4ea9fac0437f2b6786e6b95b57520f5cb9752ef98fccf9cbf7e309059b76f501

Analysis

max time kernel
29s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 14:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

801619bc4ffc247bc11ed5d92ffecf53.exe
Size

184KB
MD5

801619bc4ffc247bc11ed5d92ffecf53
SHA1

356a63ba517dbfbd398c49a445d44d8888974dea
SHA256

4ea9fac0437f2b6786e6b95b57520f5cb9752ef98fccf9cbf7e309059b76f501
SHA512

b3baf3b494ed2115566f2a04f76e52c94829ee3ff7efd961f2f2c3d593d8a0ea00c4841e0721eb812a25d89e1421d2fa0cbf6be542dd32d94f1c97e05b2eb638
SSDEEP

3072:wAYaoUV401qTVYjHqUdWLjcLSZK6UwuvcEEx9zPxpslPvpMW:wA9oooTVmq8WLjhQSPslPvpM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 43 IoCs

pid	Process
2744	Unicorn-19549.exe
816	Unicorn-42766.exe
2756	Unicorn-35152.exe
2536	Unicorn-1178.exe
2104	Unicorn-35003.exe
2524	Unicorn-19221.exe
1356	Unicorn-10664.exe
2720	Unicorn-35723.exe
2952	Unicorn-10856.exe
916	Unicorn-46902.exe
2920	Unicorn-18292.exe
1940	Unicorn-46326.exe
1516	Unicorn-10316.exe
2312	Unicorn-17930.exe
1684	Unicorn-49663.exe
436	Unicorn-46134.exe
2348	Unicorn-58983.exe
1496	Unicorn-30011.exe
1000	Unicorn-39802.exe
1560	Unicorn-22720.exe
1620	Unicorn-43524.exe
1268	Unicorn-44079.exe
1740	Unicorn-9180.exe
2684	Unicorn-47644.exe
368	Unicorn-10140.exe
2732	Unicorn-6248.exe
1112	Unicorn-39091.exe
3016	Unicorn-39497.exe
1288	Unicorn-6440.exe
2576	Unicorn-6440.exe
2544	Unicorn-46129.exe
2596	Unicorn-23523.exe
2416	Unicorn-3472.exe
660	Unicorn-36145.exe
1368	Unicorn-6056.exe
896	Unicorn-841.exe
2824	Unicorn-42834.exe
2776	Unicorn-22968.exe
2612	Unicorn-53934.exe
792	Unicorn-23867.exe
1956	Unicorn-4001.exe
2144	Unicorn-4001.exe
2724	Unicorn-23867.exe

Loads dropped DLL 64 IoCs

pid	Process
2444	801619bc4ffc247bc11ed5d92ffecf53.exe
2444	801619bc4ffc247bc11ed5d92ffecf53.exe
2744	Unicorn-19549.exe
2744	Unicorn-19549.exe
2444	801619bc4ffc247bc11ed5d92ffecf53.exe
2444	801619bc4ffc247bc11ed5d92ffecf53.exe
2756	Unicorn-35152.exe
2756	Unicorn-35152.exe
816	Unicorn-42766.exe
816	Unicorn-42766.exe
2744	Unicorn-19549.exe
2744	Unicorn-19549.exe
340	WerFault.exe
340	WerFault.exe
340	WerFault.exe
340	WerFault.exe
340	WerFault.exe
2536	Unicorn-1178.exe
2536	Unicorn-1178.exe
2756	Unicorn-35152.exe
2756	Unicorn-35152.exe
2524	Unicorn-19221.exe
2524	Unicorn-19221.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
1356	Unicorn-10664.exe
1356	Unicorn-10664.exe
2536	Unicorn-1178.exe
2536	Unicorn-1178.exe
2720	Unicorn-35723.exe
2720	Unicorn-35723.exe
2524	Unicorn-19221.exe
2524	Unicorn-19221.exe
2952	Unicorn-10856.exe
2952	Unicorn-10856.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
2760	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
916	Unicorn-46902.exe
916	Unicorn-46902.exe
1356	Unicorn-10664.exe
1356	Unicorn-10664.exe
2920	Unicorn-18292.exe
2920	Unicorn-18292.exe
2312	Unicorn-17930.exe
2312	Unicorn-17930.exe
2952	Unicorn-10856.exe
2952	Unicorn-10856.exe
1516	Unicorn-10316.exe
1516	Unicorn-10316.exe
1940	Unicorn-46326.exe
1940	Unicorn-46326.exe
2720	Unicorn-35723.exe
2720	Unicorn-35723.exe

Program crash 30 IoCs

pid	pid_target	Process	procid_target
1980	2444	WerFault.exe	27
340	2744	WerFault.exe	28
2592	2756	WerFault.exe	30
2760	2536	WerFault.exe	32
3032	2524	WerFault.exe	34
2268	816	WerFault.exe	29
2404	1356	WerFault.exe	36
2476	2720	WerFault.exe	37
1692	2952	WerFault.exe	38
2976	2920	WerFault.exe	44
1656	916	WerFault.exe	40
2500	1496	WerFault.exe	50
2260	1000	WerFault.exe	51
1524	1560	WerFault.exe	52
2232	1940	WerFault.exe	41
1992	1268	WerFault.exe	54
1616	2312	WerFault.exe	43
2472	1516	WerFault.exe	42
1896	2684	WerFault.exe	60
2016	2732	WerFault.exe	62
3024	436	WerFault.exe	48
2648	368	WerFault.exe	61
2688	1684	WerFault.exe	47
2008	2348	WerFault.exe	49
3012	1288	WerFault.exe	66
2968	1620	WerFault.exe	53
2932	1112	WerFault.exe	63
2940	1740	WerFault.exe	59
2556	3016	WerFault.exe	64
3236	2596	WerFault.exe	67

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
2444	801619bc4ffc247bc11ed5d92ffecf53.exe
2744	Unicorn-19549.exe
816	Unicorn-42766.exe
2756	Unicorn-35152.exe
2536	Unicorn-1178.exe
2524	Unicorn-19221.exe
1356	Unicorn-10664.exe
2720	Unicorn-35723.exe
2952	Unicorn-10856.exe
916	Unicorn-46902.exe
2920	Unicorn-18292.exe
1516	Unicorn-10316.exe
2312	Unicorn-17930.exe
1940	Unicorn-46326.exe
1684	Unicorn-49663.exe
436	Unicorn-46134.exe
2348	Unicorn-58983.exe
1000	Unicorn-39802.exe
1620	Unicorn-43524.exe
1496	Unicorn-30011.exe
1560	Unicorn-22720.exe
1268	Unicorn-44079.exe
1740	Unicorn-9180.exe
2684	Unicorn-47644.exe
368	Unicorn-10140.exe
2732	Unicorn-6248.exe
1112	Unicorn-39091.exe
3016	Unicorn-39497.exe
2576	Unicorn-6440.exe
1288	Unicorn-6440.exe
2544	Unicorn-46129.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2744	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	28
PID 2444 wrote to memory of 2744	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	28
PID 2444 wrote to memory of 2744	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	28
PID 2444 wrote to memory of 2744	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	28
PID 2744 wrote to memory of 816	2744	Unicorn-19549.exe	29
PID 2744 wrote to memory of 816	2744	Unicorn-19549.exe	29
PID 2744 wrote to memory of 816	2744	Unicorn-19549.exe	29
PID 2744 wrote to memory of 816	2744	Unicorn-19549.exe	29
PID 2444 wrote to memory of 2756	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	30
PID 2444 wrote to memory of 2756	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	30
PID 2444 wrote to memory of 2756	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	30
PID 2444 wrote to memory of 2756	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	30
PID 2444 wrote to memory of 1980	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	31
PID 2444 wrote to memory of 1980	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	31
PID 2444 wrote to memory of 1980	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	31
PID 2444 wrote to memory of 1980	2444	801619bc4ffc247bc11ed5d92ffecf53.exe	31
PID 2756 wrote to memory of 2536	2756	Unicorn-35152.exe	32
PID 2756 wrote to memory of 2536	2756	Unicorn-35152.exe	32
PID 2756 wrote to memory of 2536	2756	Unicorn-35152.exe	32
PID 2756 wrote to memory of 2536	2756	Unicorn-35152.exe	32
PID 816 wrote to memory of 2104	816	Unicorn-42766.exe	33
PID 816 wrote to memory of 2104	816	Unicorn-42766.exe	33
PID 816 wrote to memory of 2104	816	Unicorn-42766.exe	33
PID 816 wrote to memory of 2104	816	Unicorn-42766.exe	33
PID 2744 wrote to memory of 2524	2744	Unicorn-19549.exe	34
PID 2744 wrote to memory of 2524	2744	Unicorn-19549.exe	34
PID 2744 wrote to memory of 2524	2744	Unicorn-19549.exe	34
PID 2744 wrote to memory of 2524	2744	Unicorn-19549.exe	34
PID 2744 wrote to memory of 340	2744	Unicorn-19549.exe	35
PID 2744 wrote to memory of 340	2744	Unicorn-19549.exe	35
PID 2744 wrote to memory of 340	2744	Unicorn-19549.exe	35
PID 2744 wrote to memory of 340	2744	Unicorn-19549.exe	35
PID 2536 wrote to memory of 1356	2536	Unicorn-1178.exe	36
PID 2536 wrote to memory of 1356	2536	Unicorn-1178.exe	36
PID 2536 wrote to memory of 1356	2536	Unicorn-1178.exe	36
PID 2536 wrote to memory of 1356	2536	Unicorn-1178.exe	36
PID 2756 wrote to memory of 2720	2756	Unicorn-35152.exe	37
PID 2756 wrote to memory of 2720	2756	Unicorn-35152.exe	37
PID 2756 wrote to memory of 2720	2756	Unicorn-35152.exe	37
PID 2756 wrote to memory of 2720	2756	Unicorn-35152.exe	37
PID 2524 wrote to memory of 2952	2524	Unicorn-19221.exe	38
PID 2524 wrote to memory of 2952	2524	Unicorn-19221.exe	38
PID 2524 wrote to memory of 2952	2524	Unicorn-19221.exe	38
PID 2524 wrote to memory of 2952	2524	Unicorn-19221.exe	38
PID 2756 wrote to memory of 2592	2756	Unicorn-35152.exe	39
PID 2756 wrote to memory of 2592	2756	Unicorn-35152.exe	39
PID 2756 wrote to memory of 2592	2756	Unicorn-35152.exe	39
PID 2756 wrote to memory of 2592	2756	Unicorn-35152.exe	39
PID 1356 wrote to memory of 916	1356	Unicorn-10664.exe	40
PID 1356 wrote to memory of 916	1356	Unicorn-10664.exe	40
PID 1356 wrote to memory of 916	1356	Unicorn-10664.exe	40
PID 1356 wrote to memory of 916	1356	Unicorn-10664.exe	40
PID 2536 wrote to memory of 2920	2536	Unicorn-1178.exe	44
PID 2536 wrote to memory of 2920	2536	Unicorn-1178.exe	44
PID 2536 wrote to memory of 2920	2536	Unicorn-1178.exe	44
PID 2536 wrote to memory of 2920	2536	Unicorn-1178.exe	44
PID 2720 wrote to memory of 1940	2720	Unicorn-35723.exe	41
PID 2720 wrote to memory of 1940	2720	Unicorn-35723.exe	41
PID 2720 wrote to memory of 1940	2720	Unicorn-35723.exe	41
PID 2720 wrote to memory of 1940	2720	Unicorn-35723.exe	41
PID 2524 wrote to memory of 1516	2524	Unicorn-19221.exe	42
PID 2524 wrote to memory of 1516	2524	Unicorn-19221.exe	42
PID 2524 wrote to memory of 1516	2524	Unicorn-19221.exe	42
PID 2524 wrote to memory of 1516	2524	Unicorn-19221.exe	42

C:\Users\Admin\AppData\Local\Temp\801619bc4ffc247bc11ed5d92ffecf53.exe
"C:\Users\Admin\AppData\Local\Temp\801619bc4ffc247bc11ed5d92ffecf53.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
      4⤵
      Executes dropped EXE
      PID:2104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 376
      4⤵
      Program crash
      PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        8⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 380
        8⤵
        Program crash
        
        PID:3012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 384
        7⤵
        Program crash
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        6⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 380
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 380
        6⤵
        Program crash
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        7⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 380
        7⤵
        Program crash
        
        PID:2556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 372
        6⤵
        Program crash
        
        PID:2260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 368
        5⤵
        Program crash
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        6⤵
        Executes dropped EXE
        
        PID:660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 380
        6⤵
        Program crash
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        5⤵
        Executes dropped EXE
        
        PID:1368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 372
        5⤵
        Program crash
        
        PID:2472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 360
      4⤵
      Loads dropped DLL
      Program crash
      PID:3032
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49663.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        8⤵
        Executes dropped EXE
        
        PID:2612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 380
        8⤵
        Program crash
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        7⤵
        Executes dropped EXE
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 384
        7⤵
        Program crash
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        7⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 380
        7⤵
        Program crash
        
        PID:1896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 380
        6⤵
        Program crash
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        7⤵
        Executes dropped EXE
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        8⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 380
        7⤵
        Program crash
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        6⤵
        Executes dropped EXE
        
        PID:1956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 380
        6⤵
        Program crash
        
        PID:3024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 368
        5⤵
        Program crash
        
        PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        7⤵
        Executes dropped EXE
        
        PID:792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 380
        7⤵
        Program crash
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        6⤵
        Executes dropped EXE
        
        PID:2144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 384
        6⤵
        Program crash
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        6⤵
        Executes dropped EXE
        
        PID:2724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 380
        6⤵
        Program crash
        
        PID:2932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 372
        5⤵
        Program crash
        
        PID:2976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 372
        6⤵
        Program crash
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 380
        5⤵
        Program crash
        
        PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        5⤵
        Executes dropped EXE
        
        PID:2416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 380
        5⤵
        Program crash
        
        PID:1992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 376
      4⤵
      Program crash
      PID:2476
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 380
  2⤵
  - Program crash
  PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe

Filesize
184KB

MD5
1bc41df2703b5b22eeba684e73181196

SHA1
74fa651529109187103e47df58b819a52d1e95ca

SHA256
9c38e0f4083c73dedf91a71b1a794c8b31af84c581b36bfb1a89c962f8f6af0e

SHA512
18817de66395ec3fcb4596bde0af3194085bac941ed9e58105620a9c4129846986cf06eb240b25199c2805f30b5cc650053fcff85dc9a4c17220f7d7e65c2029

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe

Filesize
184KB

MD5
4ccf1e11b8d5b35dcc6d0b1a6b724dac

SHA1
515e0ab484a0560ffba780a1294ac2604847ee7e

SHA256
89d6976842d61d8ce60fe0c13100fbb638a2dbc06f3b8a74ae20d92b4fb126da

SHA512
277f11781608aa3c1fbe5ada2ad46b39904a5378e5bec87d0856a0e3d9fb454d3ed330aa25a041d47f89b890b397be40c06e297bf7c1a2cb70c4984771b0037c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe

Filesize
184KB

MD5
8eb33708160c622b950bbe3246423bbf

SHA1
a5f8d0471b029316a3890b07682c1c306b5071c4

SHA256
018719ad9beb3499822e49e336b1c046d763de8895f222788f2f1e22a19f3018

SHA512
d8148f875a1639ce986ec682eb8f6da6ee67339b41bdcda361a686e57d5d3f7bddc0216374e62cd162b8cac6e1c0b3b306f60dbdca0f8a7e51461fa9264ba0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe

Filesize
184KB

MD5
1aba9e40cded5ff27ded56850aee7cbd

SHA1
6fbe36ee5120e1d0270d542c86a9324e4acdf18f

SHA256
4984eec93393cfbffbcb32de40d2101776f4e8a7f60b9b780fefa252fadea909

SHA512
a4ef8138fe4c4c3eb551bd92edf9c7a626d4259d266cf9e6fea7590915d5aed92bcaed28282410d4c174a59eda7c5de81b4134371c6244e74d42ec528e3e303d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe

Filesize
184KB

MD5
d281d365e1305b09166cbb72a105081f

SHA1
00c827a0e79046203d1f92584d94e2d3fba49126

SHA256
f11ebe13a0dabfadc0d1471724589443b2c6a141ba57a0808f6657f1b639fa4d

SHA512
5a3fb2be6edb24d9b4e98c88484fede84fd80e2ef3d3357fede45bb1981a7d2a86c668c82f22cefc79604bf15b97b63ac996b370d5f1dd424764b916047c52aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe

Filesize
184KB

MD5
ff8a42257b5afee9c4c3de6cff4c8e05

SHA1
dfa90ab13049fdd8e0c24295a5d08172b4fc37cd

SHA256
618e692c136c98bb4897dfb0d7a893eb9c2e53043df7c0dc62c1c6587bcdeddd

SHA512
c3151eb180984d7e035ea0b087aaf36b6b251900cd5b2a6dbac95878c5219fdefb6ccd774196b25fbde4af5e78f18ea4009b3ab3d71daf5abcdd0926b18416bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe

Filesize
184KB

MD5
5507bf4caf549ec1dfc4937b0952efe3

SHA1
72dcda1878a0f944613b4a855c198b40c279a6ed

SHA256
9a49b6847651677e12af1461607c9bc3f41db1f13251d2f7f7abc614faac5a25

SHA512
5a3756c5979a080683e652341ce59635e622113ce512ecc33858741104fca18f41054eb0e52f4f2764a7abaf15d6da68a794311a9ddc764841c773cb39defd6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe

Filesize
184KB

MD5
63d796980ba2a174fb3c1a1a69929d42

SHA1
3dcb93aa6b6556df35606977a80b614c8aa99a98

SHA256
6aff48b94cb507cb0b87d7a51799bfa43bc536b61e5cdbaba8ce8101b01201df

SHA512
b77600003226f4efa53bf2c69bb82ed4d071ea72cad2704c91908a8aaaa7c22ef819b4f96d3fe14cc7a800df51ed43ccd4192668370ac6df8b4adc19572d4684

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe

Filesize
184KB

MD5
43d8282116d1505749ec3a435e478792

SHA1
aef11a4a0e132f7bc3c1857f3938a4c3e65c75a0

SHA256
f3dbe0416516255eccb618d1784a31d2febe3b53358ad93aea3c0516e93eca92

SHA512
28f27f1560fc3b5c55ef08b8b8eff7de0a518a07cb0f6d00fe5a917015f3ffa4b9bb76acc43c253a93fbe347ad490ec33642b9a6209781a884b7e0b9d315f1dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe

Filesize
184KB

MD5
61a16c3a55dd55013b2aff416b494135

SHA1
1c7760ab6b3fd99ae084b425237297caff269bb7

SHA256
48573a1bbe1faa429953d56c2d60e9e248ad5d1b1a317cfe511f3cf0425934ce

SHA512
8cf21e0b3422a65560dcc5b96c86c84f53765efdcd6c75c8659b2a5a035758abba862aee9ce57c59e1856ffb30ddfc08de33c460e093f0b73eada23f55965c93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe

Filesize
184KB

MD5
84c5f346fed759d6370925da24bd512f

SHA1
7837ce8fd986814ba8c82bdd7806a8b703c40422

SHA256
f00db4fa951a4fc1fe025c4112c171f41d58a961d31568cc9b6da8e87430d8c1

SHA512
6f54ebb35f0b64398a95ede5a5c927e86eb38cb8f71763e13ba0ad4de937f92718458014eedda443af4507305961a85f1bbaf37fe4f4f4825d1215acd811cdb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe

Filesize
184KB

MD5
637433d5da1aa71940131c63107a3ad7

SHA1
59e2cbbfa9a0e384761f30a4dc6c686f2e6bc6f2

SHA256
d791e3f7cdde9527c65a2cd468d038437d8d83064fa1a569361d23790b6abfb5

SHA512
f01ff0a2d9dc80f755e16e93c3b6c01d5a4f6b1c08dcdfc9fc75c1e5b8573d3cd9625f44c8123e6e0350f5516a500b385dae7b9078bb2a6640813d88abb6c812

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe

Filesize
184KB

MD5
d2282c633117cbb6cca1f1a8670e8a87

SHA1
137739cd1905fe30893b3af76c89cdd484f92093

SHA256
7705bde7082f4b87665f309ced20c873d6883ed1bc143295b1da22cc8157754b

SHA512
619af89946f5a9a0c836a54be420536a5445fa0cdbb3bbe6e52a8d811ba0bcbde5b11b0f4c958cd3d6519654c8ac8fbf3eb4e6d12e9c531c22ce774082f4f714

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe

Filesize
184KB

MD5
5cc3d29c1b872e0f419bc5de128204d7

SHA1
c7ea3d653ecee3e5c4b219c1e4a68f5e76b475dc

SHA256
9410e103b5fcdcad3f82da313b4badb6e041cae781240f5b6a3cd29e287cf909

SHA512
6f01cfa8bcf849a6839be95508079d5be5a0852551d0f2290b65f85a4be4c9d3ab6d4a25c50c32ef297982437dacb6574dd07b7a8d1df309f4f0e6475048a5fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe

Filesize
184KB

MD5
ecbffe96b6be2e3883b046cb0444998e

SHA1
d16f685964525c181d1c85e6c5d826dd9a2765ae

SHA256
f14e19f01ebff56709da0d1d92e50bb4e8455e0cf7685191dd250de65d0feda5

SHA512
c119dcef3c9db6032519d8a1b31c4493d812f317dacfbad5e429168d1e44d9b3b963f7ea91c48bb57d9ce431a43996f6089e9377c6424aa4a87e412df8b7420d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe

Filesize
184KB

MD5
ec717504ab50e31fbefbf33894f345fe

SHA1
24c1c0706f328efef475b7945ce69a22982a1d5d

SHA256
6a7ee5d0dad28c47fbb888bae018c0af5243e7d35488610806fb0691bc6ae1fa

SHA512
74acf33d2845c9571a4115e01db922852c91035930ff8205a482c22a86966c0f0f0e3f23ba29be4b5323a5c6adc0848d51e27bf37c856fd249214db3d7765925

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads