e32b835b19a238c84bf3477e85d73a41a7f6e95b4175d2eecd8ffe4c21fee103

Analysis

max time kernel
27s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8629bdecedf10368ab37974a5fefc407.exe
Size

184KB
MD5

8629bdecedf10368ab37974a5fefc407
SHA1

2d5bb020b36a4ba8517d84bd9c3692e9d45ca054
SHA256

e32b835b19a238c84bf3477e85d73a41a7f6e95b4175d2eecd8ffe4c21fee103
SHA512

3719c35ef20d42ab561bc0b6da4f6d3c7fe1660393bb3468548642e530d69c2ac70e9c1ac36cdb64a39f65c56f48f84d46be1f5df1b5aafba3135ba5ece752a3
SSDEEP

3072:5WAhoVX/Q8ACzePpHDZYeNcZC6JuMWkR7nsrxEyLp0ClP6pFb:5Weo6dCzWHCeNcb91ZClP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 40 IoCs

pid	Process
2728	Unicorn-35653.exe
2744	Unicorn-38964.exe
2832	Unicorn-60131.exe
2760	Unicorn-14625.exe
2484	Unicorn-65134.exe
2580	Unicorn-34491.exe
3012	Unicorn-57132.exe
2904	Unicorn-3292.exe
2148	Unicorn-52493.exe
3064	Unicorn-32627.exe
356	Unicorn-18015.exe
880	Unicorn-3131.exe
2684	Unicorn-39565.exe
2956	Unicorn-52332.exe
2240	Unicorn-32466.exe
1028	Unicorn-60500.exe
2552	Unicorn-38430.exe
2264	Unicorn-59597.exe
2440	Unicorn-46406.exe
1872	Unicorn-34708.exe
2324	Unicorn-54574.exe
1316	Unicorn-13733.exe
2000	Unicorn-21902.exe
1996	Unicorn-59405.exe
2328	Unicorn-43068.exe
596	Unicorn-22259.exe
892	Unicorn-42125.exe
2280	Unicorn-37334.exe
1968	Unicorn-50293.exe
1552	Unicorn-57200.exe
2792	Unicorn-60381.exe
2152	Unicorn-48684.exe
2720	Unicorn-60765.exe
1640	Unicorn-27709.exe
2732	Unicorn-49068.exe
2612	Unicorn-40899.exe
2428	Unicorn-27325.exe
2616	Unicorn-5425.exe
1960	Unicorn-18650.exe
3032	Unicorn-38516.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	8629bdecedf10368ab37974a5fefc407.exe
2120	8629bdecedf10368ab37974a5fefc407.exe
2728	Unicorn-35653.exe
2728	Unicorn-35653.exe
2120	8629bdecedf10368ab37974a5fefc407.exe
2120	8629bdecedf10368ab37974a5fefc407.exe
2728	Unicorn-35653.exe
2728	Unicorn-35653.exe
2744	Unicorn-38964.exe
2744	Unicorn-38964.exe
2832	Unicorn-60131.exe
2832	Unicorn-60131.exe
2760	Unicorn-14625.exe
2832	Unicorn-60131.exe
2832	Unicorn-60131.exe
2760	Unicorn-14625.exe
2744	Unicorn-38964.exe
2580	Unicorn-34491.exe
2580	Unicorn-34491.exe
2744	Unicorn-38964.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
3012	Unicorn-57132.exe
3012	Unicorn-57132.exe
2904	Unicorn-3292.exe
2904	Unicorn-3292.exe
2760	Unicorn-14625.exe
2760	Unicorn-14625.exe
2580	Unicorn-34491.exe
2148	Unicorn-52493.exe
2148	Unicorn-52493.exe
2580	Unicorn-34491.exe
3064	Unicorn-32627.exe
3064	Unicorn-32627.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
356	Unicorn-18015.exe
356	Unicorn-18015.exe
3012	Unicorn-57132.exe
3012	Unicorn-57132.exe
880	Unicorn-3131.exe
880	Unicorn-3131.exe
2904	Unicorn-3292.exe
2904	Unicorn-3292.exe
2684	Unicorn-39565.exe
2684	Unicorn-39565.exe
2956	Unicorn-52332.exe
2956	Unicorn-52332.exe
2148	Unicorn-52493.exe
2148	Unicorn-52493.exe
1028	Unicorn-60500.exe
1028	Unicorn-60500.exe
3064	Unicorn-32627.exe
3064	Unicorn-32627.exe
356	Unicorn-18015.exe
356	Unicorn-18015.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2988	2484	WerFault.exe	33
1432	2240	WerFault.exe
2800	1872	WerFault.exe	49

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
2120	8629bdecedf10368ab37974a5fefc407.exe
2728	Unicorn-35653.exe
2744	Unicorn-38964.exe
2832	Unicorn-60131.exe
2760	Unicorn-14625.exe
2484	Unicorn-65134.exe
2580	Unicorn-34491.exe
3012	Unicorn-57132.exe
2904	Unicorn-3292.exe
2148	Unicorn-52493.exe
3064	Unicorn-32627.exe
356	Unicorn-18015.exe
880	Unicorn-3131.exe
2684	Unicorn-39565.exe
2240	Unicorn-32466.exe
2956	Unicorn-52332.exe
1028	Unicorn-60500.exe
2552	Unicorn-38430.exe
2264	Unicorn-59597.exe
2440	Unicorn-46406.exe
1872	Unicorn-34708.exe
2324	Unicorn-54574.exe
2000	Unicorn-21902.exe
1316	Unicorn-13733.exe
1996	Unicorn-59405.exe
2328	Unicorn-43068.exe
892	Unicorn-42125.exe
1968	Unicorn-50293.exe
2720	Unicorn-60765.exe
1552	Unicorn-57200.exe
2428	Unicorn-27325.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2728	2120	8629bdecedf10368ab37974a5fefc407.exe	28
PID 2120 wrote to memory of 2728	2120	8629bdecedf10368ab37974a5fefc407.exe	28
PID 2120 wrote to memory of 2728	2120	8629bdecedf10368ab37974a5fefc407.exe	28
PID 2120 wrote to memory of 2728	2120	8629bdecedf10368ab37974a5fefc407.exe	28
PID 2728 wrote to memory of 2744	2728	Unicorn-35653.exe	29
PID 2728 wrote to memory of 2744	2728	Unicorn-35653.exe	29
PID 2728 wrote to memory of 2744	2728	Unicorn-35653.exe	29
PID 2728 wrote to memory of 2744	2728	Unicorn-35653.exe	29
PID 2120 wrote to memory of 2832	2120	8629bdecedf10368ab37974a5fefc407.exe	30
PID 2120 wrote to memory of 2832	2120	8629bdecedf10368ab37974a5fefc407.exe	30
PID 2120 wrote to memory of 2832	2120	8629bdecedf10368ab37974a5fefc407.exe	30
PID 2120 wrote to memory of 2832	2120	8629bdecedf10368ab37974a5fefc407.exe	30
PID 2728 wrote to memory of 2760	2728	Unicorn-35653.exe	31
PID 2728 wrote to memory of 2760	2728	Unicorn-35653.exe	31
PID 2728 wrote to memory of 2760	2728	Unicorn-35653.exe	31
PID 2728 wrote to memory of 2760	2728	Unicorn-35653.exe	31
PID 2744 wrote to memory of 2580	2744	Unicorn-38964.exe	32
PID 2744 wrote to memory of 2580	2744	Unicorn-38964.exe	32
PID 2744 wrote to memory of 2580	2744	Unicorn-38964.exe	32
PID 2744 wrote to memory of 2580	2744	Unicorn-38964.exe	32
PID 2832 wrote to memory of 2484	2832	Unicorn-60131.exe	33
PID 2832 wrote to memory of 2484	2832	Unicorn-60131.exe	33
PID 2832 wrote to memory of 2484	2832	Unicorn-60131.exe	33
PID 2832 wrote to memory of 2484	2832	Unicorn-60131.exe	33
PID 2832 wrote to memory of 3012	2832	Unicorn-60131.exe	36
PID 2832 wrote to memory of 3012	2832	Unicorn-60131.exe	36
PID 2832 wrote to memory of 3012	2832	Unicorn-60131.exe	36
PID 2832 wrote to memory of 3012	2832	Unicorn-60131.exe	36
PID 2760 wrote to memory of 2904	2760	Unicorn-14625.exe	34
PID 2760 wrote to memory of 2904	2760	Unicorn-14625.exe	34
PID 2760 wrote to memory of 2904	2760	Unicorn-14625.exe	34
PID 2760 wrote to memory of 2904	2760	Unicorn-14625.exe	34
PID 2580 wrote to memory of 2148	2580	Unicorn-34491.exe	38
PID 2580 wrote to memory of 2148	2580	Unicorn-34491.exe	38
PID 2580 wrote to memory of 2148	2580	Unicorn-34491.exe	38
PID 2580 wrote to memory of 2148	2580	Unicorn-34491.exe	38
PID 2744 wrote to memory of 3064	2744	Unicorn-38964.exe	37
PID 2744 wrote to memory of 3064	2744	Unicorn-38964.exe	37
PID 2744 wrote to memory of 3064	2744	Unicorn-38964.exe	37
PID 2744 wrote to memory of 3064	2744	Unicorn-38964.exe	37
PID 2484 wrote to memory of 2988	2484	Unicorn-65134.exe	35
PID 2484 wrote to memory of 2988	2484	Unicorn-65134.exe	35
PID 2484 wrote to memory of 2988	2484	Unicorn-65134.exe	35
PID 2484 wrote to memory of 2988	2484	Unicorn-65134.exe	35
PID 3012 wrote to memory of 356	3012	Unicorn-57132.exe	39
PID 3012 wrote to memory of 356	3012	Unicorn-57132.exe	39
PID 3012 wrote to memory of 356	3012	Unicorn-57132.exe	39
PID 3012 wrote to memory of 356	3012	Unicorn-57132.exe	39
PID 2904 wrote to memory of 880	2904	Unicorn-3292.exe	40
PID 2904 wrote to memory of 880	2904	Unicorn-3292.exe	40
PID 2904 wrote to memory of 880	2904	Unicorn-3292.exe	40
PID 2904 wrote to memory of 880	2904	Unicorn-3292.exe	40
PID 2760 wrote to memory of 2684	2760	Unicorn-14625.exe	45
PID 2760 wrote to memory of 2684	2760	Unicorn-14625.exe	45
PID 2760 wrote to memory of 2684	2760	Unicorn-14625.exe	45
PID 2760 wrote to memory of 2684	2760	Unicorn-14625.exe	45
PID 2148 wrote to memory of 2956	2148	Unicorn-52493.exe	43
PID 2148 wrote to memory of 2956	2148	Unicorn-52493.exe	43
PID 2148 wrote to memory of 2956	2148	Unicorn-52493.exe	43
PID 2148 wrote to memory of 2956	2148	Unicorn-52493.exe	43
PID 2580 wrote to memory of 2240	2580	Unicorn-34491.exe	44
PID 2580 wrote to memory of 2240	2580	Unicorn-34491.exe	44
PID 2580 wrote to memory of 2240	2580	Unicorn-34491.exe	44
PID 2580 wrote to memory of 2240	2580	Unicorn-34491.exe	44

C:\Users\Admin\AppData\Local\Temp\8629bdecedf10368ab37974a5fefc407.exe
"C:\Users\Admin\AppData\Local\Temp\8629bdecedf10368ab37974a5fefc407.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        11⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        7⤵
        Executes dropped EXE
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        11⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        7⤵
        Executes dropped EXE
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        8⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        9⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        6⤵
        Executes dropped EXE
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        8⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        6⤵
        Executes dropped EXE
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
        10⤵
        
        PID:580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        8⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
        6⤵
        Executes dropped EXE
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
        6⤵
        
        PID:1436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        6⤵
        Program crash
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        6⤵
        Executes dropped EXE
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        8⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        10⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        5⤵
        Executes dropped EXE
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        7⤵
        
        PID:2964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        7⤵
        Executes dropped EXE
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16894.exe
        8⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        6⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        8⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        5⤵
        Executes dropped EXE
        
        PID:596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
        8⤵
        
        PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 188
1⤵
- Loads dropped DLL
- Program crash
PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe

Filesize
119KB

MD5
683a66376aa0fd58ec117cfeb7d1da89

SHA1
a290b5d4ae875d517925af23c7c17c600b7e3a54

SHA256
0953c3dd6a0292ab68ceb7492c6d8a08a1a40546827e398f2d204ff6547176b2

SHA512
211d34dfb5746ab817c3ad36803fd65279332ca6a2c602f001595fa87a6d5d99907b65c396b2a288b6b4eaa0d9a34c1cd1023704599f26738d0e2820679d2095

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe

Filesize
78KB

MD5
37b10005b1809b630dd39492f1bf722e

SHA1
518a086305d5a43dd75d1caa43d56405d43bacd7

SHA256
fd4fc3e309238a805957ef0bbfd796e5b3c70e8175ef7a53a60e32c3f218b5bf

SHA512
b9f94eee9055ff62835bc6dd3fd2e66933e104b3a0dbeea2fe4bbda50b2751727c157168b0d4c4ca94721c569a2dbf09d4c9c2b76db0faf5fe8f5e0d9ea1b9b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe

Filesize
93KB

MD5
0d840206e921584de1a74fc665a6a2e0

SHA1
297df5c84285a4e91114fca7fe1c0967dc174df4

SHA256
194e5c5d8dc4708290abcd56f824ad407de0dfaf3f44e45e9768dc65825ec2fc

SHA512
513aecc549b6f5ba93496976b654844caafe496e5841004251abdebd82d09fc8411e5cf1f742b2fa7e7cdf17f91aef530e93fb020d287dcc0fb0956bb586e8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe

Filesize
184KB

MD5
bac07ad6238c95f2f8ce4fabb6217721

SHA1
bc783d793f87cfa9a3d184d8fddde47f186fbc45

SHA256
e175dcf8e27abdc06ac50ca06bba92a4304eb6cebe90ba4a508a06013028c653

SHA512
f72f539ec5496941263292e5d44d4a9e08c99ee1a47bedca936cf9b39dd237dd2e38cf589fe9d5d27ab5f6016408ea5024b8d81d407f4832244b67ae4c45644b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe

Filesize
139KB

MD5
031a204cdac2da6295cc9b98b795ac94

SHA1
d0e31e2654b5b79ff7a6715000125a56ccb108c3

SHA256
af1b7042c6e39fb9f244939d691b4fdcdfd45d8a2ad83a5dddd9216d62fcb155

SHA512
36ffa82d166277a2664359b7e99dc3290fe200767d8179510873dccb505e49fa3071837a1125672d061eb950730894c382a571e60c193777d1726dd320359ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe

Filesize
184KB

MD5
a62c519cae498e24fbdbdc4256541561

SHA1
f1e1b9ea80f91d4a714194e8996625603c187487

SHA256
56c8fd0a3092e75b9bbdf06af6bd2e92b2fbfd1c89a8fb18aa95873d54901569

SHA512
3348e454af08edf38fd8e656a77fb028cb8e158e0960a8123df8b367b36a06616aee2db3388124d2db20da0ef28d1e9f5b55258d0195bb74fbd920064c30665c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe

Filesize
49KB

MD5
fad8b381f06c58ca57ff1bc1327b5303

SHA1
513b9eb883f7f6cfc6849a6b91cf0a0d6dd1c99a

SHA256
1cc8a7eedd4cff0dd9ef45c1d6e3c7996d7ce094f05bdc45b04e8489086f6d03

SHA512
7d1ca659597b27bb663c714f5b7c43824c5371957c69fd56bba89577495085c80a1f866455d2910f0470d9668abf9f2695f651bfa093fbab82e4a4029014e2ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe

Filesize
45KB

MD5
4e06b2e622d1e26e8a72c6df407efae0

SHA1
9801c0b589613c83953f12d5012e02ef5c5a329b

SHA256
7865c381decf6ef89c4830502bd5ed703760c996c68525bb9c696b8a71e5eb61

SHA512
3bad5fc6d6fd1a6108491828f2e7342a994df59e4b5fec5c45158451128cb2807bb1d0a685151e85fad695ddb3c14a5211f39db237a96d59b7e6f11c84c646b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe

Filesize
184KB

MD5
e0b6b826f9a62c5dd2647af841c57355

SHA1
651dedf742ae20d1ea4dca685c43e3d20df46cb4

SHA256
12443b18f2a3926ab248bf57d4381dea7bbcf6cbe0b8f6a3af470f1233726456

SHA512
15e6224ee4fe7bc880fff8f3cc2878a896594c504142b589f2c9749e1a8f662fb1e8ab50ccdfc10daa95675a0b60859b34f50fb7154b65acf41c81a3029a3fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe

Filesize
184KB

MD5
9802b7873d5be972b367ca291a64805b

SHA1
b0b29b44503aacc38b4ad4795c53c9ebdaeac367

SHA256
59daeba9b46245693710d70aef311779b8aad32b93efbb8c27fcaece918b48dc

SHA512
c61e7cb82666f8bbf7023640590f649f5deed1ac5ad679ea61280f6432088e41341573e9cc3178b90e77bea27522561ca7b0ed2f2f1c3b4816e5f905cf897c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe

Filesize
68KB

MD5
b382d310b9bec6f09458ae7eec182694

SHA1
eb7c6e939773fc0d21d1e614b25d4839afc47b27

SHA256
2089a113231296f7b4645d3b57417b110804ebeac37faada32614e0b28da11de

SHA512
eb3e76c9fec48239ad200a94038a718edb5a40557114f866c361988e451cd72889b7d3ef1c0b669fdc1cf6dae7f176f1ebcfacd6bfa390dc2018fc9657e685e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe

Filesize
184KB

MD5
82b6dd407ee2610adcd9b60abe9013dc

SHA1
70eb865832354dc71f765ae905946e45ff22bb7f

SHA256
38fa70a87fea8066f5d157ed60614bbce989bb9596e974ef445c796f72a70bdd

SHA512
7f56283bf816bf4c847ce58db0c3099d49881d4f8ad8e3a638a05fd25921c6c16980a6a847c6be335a2c7f440be6d0f7f78e1942f422180070c9d2c43c0399b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe

Filesize
184KB

MD5
8adabc458bd814708b56da70fff5b720

SHA1
a6982569939632642def2cb44391fe30001d4c94

SHA256
c4374503355beaa4a7a96d9f9b3614ecdbb6533785693a0647a697c0fd5805fd

SHA512
29339be4059cdb3970336655852a56e8341197a2d696a194475831f5f9554f65356beebda602189f84bd261957912b0a1884dc2872e3e83ab4786d5f540a999c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe

Filesize
184KB

MD5
4d3189d27a5527f72c6db59d0058c0c0

SHA1
08054c962cc4b3631bd8ba30a96b4b915dc3a4a0

SHA256
57735b406d1a4f08207aa89459bdfaa17f1471bff295c813d7aae22ca760b81d

SHA512
a0ebf9516ca380670a0894a870a95af84f1257c388e5534fecade5f8aae6059c08e37701ab19555739e1a7c627cc893229081e02ab9fddf2a92f73f8619eca4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe

Filesize
184KB

MD5
f220f67636c0b4c3cfb061a1fff3cf1f

SHA1
e843ec54cf0a02141841fdbf68d858b9032d0341

SHA256
bc0a86631ed0413b813b80a2c2f3a09455f67ef9af1bb2616d91b67ac3b49da2

SHA512
79a56ef7eb0d1a6c547a148b37e35af9522dcf8e7a3c569d23c2f53419ddd4f7e997969e3477601a98375ee5b2df5396e782d08055a86621a0a1e96f3bf95460

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe

Filesize
137KB

MD5
3a3ac6006c054035d841092cdbb944cc

SHA1
3d45467f1ec850a5a00164a6c1bc6698d524049a

SHA256
9ae3db9c88aa4c50d223f9205f89a57a04d8131c5d0d0404c764df1b09ecfd1f

SHA512
2818a1abe9fb558a6802490804d6063def360b0adb2615a9f57b3498f1a2befe855a1dd20b975d8b21ec3e69cf70ca7a062606bb9a53826b6730bf31d9f275be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe

Filesize
51KB

MD5
77879cdd52b1d5a6fae10af629d9ca70

SHA1
5ad13cafca8bebc1abab7aa6dbc4ffded889f9d9

SHA256
80b66ffac333cce3856f109c6aa7bd95ada5d9976e20d0cb2f23018cfaa5cd89

SHA512
f7871fa486731e3f02e5bc931e999bc1163fe750886beb2133d0f286565ccd40fa97cf2f4d02e45a619675fb55127ee36ce7883a091032e1827ff4a824296dc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe

Filesize
100KB

MD5
41fbfaa51b0e46c00a025bc493e1bef4

SHA1
9a7e0d33428860eb0241efa395b9ef15f6f5d63d

SHA256
453f9ff081b0c84ec111272029d09e066d9d3a9dcfd967a29e6c2acf05b23a83

SHA512
87c9bea2c3bd91a223334cac6450ac0c87e4d840fe2b7bbcc890b9968b3f1d5884144b1ac682fbc503df96c345dea4af380aa3cab21d15644a08441a11a726ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe

Filesize
184KB

MD5
1f82b758635c7aa45deda81e51042916

SHA1
4c1483bf2cdb476de48fd647a7023d42ae81420d

SHA256
1675392a03fe4284daadcd663756e1c5354fcef9ea4741065eb56967f4124ada

SHA512
538e5bfd7323fd997bd4dcd145c302ac99ddd147d676b386de1e1346ed8d4fd236abe914a787daa0195c36430ab21ca8ac78e2d9a23afcaf32e517bfddb93fbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe

Filesize
184KB

MD5
097fae55ccf21f207c8c8207f9570abc

SHA1
bfbe20fd577ba43c0952c64ae6eaee3bfb4652e0

SHA256
41a59c50e95b12e7cff7e3e458fef75b13aea1bb9209e04fc30a865e46738b56

SHA512
be3113bf8f5f78613dd8596ab8230386111e55e2580cff3ce4aae7492cc3223e567acf97bfeaaeb193870687fec27f3dc40e5f22bc607e01368dcb6e57b76726

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe

Filesize
184KB

MD5
233ec1c75f135284861cf27e8d0715d2

SHA1
761ea8fa816c0463556d5a0e2273551196bb2081

SHA256
e070b93ce8391a3e0aec689f4cce7d96f45743cdaaf7cb5088e838f0b27bf15a

SHA512
b9b915bf324a51026412dfbb023d98e9e79181846459989b23f4a1e6e466542151f3d568ea3eeb9e2096c82fde2fc41340d392fef081f5fc8d7c2f39bc9f8050

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe

Filesize
184KB

MD5
bbba50ab3b719f959ac5a83339fc2cd6

SHA1
fdfabbf4d88843838b69a6404e0e04f6abc840e7

SHA256
77f7c908f5d56a58c382f9050212a73c4a1ea9946ada529a36e11d6122bc4662

SHA512
b33d8e87b1ebf4e21d4b6def0d81acc42c3150918e1a053188e6196e730adb7d0693cdfc4b322c9e297a963dc8472aca2e49b637ed8d6ff62a4f1434c43ff8ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe

Filesize
118KB

MD5
f9f353ee440db14081b2143fede51ea7

SHA1
bc8b4f88c0ca1f5aa6eb233b7bcbe16dd4f4b815

SHA256
32531e28cfcf83c6e3feefe398d75def1e7d2788c746afbefd1312aff8d73757

SHA512
ead586bb7e6ac9ab586dd71b4c1a7084934c4c9efa9c41e070cd2fb94716c663caf28d9aae3e26eecb9e68d00b77951e51583556d7759213dfe4cf7f278598fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe

Filesize
123KB

MD5
26160ed9e411af147011c42c9247e793

SHA1
45e019abb975b42ad88da615fbbf9b7e74c03aca

SHA256
81b8c662ebe1004486b3e6e6ad67b1763b8e0b083562cf9c4cb7165a6bb26c5f

SHA512
c243bb520813a5eb3ddb71bb020bb84ab2d5493dc08377e6fb5e82cb3dbd9d88296acc2fdb148e20ecaca8859aa2f2a51144ff1d3fddffb4a7d380f64f5594f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe

Filesize
99KB

MD5
80905db72f8b9b4613089ea054c92c7f

SHA1
9f8fddb5072c4551372473e199f8583963120782

SHA256
57146d8abf78f99f9eed0f83cfe8ef29538d0de4c91b719b9df5368a7ea0092b

SHA512
7d68449bf2a43b74d1a026745d7bf011f8d9c413c12cb46e9156630febefdbb1b1acd5283488d91e699f6b2f4d3f76646562c4edf458057a8c8d3b959f88fc50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe

Filesize
66KB

MD5
13a30407c02d297ee83ada608d4fa8d2

SHA1
c0a8b14a78b6ed852475e47220eb5177e86fa03c

SHA256
1eaf3621117adf18c4491540d593ae2a29a97f5e89f6bf9d597ca43ed1e37482

SHA512
04e9f51ae0dbb989a8e3a7251ce2d0627eda94c982d2f7f6bfea61a72db0ad73ee1be29a481e2ffc4e88b2fa9cbcfc238fb2a94ec7d84bbe0a0fee885dd51708

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe

Filesize
184KB

MD5
af36693540c9637ce58a96039a17775e

SHA1
4d61b05eab6791e62d64a0ee8514265d7906c6e1

SHA256
1c6dd4f3d1a70630d37a6927bc6ac75e30b90047a1ebbb8eb6bfa07ba27e86cd

SHA512
353a62c09acd5d8a57b94b0544bb8a624cfeaa044f31fcd47f9d4c89a5f297c216b0a8b1a37569a5c659cd4bbcacf1af7690491363ef86e43502db24d57f88a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe

Filesize
65KB

MD5
f1b2d49a9c7cb8c7bc46a53680943c94

SHA1
95062240cb1804348a65aa47f5b836cbb9d20499

SHA256
e4fb2e4f0d3df0d72031a5303d33cc81f87a774e812238a24674b87bb7191ae5

SHA512
3df071c9c55fb9bf50b99ff91e49eefa40f24bbd2dc73c6f2e349739822e4b234e2b9ced2902ef6152180922b8e933469dd735665e213ec84e5fd40f08fa849d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe

Filesize
79KB

MD5
76a463faa144ca4389aef527fc8b0240

SHA1
2da3551f23450bb08b89a00d5e29fdc6da87a07e

SHA256
10866627a10a0bf1adb53efe82ec65e325d16f5bbf23481cc71f4fbfe16ac069

SHA512
4aa132d461b0523a1cdede60c366be2b38368fdf9baadb47d3b5c07f0c7440b68b178fad39ac30a12937c3bceed7f73594b179e05d12ea4ebd40e9afabe94f6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads