6c3458122fd77c40d7c9d4c56495c9877f8fb22de14a68a84ed0f83b5c9da631

Analysis

max time kernel
26s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cb8a33e0fcb4496af30042ae55a1a5c.exe
Size

184KB
MD5

8cb8a33e0fcb4496af30042ae55a1a5c
SHA1

eec14ff0e16ef5b1e13e857b8943d8c6ca5aa570
SHA256

6c3458122fd77c40d7c9d4c56495c9877f8fb22de14a68a84ed0f83b5c9da631
SHA512

0e1ddfb3339efd0667df22b842a893a827f3dbf6f0bd793879f5b2c2211992d564a08362102dbb6abe1eb532d5bf507348d864d2fe8f94290c2ba23a88700e64
SSDEEP

3072:tzSEoze9fYAg29ArdTn4F8NjqvF60dfVhD5x8gPzm6lPvpF7:tzhoI5g2+db4F8I9GP6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2052	Unicorn-64412.exe
2912	Unicorn-8833.exe
2820	Unicorn-28699.exe
1664	Unicorn-45850.exe
2564	Unicorn-37682.exe
2624	Unicorn-17816.exe
2132	Unicorn-58460.exe
1364	Unicorn-34318.exe
1872	Unicorn-37848.exe
2028	Unicorn-17982.exe
1824	Unicorn-59337.exe
2380	Unicorn-56166.exe
1620	Unicorn-10494.exe
2224	Unicorn-64526.exe
1692	Unicorn-22939.exe
324	Unicorn-48559.exe
2544	Unicorn-56727.exe
1208	Unicorn-28693.exe
1732	Unicorn-15970.exe
2188	Unicorn-61641.exe
2904	Unicorn-57002.exe
2316	Unicorn-29374.exe
856	Unicorn-676.exe
1700	Unicorn-46348.exe
1868	Unicorn-50344.exe
2476	Unicorn-39291.exe

Loads dropped DLL 52 IoCs

pid	Process
2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe
2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe
2052	Unicorn-64412.exe
2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe
2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe
2052	Unicorn-64412.exe
2912	Unicorn-8833.exe
2912	Unicorn-8833.exe
2820	Unicorn-28699.exe
2820	Unicorn-28699.exe
2052	Unicorn-64412.exe
2052	Unicorn-64412.exe
1664	Unicorn-45850.exe
2912	Unicorn-8833.exe
1664	Unicorn-45850.exe
2912	Unicorn-8833.exe
2820	Unicorn-28699.exe
2564	Unicorn-37682.exe
2820	Unicorn-28699.exe
2564	Unicorn-37682.exe
2624	Unicorn-17816.exe
2624	Unicorn-17816.exe
2132	Unicorn-58460.exe
2132	Unicorn-58460.exe
1664	Unicorn-45850.exe
1664	Unicorn-45850.exe
1824	Unicorn-59337.exe
1824	Unicorn-59337.exe
2624	Unicorn-17816.exe
2624	Unicorn-17816.exe
2028	Unicorn-17982.exe
2028	Unicorn-17982.exe
2564	Unicorn-37682.exe
1872	Unicorn-37848.exe
2564	Unicorn-37682.exe
1872	Unicorn-37848.exe
2132	Unicorn-58460.exe
1620	Unicorn-10494.exe
2132	Unicorn-58460.exe
1620	Unicorn-10494.exe
2380	Unicorn-56166.exe
2224	Unicorn-64526.exe
2380	Unicorn-56166.exe
2224	Unicorn-64526.exe
1872	Unicorn-37848.exe
324	Unicorn-48559.exe
324	Unicorn-48559.exe
1872	Unicorn-37848.exe
2544	Unicorn-56727.exe
2544	Unicorn-56727.exe
2188	Unicorn-61641.exe
2188	Unicorn-61641.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe
2052	Unicorn-64412.exe
2912	Unicorn-8833.exe
2820	Unicorn-28699.exe
1664	Unicorn-45850.exe
2624	Unicorn-17816.exe
2564	Unicorn-37682.exe
2132	Unicorn-58460.exe
2028	Unicorn-17982.exe
1824	Unicorn-59337.exe
1872	Unicorn-37848.exe
1620	Unicorn-10494.exe
2380	Unicorn-56166.exe
2224	Unicorn-64526.exe
2544	Unicorn-56727.exe
324	Unicorn-48559.exe
1208	Unicorn-28693.exe
1732	Unicorn-15970.exe
2188	Unicorn-61641.exe
856	Unicorn-676.exe
2316	Unicorn-29374.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2052	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	28
PID 2352 wrote to memory of 2052	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	28
PID 2352 wrote to memory of 2052	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	28
PID 2352 wrote to memory of 2052	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	28
PID 2352 wrote to memory of 2912	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	30
PID 2352 wrote to memory of 2912	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	30
PID 2352 wrote to memory of 2912	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	30
PID 2352 wrote to memory of 2912	2352	8cb8a33e0fcb4496af30042ae55a1a5c.exe	30
PID 2052 wrote to memory of 2820	2052	Unicorn-64412.exe	29
PID 2052 wrote to memory of 2820	2052	Unicorn-64412.exe	29
PID 2052 wrote to memory of 2820	2052	Unicorn-64412.exe	29
PID 2052 wrote to memory of 2820	2052	Unicorn-64412.exe	29
PID 2912 wrote to memory of 1664	2912	Unicorn-8833.exe	31
PID 2912 wrote to memory of 1664	2912	Unicorn-8833.exe	31
PID 2912 wrote to memory of 1664	2912	Unicorn-8833.exe	31
PID 2912 wrote to memory of 1664	2912	Unicorn-8833.exe	31
PID 2820 wrote to memory of 2564	2820	Unicorn-28699.exe	33
PID 2820 wrote to memory of 2564	2820	Unicorn-28699.exe	33
PID 2820 wrote to memory of 2564	2820	Unicorn-28699.exe	33
PID 2820 wrote to memory of 2564	2820	Unicorn-28699.exe	33
PID 2052 wrote to memory of 2624	2052	Unicorn-64412.exe	32
PID 2052 wrote to memory of 2624	2052	Unicorn-64412.exe	32
PID 2052 wrote to memory of 2624	2052	Unicorn-64412.exe	32
PID 2052 wrote to memory of 2624	2052	Unicorn-64412.exe	32
PID 1664 wrote to memory of 2132	1664	Unicorn-45850.exe	34
PID 1664 wrote to memory of 2132	1664	Unicorn-45850.exe	34
PID 1664 wrote to memory of 2132	1664	Unicorn-45850.exe	34
PID 1664 wrote to memory of 2132	1664	Unicorn-45850.exe	34
PID 2912 wrote to memory of 1364	2912	Unicorn-8833.exe	35
PID 2912 wrote to memory of 1364	2912	Unicorn-8833.exe	35
PID 2912 wrote to memory of 1364	2912	Unicorn-8833.exe	35
PID 2912 wrote to memory of 1364	2912	Unicorn-8833.exe	35
PID 2820 wrote to memory of 2028	2820	Unicorn-28699.exe	38
PID 2820 wrote to memory of 2028	2820	Unicorn-28699.exe	38
PID 2820 wrote to memory of 2028	2820	Unicorn-28699.exe	38
PID 2820 wrote to memory of 2028	2820	Unicorn-28699.exe	38
PID 2564 wrote to memory of 1872	2564	Unicorn-37682.exe	37
PID 2564 wrote to memory of 1872	2564	Unicorn-37682.exe	37
PID 2564 wrote to memory of 1872	2564	Unicorn-37682.exe	37
PID 2564 wrote to memory of 1872	2564	Unicorn-37682.exe	37
PID 2624 wrote to memory of 1824	2624	Unicorn-17816.exe	36
PID 2624 wrote to memory of 1824	2624	Unicorn-17816.exe	36
PID 2624 wrote to memory of 1824	2624	Unicorn-17816.exe	36
PID 2624 wrote to memory of 1824	2624	Unicorn-17816.exe	36
PID 2132 wrote to memory of 1620	2132	Unicorn-58460.exe	39
PID 2132 wrote to memory of 1620	2132	Unicorn-58460.exe	39
PID 2132 wrote to memory of 1620	2132	Unicorn-58460.exe	39
PID 2132 wrote to memory of 1620	2132	Unicorn-58460.exe	39
PID 1664 wrote to memory of 2380	1664	Unicorn-45850.exe	40
PID 1664 wrote to memory of 2380	1664	Unicorn-45850.exe	40
PID 1664 wrote to memory of 2380	1664	Unicorn-45850.exe	40
PID 1664 wrote to memory of 2380	1664	Unicorn-45850.exe	40
PID 1824 wrote to memory of 1692	1824	Unicorn-59337.exe	45
PID 1824 wrote to memory of 1692	1824	Unicorn-59337.exe	45
PID 1824 wrote to memory of 1692	1824	Unicorn-59337.exe	45
PID 1824 wrote to memory of 1692	1824	Unicorn-59337.exe	45
PID 2624 wrote to memory of 2224	2624	Unicorn-17816.exe	41
PID 2624 wrote to memory of 2224	2624	Unicorn-17816.exe	41
PID 2624 wrote to memory of 2224	2624	Unicorn-17816.exe	41
PID 2624 wrote to memory of 2224	2624	Unicorn-17816.exe	41
PID 2028 wrote to memory of 2544	2028	Unicorn-17982.exe	42
PID 2028 wrote to memory of 2544	2028	Unicorn-17982.exe	42
PID 2028 wrote to memory of 2544	2028	Unicorn-17982.exe	42
PID 2028 wrote to memory of 2544	2028	Unicorn-17982.exe	42

C:\Users\Admin\AppData\Local\Temp\8cb8a33e0fcb4496af30042ae55a1a5c.exe
"C:\Users\Admin\AppData\Local\Temp\8cb8a33e0fcb4496af30042ae55a1a5c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        9⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        6⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        11⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        12⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        13⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        14⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        16⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        11⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        6⤵
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        6⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        8⤵
        
        PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17816.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        5⤵
        Executes dropped EXE
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        11⤵
        
        PID:3008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        9⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        6⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        9⤵
        
        PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
        5⤵
        Executes dropped EXE
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        8⤵
        
        PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe
    3⤵
    - Executes dropped EXE
    PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe

Filesize
184KB

MD5
79f5bf203292fdc5888456cd9197d949

SHA1
93b4f9a3ac5a0d09d5c363f12be9d0fec704d081

SHA256
662e8c366ff1f59f492dade7e801c3a26f354dad62af481aafc1fb6611198d07

SHA512
bf37eb6bd884ff54ca2a89b81efc8b0931da66b52437c6ac5eee4d1e71070a0fa52d5e9611a475d772e6d89fb3aded293bc0df14f3f0d83e3eb7424f9c14c83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe

Filesize
184KB

MD5
15d9bebf72c6750e42d42438814fbcd4

SHA1
6985570af663a5da1a065e680fccd198ee629890

SHA256
fec71ddfb7f2deb4b1b28d327398049d47ee3bf0fab6329949259995ec334530

SHA512
5bf926e3e40b2b5e91a464f1ebef7d37fb7c9adfeb05461ae695703c4f24826df022da8c321415e242a17adfec4c7b2b86071349ebeed313ab87a05e112b07e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe

Filesize
184KB

MD5
ca9c41907af723772e090f6628eae271

SHA1
660f014202e40b2f31c875f3a0ac9e2238975712

SHA256
46e380ba3dd4d471df679169b2b87423a5d02b5aa9527dcf8812102fe8450fc9

SHA512
3eae917db2c586937952fb1e0d0830a20b504f640e08102e2b2b28dd274a7a5eb4e5505093158092230f81600fda1fddfdf6f20f7cdc892f66f2184edd6e86b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe

Filesize
184KB

MD5
16c3a11943cdca2a090167f09403794a

SHA1
5cd24e242d823e1470f6cc630d4241038fe2d2df

SHA256
88c4de4777d671b94da537e07d53d4809bbdc204e69c0ef94b09cdbd2e15a0c7

SHA512
4a20302eada9f4b9fcb27dc4579f613245a50e9428ee8e4d2017441904c64ee3a08dea1d94207e4b327570a437b5a4587bed969659fa1c5e96d7e9cb038f0561

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe

Filesize
184KB

MD5
8cdd44d2e887469465c5a6ddeff3bea4

SHA1
3bdd25de9af9dfb9daf973e8b713d6373481b3ae

SHA256
c554b4d9c92a2979480b16a0cb8753379c57496345ed426bdffe1116d66034fa

SHA512
7ffcc3d648c8edabd25ecc484834c77fe096da284008e0154a474c6a5d2d5f6298994b53eb3032876ad968ec16608b997baaf7472127f8188c8f9b24a5e2aabe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe

Filesize
184KB

MD5
22ae65427170bbf09bf81cf6f97928e5

SHA1
3850dc40704b38836f440db5566f25112df7b64d

SHA256
c885e664300992b1dd2f41b7e0972fc1be7aa3b155f4413c360a9349bb167d8f

SHA512
5254199be3badcf7c22fe057b93933111f8e1547ac93449e067440190b77f5d98e0cd7e229f659d9949ad10c496b769285dfe5e346cf9ea65a94cc4062d19fc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17816.exe

Filesize
184KB

MD5
7f78f56c5780db81c29049f76a86de85

SHA1
eee63f26081a8a62ad6d1692d414ce655fb50e36

SHA256
4fe41d43d1a339d76f3fb851967edde2e68317a23e2519897a9288d02fed903c

SHA512
42d464bd1139b049d02f52ebc3c195302fc1513e7b77b84dbb51eec0be519169cfb84a0a2a17fd42dc3875dc7d66a8c1181e9f77d94fd3b8a870288043778362

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe

Filesize
184KB

MD5
5c07494f0380e749860e535fcfc364ac

SHA1
96a0f63c4c052d27e842ea0f6a4dad9e953a6cb1

SHA256
101d7a5e9f0dadedcb370ef42fb24a2cbe39be2ec401c88c0236f83999afda61

SHA512
d872296a904d649bb3c6db30206f6eeea55fb8421f016b005075383fc1fae7402c0caa128a1f004da3f0541e17dfba10c5f59ac0992a42138adab075600a801f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe

Filesize
184KB

MD5
66c845832ba4a84ce7d161e1f867a2c4

SHA1
c74e8c06261b31ca3599e07425544280a1be4881

SHA256
6f06a5327da69d6dc7b29207d69e425d1aa67ef2a321263c4a9a504bbb08904b

SHA512
d00a0868151e02712b20136ede8a2cacb420199569dcd8babd777e4e1b8c74c05c70ec68605c2cb9bfcaf0557d3c896d80d158452c7b65178e58ac6de71fd11b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe

Filesize
184KB

MD5
6f04b5c0473ce5b35dd713af6ca3e38c

SHA1
b2707a39ae70a9235f6a943a3b3294abdddd6853

SHA256
50cf540d1d816d5a666640b6d5c090d0b40306171f7ade4c689e98957eb61358

SHA512
79778b9059da24519a9e86570c487343f10c03b7c3358c9009ef516ea4a1bcfa8fec4b1e0f725837205c2c02560eb941aec232de155c8389818039dd18b63129

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe

Filesize
184KB

MD5
578013f7bfbe142d038efd01739a6268

SHA1
dd88897bc1a00c82b7f1f7b4269c37fc2d6e9902

SHA256
0eb6d54331610bc82b884a598d00db3ec80fad2301f5fcd2e776b3ca7f7f7689

SHA512
200c05049f4b63bd45a6324a718d871d2fa66b3db775dcb671f2e73eaed20b2dbb85461212e1567637ae90e2b5592c8a26d85214770838fef8fd41bc0a5ea6a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe

Filesize
184KB

MD5
d66ee53005a568d0ae3eb57e8aa620d7

SHA1
1c23ef6250d9d378b290e5d39408d48ff936cf1c

SHA256
c6cde20a615b8766a5bd4f160226bd94bc41b4be89bc73c4ae689b360e869b83

SHA512
d1d837c8a473e9ce75140d9a2575632331dc855d1881351af43a97f25f8fe247f87006d625783dfc16c17c421909e234914743eec0469f461adcd1db9223a5bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe

Filesize
184KB

MD5
a3b27799dd7581574663c9ebec9ae7ff

SHA1
666aeff1caba049aee06a77017d9a68dfc8d6cba

SHA256
c480e985871fe7f6f3b5b9f018d1bd0cfa3a61139e59c0a60da95f8b6cb6d1e0

SHA512
20bf5ed97b29ed4b4f089004b1d6a2b2f9b7d1d261bf7e59171218e88a760bd8a6f12a0880a4ad7fe1d3860a195694a3a1e9c1eeeec2a336d5bf41eb768039f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe

Filesize
184KB

MD5
6498d9ff3a95e3d7584c7deff3c61dad

SHA1
031f79105ccc239ec674dda450efabe776138b1f

SHA256
d499572d82b72a088fd05e62b83faf4bda9898ea8db8453ca0985e15272d7dd9

SHA512
a8702098a8d875ccb78097ac2f612acfee768aff05c1c97bdb958e248cb1fb455da51b60b40ab3ad05d81f1317e9d3ff0d937eb8ff1a671c6879ddb099bc6a91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe

Filesize
184KB

MD5
7a03f839d799232b7f3c2fb5136035f0

SHA1
0cbf1bb55cce744871df433fc02cb61c723dba22

SHA256
e2d0d02b6a64ee5ab5317d46da4670bf5ffad8fc24147cdebb5262b86d46cf18

SHA512
bc7e4c28d30c425708960740dfc9ede22f5b7b498c349b73757b9b16f78243ac725942c6c84c8424102036ce850e427ef82b404ffabcb410afb264eb20d3e61c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe

Filesize
184KB

MD5
c57edb865b03423fe1f58acff19ecfd9

SHA1
2d0942b607a2e23fdae18eadf9d86e8fec16f943

SHA256
0b786da8c0be8e22c6d7140bddcb5cfc5e7f7961e02ae8ad1e3cd8256bf3b365

SHA512
3787032b06aa4d2fb6ac6243589e6494ee829a957f9325ac7e061990730441156bc2be1eb650f3cdda6542f51e89f98f9e29555252b411b9047db556e864045e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe

Filesize
184KB

MD5
8401a35e91b5dfa94b2b7ab6830ebb33

SHA1
0df4d752cd7ab4ae54ec94e991fe132f8c8d4dea

SHA256
d88cc4e475510b31bd03604116c603c0d8d697389dfdd81abd72d37fbd267e08

SHA512
d627e41922deaebee345e097c892840a82f30f86c1f132ef0a432ac4a3f1fa648652d05b013486ae6668734d8c011ef0ed602777e30a0799eb11813daab94910

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe

Filesize
184KB

MD5
77feff69c2bba612d1b0f59fe98edfa5

SHA1
dab556cbf055f7a14630a564fa1136f7cc1964df

SHA256
26591b97ed55ec910bd1584e43bd6a8fd1f9e10c12ea5f7b850fce0e94f2faa0

SHA512
c48ebbe81a32c4b1daf121ffd2001b8851602ce54983fec693c7b9e2cd4c18477f8c641f400f9dc045a9c73984935c444c5dbc5fa7facc7fef247f06834f8590

Download Submit
memory/1724-405-0x00000000028C0000-0x0000000002A1C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads