1e96d943d05a6e33b59f865dc66464252596a36105c28216f5f5a4e16ffb036b

Analysis

max time kernel
31s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 21:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8585de48539a5fbba163e8f89e2a0f65.exe
Size

184KB
MD5

8585de48539a5fbba163e8f89e2a0f65
SHA1

499130a613ff749e30576f7e3b60fe3c938265ae
SHA256

1e96d943d05a6e33b59f865dc66464252596a36105c28216f5f5a4e16ffb036b
SHA512

e1ca103f409f8d006ddef221527a25a633502c470c21858e2bc820db5fa96d67da1329f25d015f4a2cd8c4eae06bda33522fb14f9f7cc813b6eecd28ed93360f
SSDEEP

3072:cNiQoAWUT0OUkfOH+dLRi08bbI27rXQ5Th0px7ktB0BlVvwFM:cNBoMvjf1dFi08mxmVBlVvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 38 IoCs

pid	Process
3048	Unicorn-15273.exe
2524	Unicorn-55320.exe
1688	Unicorn-644.exe
2668	Unicorn-63571.exe
1044	Unicorn-59487.exe
2744	Unicorn-21147.exe
2452	Unicorn-38081.exe
2560	Unicorn-48942.exe
3028	Unicorn-25637.exe
2988	Unicorn-1687.exe
792	Unicorn-4147.exe
2820	Unicorn-9383.exe
2964	Unicorn-50971.exe
1580	Unicorn-50416.exe
2220	Unicorn-46332.exe
1924	Unicorn-38718.exe
1896	Unicorn-34656.exe
684	Unicorn-57769.exe
932	Unicorn-65382.exe
1528	Unicorn-52601.exe
1216	Unicorn-10177.exe
1184	Unicorn-25959.exe
348	Unicorn-34703.exe
1556	Unicorn-2585.exe
2056	Unicorn-22451.exe
2900	Unicorn-30619.exe
1856	Unicorn-47510.exe
2364	Unicorn-35257.exe
1644	Unicorn-48901.exe
1860	Unicorn-20313.exe
2252	Unicorn-43425.exe
1748	Unicorn-3737.exe
1080	Unicorn-3737.exe
2212	Unicorn-23603.exe
2200	Unicorn-23603.exe
760	Unicorn-23603.exe
3044	Unicorn-20950.exe
1596	Unicorn-40816.exe

Loads dropped DLL 64 IoCs

pid	Process
2416	8585de48539a5fbba163e8f89e2a0f65.exe
2416	8585de48539a5fbba163e8f89e2a0f65.exe
3048	Unicorn-15273.exe
2416	8585de48539a5fbba163e8f89e2a0f65.exe
3048	Unicorn-15273.exe
2416	8585de48539a5fbba163e8f89e2a0f65.exe
1688	Unicorn-644.exe
1688	Unicorn-644.exe
2524	Unicorn-55320.exe
2524	Unicorn-55320.exe
3048	Unicorn-15273.exe
3048	Unicorn-15273.exe
2668	Unicorn-63571.exe
2668	Unicorn-63571.exe
1688	Unicorn-644.exe
1688	Unicorn-644.exe
1044	Unicorn-59487.exe
1044	Unicorn-59487.exe
2524	Unicorn-55320.exe
2524	Unicorn-55320.exe
2744	Unicorn-21147.exe
2744	Unicorn-21147.exe
2452	Unicorn-38081.exe
2452	Unicorn-38081.exe
2668	Unicorn-63571.exe
2668	Unicorn-63571.exe
3028	Unicorn-25637.exe
3028	Unicorn-25637.exe
2560	Unicorn-48942.exe
2560	Unicorn-48942.exe
1044	Unicorn-59487.exe
1044	Unicorn-59487.exe
2988	Unicorn-1687.exe
2988	Unicorn-1687.exe
792	Unicorn-4147.exe
792	Unicorn-4147.exe
2744	Unicorn-21147.exe
2744	Unicorn-21147.exe
2820	Unicorn-9383.exe
2820	Unicorn-9383.exe
2452	Unicorn-38081.exe
2452	Unicorn-38081.exe
2964	Unicorn-50971.exe
2964	Unicorn-50971.exe
2220	Unicorn-46332.exe
2220	Unicorn-46332.exe
2560	Unicorn-48942.exe
1580	Unicorn-50416.exe
2560	Unicorn-48942.exe
1580	Unicorn-50416.exe
684	Unicorn-57769.exe
684	Unicorn-57769.exe
3028	Unicorn-25637.exe
3028	Unicorn-25637.exe
1896	Unicorn-34656.exe
1896	Unicorn-34656.exe
2988	Unicorn-1687.exe
2988	Unicorn-1687.exe
932	Unicorn-65382.exe
932	Unicorn-65382.exe
792	Unicorn-4147.exe
792	Unicorn-4147.exe
2964	Unicorn-50971.exe
2820	Unicorn-9383.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1572	1216	WerFault.exe	49
312	2212	WerFault.exe	61
3040	1364	WerFault.exe	73
3028	2672	WerFault.exe	69
2636	1696	WerFault.exe	83
2712	2236	WerFault.exe	81

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
2416	8585de48539a5fbba163e8f89e2a0f65.exe
3048	Unicorn-15273.exe
2524	Unicorn-55320.exe
1688	Unicorn-644.exe
2668	Unicorn-63571.exe
1044	Unicorn-59487.exe
2744	Unicorn-21147.exe
2452	Unicorn-38081.exe
2560	Unicorn-48942.exe
3028	Unicorn-25637.exe
2988	Unicorn-1687.exe
792	Unicorn-4147.exe
2820	Unicorn-9383.exe
2964	Unicorn-50971.exe
2220	Unicorn-46332.exe
1580	Unicorn-50416.exe
684	Unicorn-57769.exe
1896	Unicorn-34656.exe
932	Unicorn-65382.exe
1528	Unicorn-52601.exe
1184	Unicorn-25959.exe
1216	Unicorn-10177.exe
348	Unicorn-34703.exe
2900	Unicorn-30619.exe
2056	Unicorn-22451.exe
1644	Unicorn-48901.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3048	2416	8585de48539a5fbba163e8f89e2a0f65.exe	28
PID 2416 wrote to memory of 3048	2416	8585de48539a5fbba163e8f89e2a0f65.exe	28
PID 2416 wrote to memory of 3048	2416	8585de48539a5fbba163e8f89e2a0f65.exe	28
PID 2416 wrote to memory of 3048	2416	8585de48539a5fbba163e8f89e2a0f65.exe	28
PID 3048 wrote to memory of 2524	3048	Unicorn-15273.exe	29
PID 3048 wrote to memory of 2524	3048	Unicorn-15273.exe	29
PID 3048 wrote to memory of 2524	3048	Unicorn-15273.exe	29
PID 3048 wrote to memory of 2524	3048	Unicorn-15273.exe	29
PID 2416 wrote to memory of 1688	2416	8585de48539a5fbba163e8f89e2a0f65.exe	30
PID 2416 wrote to memory of 1688	2416	8585de48539a5fbba163e8f89e2a0f65.exe	30
PID 2416 wrote to memory of 1688	2416	8585de48539a5fbba163e8f89e2a0f65.exe	30
PID 2416 wrote to memory of 1688	2416	8585de48539a5fbba163e8f89e2a0f65.exe	30
PID 1688 wrote to memory of 2668	1688	Unicorn-644.exe	31
PID 1688 wrote to memory of 2668	1688	Unicorn-644.exe	31
PID 1688 wrote to memory of 2668	1688	Unicorn-644.exe	31
PID 1688 wrote to memory of 2668	1688	Unicorn-644.exe	31
PID 2524 wrote to memory of 1044	2524	Unicorn-55320.exe	33
PID 2524 wrote to memory of 1044	2524	Unicorn-55320.exe	33
PID 2524 wrote to memory of 1044	2524	Unicorn-55320.exe	33
PID 2524 wrote to memory of 1044	2524	Unicorn-55320.exe	33
PID 3048 wrote to memory of 2744	3048	Unicorn-15273.exe	32
PID 3048 wrote to memory of 2744	3048	Unicorn-15273.exe	32
PID 3048 wrote to memory of 2744	3048	Unicorn-15273.exe	32
PID 3048 wrote to memory of 2744	3048	Unicorn-15273.exe	32
PID 2668 wrote to memory of 2452	2668	Unicorn-63571.exe	34
PID 2668 wrote to memory of 2452	2668	Unicorn-63571.exe	34
PID 2668 wrote to memory of 2452	2668	Unicorn-63571.exe	34
PID 2668 wrote to memory of 2452	2668	Unicorn-63571.exe	34
PID 1688 wrote to memory of 2560	1688	Unicorn-644.exe	35
PID 1688 wrote to memory of 2560	1688	Unicorn-644.exe	35
PID 1688 wrote to memory of 2560	1688	Unicorn-644.exe	35
PID 1688 wrote to memory of 2560	1688	Unicorn-644.exe	35
PID 1044 wrote to memory of 3028	1044	Unicorn-59487.exe	38
PID 1044 wrote to memory of 3028	1044	Unicorn-59487.exe	38
PID 1044 wrote to memory of 3028	1044	Unicorn-59487.exe	38
PID 1044 wrote to memory of 3028	1044	Unicorn-59487.exe	38
PID 2524 wrote to memory of 2988	2524	Unicorn-55320.exe	37
PID 2524 wrote to memory of 2988	2524	Unicorn-55320.exe	37
PID 2524 wrote to memory of 2988	2524	Unicorn-55320.exe	37
PID 2524 wrote to memory of 2988	2524	Unicorn-55320.exe	37
PID 2744 wrote to memory of 792	2744	Unicorn-21147.exe	36
PID 2744 wrote to memory of 792	2744	Unicorn-21147.exe	36
PID 2744 wrote to memory of 792	2744	Unicorn-21147.exe	36
PID 2744 wrote to memory of 792	2744	Unicorn-21147.exe	36
PID 2452 wrote to memory of 2820	2452	Unicorn-38081.exe	39
PID 2452 wrote to memory of 2820	2452	Unicorn-38081.exe	39
PID 2452 wrote to memory of 2820	2452	Unicorn-38081.exe	39
PID 2452 wrote to memory of 2820	2452	Unicorn-38081.exe	39
PID 2668 wrote to memory of 2964	2668	Unicorn-63571.exe	40
PID 2668 wrote to memory of 2964	2668	Unicorn-63571.exe	40
PID 2668 wrote to memory of 2964	2668	Unicorn-63571.exe	40
PID 2668 wrote to memory of 2964	2668	Unicorn-63571.exe	40
PID 3028 wrote to memory of 1580	3028	Unicorn-25637.exe	41
PID 3028 wrote to memory of 1580	3028	Unicorn-25637.exe	41
PID 3028 wrote to memory of 1580	3028	Unicorn-25637.exe	41
PID 3028 wrote to memory of 1580	3028	Unicorn-25637.exe	41
PID 2560 wrote to memory of 2220	2560	Unicorn-48942.exe	46
PID 2560 wrote to memory of 2220	2560	Unicorn-48942.exe	46
PID 2560 wrote to memory of 2220	2560	Unicorn-48942.exe	46
PID 2560 wrote to memory of 2220	2560	Unicorn-48942.exe	46
PID 1044 wrote to memory of 1924	1044	Unicorn-59487.exe	42
PID 1044 wrote to memory of 1924	1044	Unicorn-59487.exe	42
PID 1044 wrote to memory of 1924	1044	Unicorn-59487.exe	42
PID 1044 wrote to memory of 1924	1044	Unicorn-59487.exe	42

C:\Users\Admin\AppData\Local\Temp\8585de48539a5fbba163e8f89e2a0f65.exe
"C:\Users\Admin\AppData\Local\Temp\8585de48539a5fbba163e8f89e2a0f65.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        8⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        6⤵
        Executes dropped EXE
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
        9⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        5⤵
        Executes dropped EXE
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        6⤵
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        7⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        5⤵
        Executes dropped EXE
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        7⤵
        
        PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        6⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        7⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        5⤵
        Executes dropped EXE
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        6⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 224
        7⤵
        Program crash
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        6⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 212
        7⤵
        Program crash
        
        PID:2636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        7⤵
        Executes dropped EXE
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        9⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        6⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        7⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 224
        8⤵
        Program crash
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        6⤵
        Program crash
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        6⤵
        Executes dropped EXE
        
        PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        6⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        7⤵
        Program crash
        
        PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        5⤵
        Executes dropped EXE
        
        PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        8⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        Executes dropped EXE
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58255.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
        9⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 244
        10⤵
        Program crash
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
      4⤵
      Executes dropped EXE
      PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe

Filesize
184KB

MD5
b3f5f9b0330e61986054277936e200d0

SHA1
f0d33f9ca5992f94784d1f4a1e6c0fd6b8ef9523

SHA256
ef870b0fb6f95c1b4a49511710e15bb76a64f12259c220a9519e3eee1e907ea1

SHA512
282b5e25fd2146b5b26e35597ea32ffcba4b98b4baeee2b9189458a94ad981b3d7f5c45a822133432eb9ddcca4a7ac2d6d44b6c8d97294855ae507dc680891fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe

Filesize
90KB

MD5
4ed16e6ccb8a83dae0bddd0e7691b4eb

SHA1
0169332ed3f1f56eb8706462e915472a4e845ef5

SHA256
963cf856eb40bde1a8aaeebb7f711339010112cff069342bc94c464a383ff882

SHA512
d8d92c9ff24a03c2850d54cdfd09498292ffab94bd2c7e15e341e49a42b7b0cde8b8559aca451b20073020a2822043d0d98ca729a9d47f2efce0828a77fb54e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe

Filesize
101KB

MD5
bbcbdd3a7b7e765ea7067409fb61f4ba

SHA1
403f7e5946c6949deb1455c3b40fc1dc588a4b45

SHA256
1171db8ca5e6b9c85f80b7b22209ee10711da624edbb62cd32f179f30ad934ab

SHA512
5cf69cdc8d948aae62c9bdef3e2bd5944e96f67a8217813ba8f6a8932afc84b79c4b54793ba8073b48aeeb1e9ddec70fec0336d55cb00f07fc9ec95863ee318a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe

Filesize
184KB

MD5
f2a89fbb097e984404f055f0ea61aa4c

SHA1
3f8cac2c1e521109931030c5b6eda10731135d25

SHA256
271295a984ca6cdc1720b666c07d5bce4048d335cbc6aa552e3ca97b14bb9244

SHA512
8818edfac2a0e012956df31ace5166b74b86a67b1bbd8066b3f640349bc7045045452da2c6adc52f37f00ee2f247b35e9a254160956bf6bc27f5145d2c7280f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe

Filesize
72KB

MD5
04abf61d00197235333ce2857be831b0

SHA1
04bf001b4875369aa88e53532989fe31319b77d2

SHA256
b7359cd8425ded5ce72a6f5387847ad66508e25630cfbe1b30494037d70382e1

SHA512
f105489e11ed8c2d55fb72e6cea64a6ac9345a62b805e56ba10ec9b74e0079f329d80e30fb2e1de8419ab2d6879ae478ac66cf8ed8634a136ad63a3fa3ea3207

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe

Filesize
30KB

MD5
1d7f32bf21ce8cdc95dc0e31a4238650

SHA1
b2af3c88a37d9e15c0b8a8d53c03deb13fb58e97

SHA256
7f11791098101e8b0c5a207b6669c5573e2406a12be2819c38cc70ee6d796d29

SHA512
eea807d3825634c1a0e519b09060aa0349bc67a3574a03db8419f7837bdfbec8f5937ac92e99c522fafd9c319c444c1f32b77988a4ef1727bbea5a3333a9ac02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe

Filesize
49KB

MD5
7fdd4c6b082939ce674cb8ea0700e50c

SHA1
aab5f7ca46252f6246dfff2abb6f5c30af120abf

SHA256
27159fbf40ea22b3ce5b0ec8d5805981c5166f50d5f5ec6e28c3e7432c5ceba0

SHA512
f1ab29150ec657ae14fc8e4ad5e1abb4d897e599f1083a75c61a65c40ffb132c8dbfbcdf25fc02a16ae15d466e3486c76c1acaf2593b58d09366095be5567ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe

Filesize
94KB

MD5
0b29e3284e2acd7eaf10fe9f18fcd903

SHA1
9680d78bc63aa0f83235746851483da48156e49a

SHA256
b7fb9d981f43ab21da53f1240db1fec26c299630ad93313281b176868178a636

SHA512
2f73a18f74189aa7734150b5a46e45df6f225b921ff83f4848f4163398694415372c404d818f2bd580f857cc8a48c1ede09663857f0a1073bd053965a85fd1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe

Filesize
183KB

MD5
4581ae120430ed10f312c1bb23c7f437

SHA1
e3734ed5a64dbf7b83c3e58812e69be66197aea6

SHA256
114dda9be0104207e75d7fa296c56f04e68b6b8b0239255237e4a2d4d34b0ebc

SHA512
3d03e77bf8286e47e2af0a0f7afcfdf43b55d77293f730d7661108fd010553e208d8deae64f6eb5e36d7823b370c0ee95cee3f6322fb26dced6b482b9a943e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe

Filesize
108KB

MD5
f8259e6288b04db717e24c70d886222b

SHA1
3fa39815222c90cd0d59cc0570935e6eb9cc88c7

SHA256
61a5746c17e0b8ed3ba7dda62c95d95501e976ffab34f127d5c5f70c18c8140b

SHA512
4452a82a9ed8c2da3859369baa505b99cdb284b08520b37bf9c69b836272ec42e32cdee83f1d56a2e96381a90ca5747a9bae3b09f157bfa6a0481577117dec12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe

Filesize
125KB

MD5
d66b01168f443ebeabbcebbd6b2812c1

SHA1
e69f2c5a36e7a87e401b742aa346124963637d84

SHA256
32a08a1e653e9ec56e1fafbb237a94d5577b360c57cc500cf9227a7f24440ca0

SHA512
b4ce6cfe0c6e3c0428e9437952870c09c13763625ee22c6e15cf73e47de8bf716aa98e073bbccc8bd55ec73671a3b2dc2ff3087fffbf7671d1f47688bb51c069

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe

Filesize
184KB

MD5
e924405ab9dcd53cf8fc8d88415ceedf

SHA1
2296aea4221e9e22d12b3a3a461b370c0be22e8f

SHA256
2f0fc50cf78fa46e52cb20d2adb9bbe446863c6ffc17f11eda94a70f48a486f3

SHA512
4040cda713b7f7371fd5ebff67c0132bd5b2872dcff01d4696f01e1d3e9731f06645e314e60ff050844c0cc25508176e06b7f71c155783565ac48005b94806a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe

Filesize
184KB

MD5
dccfededbc9e66d280ad537a29110cb2

SHA1
12b10684e97fb969252cd28bf0e13744b6f6d9f8

SHA256
a0385c0580bb1ad1e68fd4c11afdeb7ea669e14858d0a0dcc2ed2fc2d96784e1

SHA512
af4ff529f2d645dfb61b53484a7891e862480b3d44f690b581f0c8efc275238035c9ed4332094e147c883c5848354d112033515340e704d3b2af194953b4ed33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe

Filesize
184KB

MD5
9c738f12d9b4f831a2baaa15039fa94f

SHA1
5ff592e33fe281f08b9fd6ad9fa0b07a98b1fdfc

SHA256
94f386e601af73a9495aeb830bb86967ab228fd647140393e4fa0d4ee10dc1ee

SHA512
33190375788760ddd259967fe317c0ddd1de507c72b6e91d6051760aa6fceb34f91587b12a09ee90b68c804ced33d8484797635324e45fc3774b70164434949e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe

Filesize
184KB

MD5
38665edaba31b94ad02b07f0fc53cb44

SHA1
084ff0d26deb67aa8bd5dfd1ff763af62ea987b0

SHA256
43ee159d0a24c82ca4e8f6382194cd1e9e6c5e3ed79e778fe3db98e50150f5e8

SHA512
2852729d381a0ede7023d37c2f145634dd496df865cc9bd9d63c5e7a5e54356b4eae1fb4cf5b920fdf1a3db62c531882391c7fc2c4af3c900c1d206a0575f824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe

Filesize
75KB

MD5
b538e4f0d6de70a61559495f0e55f06f

SHA1
fecac0024a3495b729bb9424f24180872abe4a8a

SHA256
4d168f20add62d2b698fd2c2700aab6d365c41dbcf3b029d55a7ee1fe69ccdac

SHA512
18fc43a6fa4ff1d10a3245c1cc42adcd0ae3f2a0a89b9f9bc5d5adb98fdf01a2a69e79b1af580164fbb3119c0d2107f37f5c30eeb0ae3c8f7ba1dd0ba1e1bfef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe

Filesize
184KB

MD5
2614c09cde9c95c0fc5f4c178e0e8ffe

SHA1
9ff15eafb54f2cdedd6a7bf1358ab341bbbf29b4

SHA256
09c73524a36ff78190aa8e64cd2f52e25ca938173893c8c6c583f6398cfbea22

SHA512
562a796c4d62b15445e5efcd4583e62c8679b8698388d8684a37800a1ab2e878757679b653b832d185db9aab2be064f619211a66f9148881190a91f55cc5df08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe

Filesize
184KB

MD5
83cd219e752b8fc8ad414d59226b09dc

SHA1
4155a129f2331790bc06bc8754bd6f2eeb8151a6

SHA256
072c52290a1c7ca4db07bacafe2af05a098f9e7091da8c099c71292ef4070be8

SHA512
cb5fb3324d7ee349d4f74b6d565aeb8069435376fe24b1e8e9d25e22dcdaa3e8d8d701fd73537b191ce1dca1456a62d7bef9efaf22557c2545c72e260fa2026a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe

Filesize
107KB

MD5
0fb167e3f85c989cbc9eda4cd65d6247

SHA1
168b545118ce1f24858dbab8017aa64c32ea83df

SHA256
4866148d71e59e5d3eca5ebdce871b9b5158cef31e423718d46a20d5c1661f19

SHA512
21479489acd810e1782080996d3a37288fbba349841f239053035d4c649c319e41b7afdfc38e7de9b8d5a85b854bdd5dceff62e42a2d3f145c0cc5bb99f27dd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe

Filesize
136KB

MD5
67c618278c6778b2dc95cb68ea5de922

SHA1
ec08a6a2cd40f37680e95029b7a5016c82f9d3b2

SHA256
b4e71df4d1c90440e10c41db58d2259a86bf4182c0220585e08773f35a63416c

SHA512
0f21c3d3dc77da453c0aa7f2f5d129ff19dfc1b6e3cd365e230b44203ba4ee158fb641a6c6702d85291252a3f5a9358451914452bd4472f65247d85ec4f80dac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe

Filesize
184KB

MD5
05fa084612a654e11bc79b69dd1022b8

SHA1
2b318ef8820350d08abc692e82d3b1616b9defa7

SHA256
3e2986aef02b5c92377bf260fa1d4e09f6ebe899df0c7c539d2779b65270256e

SHA512
6d98dc17d8bd346869273e1e1dc2cd617e26e1bd1fc8bf32e0e4042930470b32a0a49f79d6f53db9df9fad0fa202e3354edba5480cb658c17983082d6b1895aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe

Filesize
184KB

MD5
f4a70ac9b7289209512ed5898805e317

SHA1
34d13f2e73c63e4f1d37f91d563b3646c2028de9

SHA256
b15d4a1e18fa7092ad39744017b451e05bdba1d6fd929dcff95f3ec1c35dde05

SHA512
69626a9dc6b05686c95fe778aa8e4db297e911c92ad84a98fe0cb87aec3a4a0a3e93c5748fe00a23a665a2e985bd76e5ed23ff64575d2a38270f194891899ae5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe

Filesize
98KB

MD5
ce377f11885f2b2e8edee035be2ec6b4

SHA1
9a61b78eb81375412722ebc64e7cc44e7a6550a5

SHA256
76137adce55c553568e6b720faa7ba22188b53e0a28e946d880b96adf3f39954

SHA512
c7ec867fc3ebe4fd7800250ebc4310a5f0801d447b3cc0b321dcce41db94e8dfd8c4c706e91349235197e7ed515fb997734725888e8e00863d8247e59b53191e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe

Filesize
184KB

MD5
33baed5421352726effc7f6dcc829cd2

SHA1
a276cf4c0e3c4b8ec32e95762cefa52b09480fa7

SHA256
e548cc79924af99c0480f5dcc95a9181442979ee43eacec378d2f0a30059e95c

SHA512
b9fd4fe897b9e79e257c3029fb18c23aeaaea6fb8317b7a3e7d4be6006b5d5985d29b6b9e211874b9ac6e7fde747db07e73e54781ea587eabfe1bd260cd1d070

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe

Filesize
121KB

MD5
74a4e6ac1b527c4b6695890db677e6a2

SHA1
0a7c82e8b569b1f021c02be679db73e3db39b3cd

SHA256
dffbc37ee8f8c383a34734261fcd05b9e7b543930aa79ea1ef120999aa197cf3

SHA512
1e905ff486465b29ea95fcc238fb76360dbe336e09ea2c9497618c934e0b95722ecd19fbecad2862bd0ed1dff5a08b2a8b56aaa9845405031135e8916cbcbb58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe

Filesize
153KB

MD5
e11271de183d1f6271ea64660e1e0a5b

SHA1
79f81df1968185fc2faefba0be55985ead493238

SHA256
7605a27185c51412b999653b31a367448a7976137609ce9a1351ff93a802f5ee

SHA512
16705b31764da00bf9b828b83579809afa0c51e9455538d5eaa081503383cca472383851f74dcce4efd4e0ff2b7d0f03efbb7bd8522bf1065397dd7e8849d1e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe

Filesize
184KB

MD5
eec51218f2d6a39f99399aa5b21cabae

SHA1
f66fa1e436694f8423e1dbc3ba8e3d61b3de37af

SHA256
c04e82652158c3c6377d9096b5da40aa84ed1faf393b37518d94e5d2084c9bcf

SHA512
e507198d3d608fcfe489b5a5351971d729943384860d59c087fec311fa2344e0ed7f3a4d3ed69b19cd7f1b6672c2ce2ae9c46849754d94d5e75c802dc09ad40f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe

Filesize
184KB

MD5
4a790d5551be0dad646b13bc0b13bada

SHA1
2f030c562a5517a0ac970d4be915575d0ad92930

SHA256
99d793466dced228157485b55e68f59065ac62fdca01ce6d9343acdcde0b9977

SHA512
0c5169abd4e98c39b5ee57108f11f85e0710d2c114ac9c1f26f082c28800785d2e63e65a5be8d8e1cc7ba08ffa6699db321bb9ff78e05cc86427ae4fd1a3802b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe

Filesize
184KB

MD5
7466e03cf5f215196af1677f769067a1

SHA1
01a15c422c512907f0374f0e7596c1613d5288fd

SHA256
34192bff604fa036710496ad9b0f5fd6b12df2016da3bb926064d0e43e18e215

SHA512
aec7c820a7c9940782ed62d021b5c29ab2944c0565b0be723f59d95e9f3208e552b68f09ed66027c093ae08a460bf0117654d4c24d95b7d3d06a1cc8fd16f9d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-644.exe

Filesize
184KB

MD5
587e174dd37bce6b26915956d41f0bab

SHA1
1923e9c6410cffc9f541c52db6586c029d3ea3d6

SHA256
f42f56a40348522529ca5d8ec6d358b16a3d1f470a77823010b34e0d624dab4e

SHA512
8a017b0f7a09390c0b8ce751b42a4cefd33af2138f9ff30017bb350e3ecfa26a875bfd12eb5b16dcb454307285dfae9eae97ad99cc57f4e6dff9a23a658a1fdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe

Filesize
130KB

MD5
58fc5b48e8babca42d8239f2d767ae87

SHA1
ddcbfd9e7093a2f4afa17af8be314d24f46b63ba

SHA256
b5477860774bf7f7cdfcc3874cbcbce6d62d9c0d000c8cd2b33208de5ab7c142

SHA512
cf82e91806063ab35e2aaf7d7c247cf72b2f1576d525fe391d2603b32dc7de4c9bf818534743ea034e99a204e265d24e04895b15c1bb7797c970cab5a842e17c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe

Filesize
121KB

MD5
72164639998b3d55b88ef320fa6b3b99

SHA1
4fac67276044c8e3d6e7302e0410363d2257467c

SHA256
a9ba9269c19cd021b7d8336ad25f17e995842fb7156e7a91a3cb65aff5f6d5ef

SHA512
c48027dc098922abbc1bca50c5de20258305c14eb3ab9835cb9d66967d367b0d0b6e77dcc3885f40245e04aec9b5c90450a7d001274646200be4754a7257536e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe

Filesize
184KB

MD5
16f675e9e36964c15f40dd25831fd914

SHA1
d569ea0f51d5805ab6279cd64ac68465a7f1c96f

SHA256
1bb043990413c97625b95996a3ce80232e7411e94c98a37c459b9caa1eebe2a0

SHA512
e0935de03df65a0bcf47a18694e04c376632161b67ba2467d72bed2ae0a1b7d5993a22512d643b161f0aa6932c05ec2a67811f354058fbdae63810cae1b79b44

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads