6eb2e4a428b6f1f3aea8b6f41d71ced35a21102bd169e113873586c2d8212fad

Analysis

max time kernel
42s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3d75ff54febdc1849b148a89bbf24fc.exe
Size

184KB
MD5

a3d75ff54febdc1849b148a89bbf24fc
SHA1

408bc21ed6bb71bc330e81a0523403805ec9d849
SHA256

6eb2e4a428b6f1f3aea8b6f41d71ced35a21102bd169e113873586c2d8212fad
SHA512

a5cb0a430a68ebe36aa33c49fa5d300a25e7b7ed9d4a6c6d2229fb3806587bf4da1ca99bd116490e5ff8428f683a1cfb38da170c981c1b5759b123e765536f9e
SSDEEP

3072:ilESo4rytNwooqjpoarKvJcCDLNMsE2Y+6xvxE6NNlvvpF2:iltoJOoo2o0KvJpLoTNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 49 IoCs

pid	Process
2952	Unicorn-13438.exe
2084	Unicorn-31166.exe
2928	Unicorn-64201.exe
2700	Unicorn-59920.exe
2680	Unicorn-51368.exe
2684	Unicorn-23334.exe
2424	Unicorn-26536.exe
2372	Unicorn-17814.exe
2860	Unicorn-9453.exe
968	Unicorn-35747.exe
2016	Unicorn-46765.exe
1804	Unicorn-65063.exe
1292	Unicorn-51503.exe
776	Unicorn-43335.exe
2540	Unicorn-32666.exe
640	Unicorn-36750.exe
1700	Unicorn-33796.exe
1552	Unicorn-33242.exe
1020	Unicorn-17460.exe
612	Unicorn-5971.exe
2052	Unicorn-59619.exe
1788	Unicorn-58021.exe
2968	Unicorn-30284.exe
1752	Unicorn-9567.exe
2104	Unicorn-38155.exe
1644	Unicorn-62489.exe
2132	Unicorn-40611.exe
2640	Unicorn-4409.exe
844	Unicorn-14845.exe
2884	Unicorn-35074.exe
2448	Unicorn-60730.exe
2476	Unicorn-36588.exe
2496	Unicorn-15613.exe
2312	Unicorn-31758.exe
2376	Unicorn-45354.exe
2356	Unicorn-28333.exe
1588	Unicorn-3828.exe
700	Unicorn-46376.exe
1792	Unicorn-8488.exe
1244	Unicorn-58628.exe
2536	Unicorn-37247.exe
532	Unicorn-45992.exe
1048	Unicorn-21125.exe
592	Unicorn-59648.exe
588	Unicorn-30121.exe
528	Unicorn-58901.exe
2208	Unicorn-37390.exe
756	Unicorn-53797.exe
2784	Unicorn-61965.exe

Loads dropped DLL 64 IoCs

pid	Process
1960	a3d75ff54febdc1849b148a89bbf24fc.exe
1960	a3d75ff54febdc1849b148a89bbf24fc.exe
2952	Unicorn-13438.exe
2952	Unicorn-13438.exe
1960	a3d75ff54febdc1849b148a89bbf24fc.exe
1960	a3d75ff54febdc1849b148a89bbf24fc.exe
2952	Unicorn-13438.exe
2928	Unicorn-64201.exe
2084	Unicorn-31166.exe
2084	Unicorn-31166.exe
2928	Unicorn-64201.exe
2952	Unicorn-13438.exe
2084	Unicorn-31166.exe
2680	Unicorn-51368.exe
2700	Unicorn-59920.exe
2680	Unicorn-51368.exe
2084	Unicorn-31166.exe
2700	Unicorn-59920.exe
2684	Unicorn-23334.exe
2928	Unicorn-64201.exe
2684	Unicorn-23334.exe
2928	Unicorn-64201.exe
2860	Unicorn-9453.exe
2860	Unicorn-9453.exe
2424	Unicorn-26536.exe
2372	Unicorn-17814.exe
2372	Unicorn-17814.exe
2424	Unicorn-26536.exe
968	Unicorn-35747.exe
968	Unicorn-35747.exe
2016	Unicorn-46765.exe
2016	Unicorn-46765.exe
2860	Unicorn-9453.exe
2860	Unicorn-9453.exe
1292	Unicorn-51503.exe
1292	Unicorn-51503.exe
2372	Unicorn-17814.exe
2372	Unicorn-17814.exe
1020	Unicorn-17460.exe
1020	Unicorn-17460.exe
640	Unicorn-36750.exe
640	Unicorn-36750.exe
1292	Unicorn-51503.exe
1292	Unicorn-51503.exe
2016	Unicorn-46765.exe
1552	Unicorn-33242.exe
2016	Unicorn-46765.exe
1552	Unicorn-33242.exe
968	Unicorn-35747.exe
968	Unicorn-35747.exe
2540	Unicorn-32666.exe
2540	Unicorn-32666.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
1068	WerFault.exe
612	Unicorn-5971.exe
612	Unicorn-5971.exe
1020	Unicorn-17460.exe
1020	Unicorn-17460.exe
2052	Unicorn-59619.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1068	1700	WerFault.exe	46

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
1960	a3d75ff54febdc1849b148a89bbf24fc.exe
2952	Unicorn-13438.exe
2084	Unicorn-31166.exe
2928	Unicorn-64201.exe
2700	Unicorn-59920.exe
2684	Unicorn-23334.exe
2680	Unicorn-51368.exe
2424	Unicorn-26536.exe
2372	Unicorn-17814.exe
2860	Unicorn-9453.exe
968	Unicorn-35747.exe
2016	Unicorn-46765.exe
1804	Unicorn-65063.exe
776	Unicorn-43335.exe
1292	Unicorn-51503.exe
640	Unicorn-36750.exe
2540	Unicorn-32666.exe
1700	Unicorn-33796.exe
1020	Unicorn-17460.exe
1552	Unicorn-33242.exe
612	Unicorn-5971.exe
2052	Unicorn-59619.exe
2968	Unicorn-30284.exe
2104	Unicorn-38155.exe
1788	Unicorn-58021.exe
1644	Unicorn-62489.exe
1752	Unicorn-9567.exe
2132	Unicorn-40611.exe
2640	Unicorn-4409.exe
844	Unicorn-14845.exe
2884	Unicorn-35074.exe
2448	Unicorn-60730.exe
2476	Unicorn-36588.exe
2496	Unicorn-15613.exe
2312	Unicorn-31758.exe
2376	Unicorn-45354.exe
2356	Unicorn-28333.exe
1588	Unicorn-3828.exe
1244	Unicorn-58628.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2952	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	28
PID 1960 wrote to memory of 2952	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	28
PID 1960 wrote to memory of 2952	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	28
PID 1960 wrote to memory of 2952	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	28
PID 2952 wrote to memory of 2084	2952	Unicorn-13438.exe	29
PID 2952 wrote to memory of 2084	2952	Unicorn-13438.exe	29
PID 2952 wrote to memory of 2084	2952	Unicorn-13438.exe	29
PID 2952 wrote to memory of 2084	2952	Unicorn-13438.exe	29
PID 1960 wrote to memory of 2928	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	30
PID 1960 wrote to memory of 2928	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	30
PID 1960 wrote to memory of 2928	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	30
PID 1960 wrote to memory of 2928	1960	a3d75ff54febdc1849b148a89bbf24fc.exe	30
PID 2084 wrote to memory of 2700	2084	Unicorn-31166.exe	31
PID 2084 wrote to memory of 2700	2084	Unicorn-31166.exe	31
PID 2084 wrote to memory of 2700	2084	Unicorn-31166.exe	31
PID 2084 wrote to memory of 2700	2084	Unicorn-31166.exe	31
PID 2928 wrote to memory of 2680	2928	Unicorn-64201.exe	32
PID 2928 wrote to memory of 2680	2928	Unicorn-64201.exe	32
PID 2928 wrote to memory of 2680	2928	Unicorn-64201.exe	32
PID 2928 wrote to memory of 2680	2928	Unicorn-64201.exe	32
PID 2952 wrote to memory of 2684	2952	Unicorn-13438.exe	33
PID 2952 wrote to memory of 2684	2952	Unicorn-13438.exe	33
PID 2952 wrote to memory of 2684	2952	Unicorn-13438.exe	33
PID 2952 wrote to memory of 2684	2952	Unicorn-13438.exe	33
PID 2680 wrote to memory of 2372	2680	Unicorn-51368.exe	35
PID 2680 wrote to memory of 2372	2680	Unicorn-51368.exe	35
PID 2680 wrote to memory of 2372	2680	Unicorn-51368.exe	35
PID 2680 wrote to memory of 2372	2680	Unicorn-51368.exe	35
PID 2084 wrote to memory of 2424	2084	Unicorn-31166.exe	34
PID 2084 wrote to memory of 2424	2084	Unicorn-31166.exe	34
PID 2084 wrote to memory of 2424	2084	Unicorn-31166.exe	34
PID 2084 wrote to memory of 2424	2084	Unicorn-31166.exe	34
PID 2700 wrote to memory of 2860	2700	Unicorn-59920.exe	36
PID 2700 wrote to memory of 2860	2700	Unicorn-59920.exe	36
PID 2700 wrote to memory of 2860	2700	Unicorn-59920.exe	36
PID 2700 wrote to memory of 2860	2700	Unicorn-59920.exe	36
PID 2684 wrote to memory of 968	2684	Unicorn-23334.exe	37
PID 2684 wrote to memory of 968	2684	Unicorn-23334.exe	37
PID 2684 wrote to memory of 968	2684	Unicorn-23334.exe	37
PID 2684 wrote to memory of 968	2684	Unicorn-23334.exe	37
PID 2928 wrote to memory of 2016	2928	Unicorn-64201.exe	38
PID 2928 wrote to memory of 2016	2928	Unicorn-64201.exe	38
PID 2928 wrote to memory of 2016	2928	Unicorn-64201.exe	38
PID 2928 wrote to memory of 2016	2928	Unicorn-64201.exe	38
PID 2860 wrote to memory of 1804	2860	Unicorn-9453.exe	39
PID 2860 wrote to memory of 1804	2860	Unicorn-9453.exe	39
PID 2860 wrote to memory of 1804	2860	Unicorn-9453.exe	39
PID 2860 wrote to memory of 1804	2860	Unicorn-9453.exe	39
PID 2372 wrote to memory of 1292	2372	Unicorn-17814.exe	40
PID 2372 wrote to memory of 1292	2372	Unicorn-17814.exe	40
PID 2372 wrote to memory of 1292	2372	Unicorn-17814.exe	40
PID 2372 wrote to memory of 1292	2372	Unicorn-17814.exe	40
PID 2424 wrote to memory of 776	2424	Unicorn-26536.exe	41
PID 2424 wrote to memory of 776	2424	Unicorn-26536.exe	41
PID 2424 wrote to memory of 776	2424	Unicorn-26536.exe	41
PID 2424 wrote to memory of 776	2424	Unicorn-26536.exe	41
PID 968 wrote to memory of 2540	968	Unicorn-35747.exe	44
PID 968 wrote to memory of 2540	968	Unicorn-35747.exe	44
PID 968 wrote to memory of 2540	968	Unicorn-35747.exe	44
PID 968 wrote to memory of 2540	968	Unicorn-35747.exe	44
PID 2016 wrote to memory of 640	2016	Unicorn-46765.exe	45
PID 2016 wrote to memory of 640	2016	Unicorn-46765.exe	45
PID 2016 wrote to memory of 640	2016	Unicorn-46765.exe	45
PID 2016 wrote to memory of 640	2016	Unicorn-46765.exe	45

C:\Users\Admin\AppData\Local\Temp\a3d75ff54febdc1849b148a89bbf24fc.exe
"C:\Users\Admin\AppData\Local\Temp\a3d75ff54febdc1849b148a89bbf24fc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        8⤵
        Executes dropped EXE
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        7⤵
        Executes dropped EXE
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        9⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        7⤵
        Executes dropped EXE
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        9⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        10⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        10⤵
        
        PID:1336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        11⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        12⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        13⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        8⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        9⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        8⤵
        Executes dropped EXE
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        7⤵
        Executes dropped EXE
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
        9⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        7⤵
        Executes dropped EXE
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63887.exe
        10⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        9⤵
        
        PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        7⤵
        Executes dropped EXE
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        8⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        6⤵
        Executes dropped EXE
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        9⤵
        
        PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        6⤵
        Executes dropped EXE
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        5⤵
        Executes dropped EXE
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        8⤵
        
        PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe

Filesize
184KB

MD5
65cd7e66cba43499da6c6aeb65a8238f

SHA1
9733868b55427858a818be86fce4119e01d3a1ab

SHA256
991544b12e800acd1012875a6512c9d376993f46cea80446c2b63bb2f3e889de

SHA512
8ddbf0980f10cd19c4a58add8db93b8c478ab56abe36b077ecc780f78d64829775ac3065b7f1aeab2bfc23ecb665ec9a44d60841eb79285cc2c7afe6844d2818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe

Filesize
184KB

MD5
c6225783322d68b326aed80fa26b4c6f

SHA1
9ec3488c3ccb8546ecff0de970c4294e53b1babe

SHA256
a79c423d23eb6880b63f34c33ecc130928ae335721d1d2b7f9ca55a1577c871f

SHA512
b26574874f7976e6cdbe9e5b60619121d1d4bddbebcdfe82dea34c450766a916e6fdde39ee8ee80d35d3a8465caeadc90cdc767d9650f38a126f5c66342e16f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe

Filesize
184KB

MD5
06d21578e7aa6c3819ba2be65f055203

SHA1
b21f8692e3456ca838af85c8b643e339df642a9a

SHA256
3dee17edbfef1d971111e2fa0c48228f5e36c79aefc52e6b2e7cf9f2e5b756b0

SHA512
9c0a883258cd1270c71f05d291a16d94ba64b630dc33c609e2672e0d0986e355094132a16d9245b0518a5a25d88153912554f473e66028b1d55ceef837d81f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe

Filesize
184KB

MD5
7a1421625931b4310dfe7b9369e24aed

SHA1
8d602daf8d657dfccd61b8cd38dafd72d0da348d

SHA256
a90e8a537c1f11a7012738500c3a95c5cce50222bf539e35d6ca63f1d73adfb9

SHA512
06d3954de56daa9e39a85d33a1d27ecf9b30687e4ad273ff63c2223b9aa7b9c03bcc33db33e28453d7fcb6ec158b5e01cc39bf8e799de65041e916a66742c786

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe

Filesize
184KB

MD5
e3b158f6e7ee8889381ea3d1a52f0e2c

SHA1
7b83b34acf62d11ef56aea975259a1ffa8be8cd6

SHA256
728d8c47dfddb9533d7ce2f3c16f9db0889ea0ba6ddd96fff5aca4eb656ddf08

SHA512
6e37857a73fdd3452761f5f6e790609e989f3c00f886cdce77f112d8982c84ca46376b372a83784039e990136aed4dbe7701a40fb5c9dc35286da1197d97cdb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe

Filesize
184KB

MD5
3d671be1d3d8f9fb306bf53eb8006759

SHA1
8db0856423fd1d7acb799a85bc19a073a7563a6e

SHA256
f763776363641400afce1ec339d73446eb32c7641bad078dd92af4b8488a45cf

SHA512
79c656ca28d36c3537117647d4ea09fc460342bbc84f7d9097963eb38aea6da1a8205863b27bd9fb8abbc77806179268f1018790cfc501f3bef6294df2de0e55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe

Filesize
184KB

MD5
efe90bde16ef69706c0ccec618da15e2

SHA1
24874c310e1bd2c0a842e452a2f7323e2b0c7177

SHA256
4c28351f76acf5a763393687024862f360aca3572398cc832098f72468b39d31

SHA512
6417f4813a13cdfc9077bb060319c9f5ba5b56aa9e7a6df1973c28a52521ed6d3062408ee7afed01c67d660fa03cbfa6d4f9ccfdffdc5a407a1932b5ecc4137d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe

Filesize
184KB

MD5
07516eef39c8f730b0e13664561b8c95

SHA1
a277a00d7e1674283d9d36c5af3c37760b0d0d71

SHA256
b976ccdf69c88f4bb20e0851ae21598321fb4f29c4475e56b1a1f988afdfccbe

SHA512
dbe96e93be4c2ef1a87ba30e2d498d5ce73e8256fb1ff76f8a012cabfcdc71815a3284cde9a4f9e0f28569827827b475ed2fe947d976bdf4dc45b8df5a461fe3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe

Filesize
184KB

MD5
043be94265110630bd1d740bef596452

SHA1
93be251f9a83b4f93147e5ff861b9bef10d7b133

SHA256
cb0088c5aa3c8c6619dfbb134f01e5ff804b7230e157361d155175e26b9574ea

SHA512
40b66be2667a7d4c65a3ed23d72fc5c46c688ed3dc241347112f5cf978b45c05a35e5f5f33792d329d233f8b6753a5a06e5a6bc4ea5e82398d1afb5f3ae35b0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe

Filesize
184KB

MD5
4a39a143a293ffcacc40929443ddc39d

SHA1
1ace1bcec42afc564c340ff6ce4f3c41c46b7882

SHA256
c4cfcb9a886591aaf5a1a66391395d8605c56d4fceccfd555e6ee417ce580497

SHA512
ee32f905c3598951859bdb72b69c24dd7d3504527a775e4042f53dfc4d72c208b18d9de7fa047d909c363d4625479f9f0557be6c6a7ba91324503c0101f4aab1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe

Filesize
184KB

MD5
7fecf48100ea573ce739bb61ff07db05

SHA1
0d9ac2581f46d0aa86486a216a0e42579a89fbff

SHA256
eceacd668968089fa3589509c0c4ac7ca11a3b4ee399bd84bf8454faa3f47616

SHA512
0a85850eb60d750db580e9ce69893da92130dfd1a38481d4dab24ff08c9b2f13200ccf6e2c0d9bb84f98debda6b467ab4d587687ce7f97ac765b495e45cd9322

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe

Filesize
184KB

MD5
e386c1f7c599d1d14aae5f0962fbce55

SHA1
33a07fe6c11f212b577ae847a4eb485e06453e36

SHA256
54f6bcac82b53e07729a3ad9f0513551a1e0d0fc648de6be411238e4dc657cd3

SHA512
df33ad36412504994a0742689339ccf60a0ee1f2e0289e6ef385085950ace74217479959377ece24ab4779c6b0143d7481164ee5eee4346b13c383a8b53d67bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe

Filesize
184KB

MD5
590d2fcda2559514a69c6387e893ef26

SHA1
3234c468d61f6bbe76e869a44bc72301cf29b894

SHA256
c8e8aa95a72ce66f5d43b2849bedc04d65b377a99bf624b77c2d958a975c0af6

SHA512
d98e9ba2867eb7b39080bf49a3e555c70059c6d5ab950b5665c4bb8bb824cc7f58725c6375437616d9610ad2b6ac186b65e70befb67887b794c5078ea0154fda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe

Filesize
184KB

MD5
67afd03c8952739c6f959ccbedb70c0e

SHA1
1651c92a79ce0be54e065b1a315a0a95488b88d0

SHA256
bc2c62f9301781d39aed7dea5a2ba61e0974773e84243140b59919ec26ef1a3c

SHA512
e5723f3605a9c7412d486d743a9b13b94cb032694b4e77d8f0bb41771422adf3fd8f852a19ece0fcbc97b5a5314e94cfccc4c3f06aa90023adada09c734a616b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe

Filesize
184KB

MD5
f4c936dfb6e2b013d65d2c0c30cfe87e

SHA1
cc4125037bd0a041250bafeea1125736f9e112d9

SHA256
7c87d8770a362fbe5a6140be148a1c3e8d4fe76e2934e470113777245f974131

SHA512
84b63ec85f8d9f2c1ce7fde094cc7c7267daabff240476d18de87824955bc0868d03f15728b0ad9f0a38ee1ebb6df9362ace53030795fd338cf77d234aaaa556

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe

Filesize
184KB

MD5
e226078fff12786b56a08a82ecb250d4

SHA1
b473a67bb164f33377057d32d442f4dedcbbc04f

SHA256
26ac9aab038fa6d859e6fcaa0841bf04f5e5ebb3080bdb68185928d71c927284

SHA512
d0882c0013f5efce48e259b8f10bb60038d96c0d8259b46a2971912f973603a197c222ba3594ed3917d27d9a6cab45450e29652bc5982779c4ee64beab6ca50e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe

Filesize
184KB

MD5
b244d0aee36d432406885432cbed215b

SHA1
d06872bc34f22c54d72fdcedd4dcb670549b4cd7

SHA256
215a81933ce6497863df634d7944981e413569d106a1905d8f8f93034f7cd23e

SHA512
ec96c100a3cd0270eb04c9662c851a97ecafb9f9c4ec9835877d006a2d445e14175b58929ccbce8434854727097be07f89734e2e49f6c3436f887943e5427e5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe

Filesize
184KB

MD5
32d0cc264976199227564a3f06f14a9f

SHA1
3ed68258a33cfe7414cf910a87fb9ec0b1db7bd4

SHA256
452d7096a5354c9de23540bded7f3e278582f3f987a61552a780915e0f992082

SHA512
c8dff6de1b4c5c61650dbd76f749f94a248a972c8ccc91fb8c2dd7290e21a34efc7d8450bba7200bcbe371dbd5a7258522e2f44615b36462d5e922e64dabea68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads