorn-13082.exe
2768	Unicorn-37706.exe
2596	Unicorn-59310.exe
2664	Unicorn-21994.exe
2612	Unicorn-31734.exe
2200	Unicorn-64069.exe
1684	Unicorn-47570.exe
1092	Unicorn-32267.exe
2648	Unicorn-23852.exe
2000	Unicorn-27014.exe
1692	Unicorn-25785.exe
564	Unicorn-61535.exe
2492	Unicorn-39981.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2984	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	28
PID 2060 wrote to memory of 2984	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	28
PID 2060 wrote to memory of 2984	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	28
PID 2060 wrote to memory of 2984	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	28
PID 2984 wrote to memory of 2836	2984	Unicorn-47871.exe	29
PID 2984 wrote to memory of 2836	2984	Unicorn-47871.exe	29
PID 2984 wrote to memory of 2836	2984	Unicorn-47871.exe	29
PID 2984 wrote to memory of 2836	2984	Unicorn-47871.exe	29
PID 2060 wrote to memory of 2752	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	30
PID 2060 wrote to memory of 2752	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	30
PID 2060 wrote to memory of 2752	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	30
PID 2060 wrote to memory of 2752	2060	78c3c84a4ed3bbd21ae14c685a6db19a.exe	30
PID 2836 wrote to memory of 2696	2836	Unicorn-29518.exe	31
PID 2836 wrote to memory of 2696	2836	Unicorn-29518.exe	31
PID 2836 wrote to memory of 2696	2836	Unicorn-29518.exe	31
PID 2836 wrote to memory of 2696	2836	Unicorn-29518.exe	31
PID 2984 wrote to memory of 2824	2984	Unicorn-47871.exe	32
PID 2984 wrote to memory of 2824	2984	Unicorn-47871.exe	32
PID 2984 wrote to memory of 2824	2984	Unicorn-47871.exe	32
PID 2984 wrote to memory of 2824	2984	Unicorn-47871.exe	32
PID 2752 wrote to memory of 2620	2752	Unicorn-53233.exe	33
PID 2752 wrote to memory of 2620	2752	Unicorn-53233.exe	33
PID 2752 wrote to memory of 2620	2752	Unicorn-53233.exe	33
PID 2752 wrote to memory of 2620	2752	Unicorn-53233.exe	33
PID 2824 wrote to memory of 2568	2824	Unicorn-46400.exe	34
PID 2824 wrote to memory of 2568	2824	Unicorn-46400.exe	34
PID 2824 wrote to memory of 2568	2824	Unicorn-46400.exe	34
PID 2824 wrote to memory of 2568	2824	Unicorn-46400.exe	34
PID 2696 wrote to memory of 1816	2696	Unicorn-49789.exe	35
PID 2696 wrote to memory of 1816	2696	Unicorn-49789.exe	35
PID 2696 wrote to memory of 1816	2696	Unicorn-49789.exe	35
PID 2696 wrote to memory of 1816	2696	Unicorn-49789.exe	35
PID 2836 wrote to memory of 2660	2836	Unicorn-29518.exe	36
PID 2836 wrote to memory of 2660	2836	Unicorn-29518.exe	36
PID 2836 wrote to memory of 2660	2836	Unicorn-29518.exe	36
PID 2836 wrote to memory of 2660	2836	Unicorn-29518.exe	36
PID 2620 wrote to memory of 676	2620	Unicorn-18819.exe	37
PID 2620 wrote to memory of 676	2620	Unicorn-18819.exe	37
PID 2620 wrote to memory of 676	2620	Unicorn-18819.exe	37
PID 2620 wrote to memory of 676	2620	Unicorn-18819.exe	37
PID 2752 wrote to memory of 476	2752	Unicorn-53233.exe	38
PID 2752 wrote to memory of 476	2752	Unicorn-53233.exe	38
PID 2752 wrote to memory of 476	2752	Unicorn-53233.exe	38
PID 2752 wrote to memory of 476	2752	Unicorn-53233.exe	38
PID 2568 wrote to memory of 1924	2568	Unicorn-27632.exe	39
PID 2568 wrote to memory of 1924	2568	Unicorn-27632.exe	39
PID 2568 wrote to memory of 1924	2568	Unicorn-27632.exe	39
PID 2568 wrote to memory of 1924	2568	Unicorn-27632.exe	39
PID 2824 wrote to memory of 884	2824	Unicorn-46400.exe	40
PID 2824 wrote to memory of 884	2824	Unicorn-46400.exe	40
PID 2824 wrote to memory of 884	2824	Unicorn-46400.exe	40
PID 2824 wrote to memory of 884	2824	Unicorn-46400.exe	40
PID 2660 wrote to memory of 912	2660	Unicorn-37688.exe	41
PID 2660 wrote to memory of 912	2660	Unicorn-37688.exe	41
PID 2660 wrote to memory of 912	2660	Unicorn-37688.exe	41
PID 2660 wrote to memory of 912	2660	Unicorn-37688.exe	41
PID 1816 wrote to memory of 1112	1816	Unicorn-58602.exe	42
PID 1816 wrote to memory of 1112	1816	Unicorn-58602.exe	42
PID 1816 wrote to memory of 1112	1816	Unicorn-58602.exe	42
PID 1816 wrote to memory of 1112	1816	Unicorn-58602.exe	42
PID 2696 wrote to memory of 1136	2696	Unicorn-49789.exe	46
PID 2696 wrote to memory of 1136	2696	Unicorn-49789.exe	46
PID 2696 wrote to memory of 1136	2696	Unicorn-49789.exe	46
PID 2696 wrote to memory of 1136	2696	Unicorn-49789.exe	46

C:\Users\Admin\AppData\Local\Temp\78c3c84a4ed3bbd21ae14c685a6db19a.exe
"C:\Users\Admin\AppData\Local\Temp\78c3c84a4ed3bbd21ae14c685a6db19a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        8⤵
        Executes dropped EXE
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        10⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        9⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        7⤵
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        8⤵
        Executes dropped EXE
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35175.exe
        9⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 188
        10⤵
        Program crash
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        7⤵
        Executes dropped EXE
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        9⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 188
        10⤵
        Program crash
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
        7⤵
        Executes dropped EXE
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        7⤵
        Executes dropped EXE
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        8⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
        6⤵
        Executes dropped EXE
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        7⤵
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        6⤵
        Executes dropped EXE
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        7⤵
        
        PID:1620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        7⤵
        Executes dropped EXE
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        6⤵
        Executes dropped EXE
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
        9⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        Executes dropped EXE
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
        8⤵
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        Executes dropped EXE
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        5⤵
        Executes dropped EXE
        
        PID:272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        6⤵
        Executes dropped EXE
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
        5⤵
        Executes dropped EXE
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49969.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        7⤵
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        5⤵
        Executes dropped EXE
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        6⤵
        
        PID:884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe

Filesize
184KB

MD5
8e43f83bad3fb6a302b5716059894512

SHA1
65e96f0d71bc9b97b4a7523b8762e8a64c363b9b

SHA256
dcab0bffbfa8eb6e1e7b20b96c4fa72bac5c6bc480acc0ef62efe96e874b06a5

SHA512
f47b999726a1e282dd8aaf7cbdc9eed0a8c17804b78f1869d9f05971c0accaedcc996e86bc96cc764b51442920fd9cdcfba3c889484b9c785d5be1b84e0c7d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe

Filesize
184KB

MD5
0f71471cf93c3c6aee3706b9d54b2a71

SHA1
d81cc5dc47481cb2b84ba0880c5bf71be1f2846d

SHA256
8f033a8519ce62eb858ee8729d57382671845df529451d4a85f7e828bd9b7cbe

SHA512
7222dbd505ae31774ae5fc3b70b906dabf1cf6f63776b1f3db29488dc1e581fabc7eea92cb47caab62cc83f3801313605f7ed29cfbaf4cc0cc36c575a0c8d5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe

Filesize
184KB

MD5
fb353020584712e2b84e3a93cab88616

SHA1
0531ea8e110960881b451ec56f5b42f27ab8e098

SHA256
53b93eaac2ca751ca6d9ff9777d27d69035e9c088221826d2ff88ed40dec3033

SHA512
398b4d45d6008976fc7586bf54d452f5b0be26f7d6ec2c03907dd15e9b95371151e03e96e97184451b02bb2b59889703bc4cd94226eb13b883b687be39d44e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe

Filesize
184KB

MD5
50ae31c6e4b9bd3f09b5ae41dd0fce41

SHA1
c5377861f9202efabdd25074faa149d5940b9320

SHA256
d9fd424f721b63b8e7d568ecba79ba22ea2807e7ac564148bfb1cb827e4adcf0

SHA512
628d14ac4b94d5bbe3ff396fa2f87b532ca38deb4812c86328684f7b076044268ab2d00c906392a1fdd68bea0fb701e1da968a56163fcfd7c17cbc8bc1bdf872

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe

Filesize
184KB

MD5
696398f8ae73987749644494adcd67a6

SHA1
d5a1c1fb67e62d3f67e0ce99d6f81de6efea5f57

SHA256
04b42ace6e1b63de6b872e74919c738fb12bbfdb23ebbe7dbcde15c965caf4e6

SHA512
4713d90642ed151ee73c6bfb0dc8345ab6d0d4a24b26ecb523683d42eea11431c28c9b839e554c067efd4688956cca281cef3286d7237e8493be5d8b32eb7dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe

Filesize
184KB

MD5
eab36ed284f2f6558442141602cfac65

SHA1
898a2f449ee41d36b63dd34abbd878f62195c6b6

SHA256
6cc9100c6600a1a5384d4dd65b42350f5806d896bae1cc98963c301d1037ea26

SHA512
5d9fe0f62e8791b1f6ebc2d12fff976e28b3541caebfff0df171f0ba28ea38d22057194143ff93a357d02ede0a9d0cb6ded840363b7548fb3dfff0205e439634

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe

Filesize
184KB

MD5
7c08772c4ee48411c3c9a9cb35d54c62

SHA1
307f03ef9911b056c4aef601ed22e8e40fafffc2

SHA256
04897952ea5cb4b85a1458a238a6a634853eacad56fcd19ccf582ac89f754f08

SHA512
a7a7bd733d502729119ecb6bbd90f437d9c51f9c16dd3a7a790c6edce803125e0a3fd3a10a33f85e85fca2cd7d794354c7a7ceafb751fce30f0c3578404ce97f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe

Filesize
184KB

MD5
324447fbe4cb8bde6ba8d5a5000e4813

SHA1
87e797639c7b07d6d270f121aeb2c6298d0decba

SHA256
8e1579886dba923f43176b18e65ca67f103c05c9d815c2fb29ddc368b1cc053d

SHA512
5b506a5b71ef0cdfaa9f8bc297797eca4fb8aa19d1fd78e417a8848a1e019a360f30a1010dd4b655cab647221611aaba749ffb3cf1084e5ea68b9ebeb7eec644

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe

Filesize
184KB

MD5
2be244c0c193aed2468ec6f706b934bf

SHA1
463aeffb75ea112c88f19b4c12631f8b8b7d7322

SHA256
c10a472d71f01f6ad347ecff62c54b1dc206d5fe34d38c8d2ce0680ceb851488

SHA512
b6552694e067135c48b246522a9dd5adbc229c4c640b7ceca53862c7c72ce9ec51413225c8791bd212f4fe05a65e6ce6dd1b96755701a75ce5c7db2d654a4766

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe

Filesize
184KB

MD5
cf1e8b5db6fb8d5fe7aef719300ee91e

SHA1
ce0397d6c518e6f703d421bb8f1693f41e686410

SHA256
5bc391ae63919fe56e5959fcab5cebb3d7e80483d6cee98b2ae53e05de0c08a4

SHA512
cb59f7c7a1375c56faf13ff1c4b3e69340d115735490b434404621e856c09e4b183766e2df7f04ad7841ab5665bf0e079148689608653415aebfb081df93108e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe

Filesize
184KB

MD5
2a7778196304b2df0002f6fd88fe9735

SHA1
cd5fd60c15ad3f4967446f7b6b87f7d1388f9935

SHA256
4b8cb773947b94e979196a7ac35b5f61574ab723fc2f78cb48d3196d1f0c6031

SHA512
068ecd5734f52241dea782f9fb609d41db7e5ed91de1061443c1776e4679694f21d6eb0c7efa5f4a2468f1c8312a6cc957fc9269027d814403f0fc0e520e05cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe

Filesize
184KB

MD5
2c2ef5c0d7c19b7f127774d09ed2fb13

SHA1
82cc4adfc8146f8f01cc57b453ed896914f00019

SHA256
035575ff68be398c1d72e29f1cb1e15f1719fdeaff20deb844d8eed957df2c29

SHA512
6cf06129f3ec2d17e2042a488130876d7830ede94c1e14c252d7cd38f0158bcd2d228d9a73c08f27187a545b93400e408d69d32b8a7293c0ff14eb82cd01c5e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe

Filesize
184KB

MD5
6927c4c016f26ce1e7b4751864d790fe

SHA1
143ede96bfbf5d4c7f8aeba616d3141e0c777e5d

SHA256
d49bb412e7ddcc76c312b2ee9e5f5b43b435efc2d7b6e7812c20563f00a3c21e

SHA512
1bd6f95faa620801c941da33fa861c34ebf0afb246f09b1ebbae9e2d75f9573d03f9d04d25f4d406f65e6d609538c4034ec455d5aa62a571eb2dcad5bf614151

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe

Filesize
184KB

MD5
13ec2aa773ae110f2243d11d3c0495c4

SHA1
f9e436f07360267382f4f751ee99cf9865311f58

SHA256
3d8ff0fb9ec7261c261f4fd257e1210585cb240bbe3773ed23c6d9e5063fbdad

SHA512
150bd09d376bdd1fdf7ab457a5a0ceb381663ee0ba1548239c1c368adecdc8c520cbfe32c77e21db5127bb680827dd6b4d0511b2cac977675b65d367ce257ed7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe

Filesize
184KB

MD5
fee4423e26ea47d72f53d17bbd37c056

SHA1
5369dec24c5f13f2e9165fa2e74a31abf011bc0f

SHA256
a187774ea71fc43650b7f2793c52e4904c6a65f463e4b8e03c07d1a54994ab6b

SHA512
f4401b3c3096777df66724df4571da5598b7f6b5fc48c280cddb3e9d1448f9a840f3820c882c9ef736d39c56e7db69b43f4b6aaee693f35af24fb81422a31737

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe

Filesize
184KB

MD5
b40e9a82da4efdf9c798a5e6b9da35f7

SHA1
99d4c54ced35f9cce4a3fdda2fff81c97bb6fbb5

SHA256
e8e5cab6d886abbcd260a1267f320758e13d293c75df4b8f02b983a7612e57b7

SHA512
108b592936840b307a54fe067fb2ff2d261cf26be1d473bc5296a83fb9154e5a8401a84b877c85cd648e24c1b26704ced79e5904d46713de999d7e7529405e94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe

Filesize
184KB

MD5
b14980fd9352c027d715e8b8ec9c950c

SHA1
fb3f81a87a7137fff869e6b7c11b23fa7e397f2f

SHA256
fcacc9fc3d4ee6e01dd530980d391c00dc402d424c153791ebd4e286885c049d

SHA512
760609ba61de3d90a5ac495abeb1febfad447953c8f63dce3620608de5300f90e9a215e6f065d62afa440af174f236ea391f4a8a79596cf4defec1948af66222

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe

Filesize
184KB

MD5
76c8832495f6b7718ed8e3718daac9bd

SHA1
0c7211eb6f36a45fcdaf0099d6255bd33867852d

SHA256
305d0ac5dc64aa83621993a73bc410edf19544bd354a9f9328d3244a61f54db2

SHA512
b293a16c16444745978fbb0e971eec15b22c337c8026f7e84d0909b08bf3c29e1b2729ec0b72b06689115a5f1caeece1411c1da5645229686719dd1d054a313a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe

Filesize
184KB

MD5
5fbf7ab78aca1977943427e5ef22224e

SHA1
ea3803fd2c2266356bce9fa91e2f38483a574569

SHA256
830d44e99bf69d520817d1f0243ea86dd5d0503c9a407310fa9124949d5fd3a2

SHA512
ef547094022b6e59427e7775637667d02b583db796de7573bb74e893d23469ac13976f0b050bb1a144d58c477f2bd7ee0b43b850ab12d8ad9469e3947366dc48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe

Filesize
184KB

MD5
c87497b4f4e4c5ccc6237b7858f10bdb

SHA1
e856192ee88842c79153638b950a44b22edcbb69

SHA256
3524c63000911e70b786171157f62214a29440cf1a9f7d648cafa4c3c9e13157

SHA512
379b5a4a8f06491436bf83eb20050b1691f5d2cb948eb28e0b9dcca607c77acf244b7473fd70e8396f754309928c16ff383a6f2ab4741c7e8225248875477c85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe

Filesize
184KB

MD5
5b52352e12f916006841871afc4abc7e

SHA1
719958920a4a112127dec4b249c45cc2edd4fc6d

SHA256
c1094e17952ae6db356b84faf24b45a16cee1332b3e2eb38fa2a24cf7a61f1c8

SHA512
e2d7b950099cf6ca4931c23da3dc631873dd4bdbfe060b41b748c283b63764eee31d473957155fe010ae8825d2f03f6672235381b13871d73195f8f169f942f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads