f45d12163e856383a38393f30a104c7cfac1d0b1c7b74a89ce8c364717710b5f

Analysis

max time kernel
40s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 06:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4081c74f53c30deff2e67045efc0ab3.exe
Size

184KB
MD5

b4081c74f53c30deff2e67045efc0ab3
SHA1

6e1fc684fa6ee800747b8bbb59800aa558fee746
SHA256

f45d12163e856383a38393f30a104c7cfac1d0b1c7b74a89ce8c364717710b5f
SHA512

9d1c9438acd01f84fb05cca45f9c0f38a09bc300231e33005a50975cd96d13692d79d5749bfdeba9e6d50dbc791ec5c4087aabbecc8bff532d104b501726ff2a
SSDEEP

3072:TvAsoKxSvzwQ/Oj08UujoJcL7zkMYufgB7xz2Eb+NsHtpFy:TvPoDUQ/n8/joJ7EkKNsHtpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 46 IoCs

pid	Process
2212	Unicorn-65376.exe
3020	Unicorn-40653.exe
2740	Unicorn-2761.exe
2216	Unicorn-57520.exe
2464	Unicorn-29486.exe
1036	Unicorn-56783.exe
2708	Unicorn-20581.exe
2880	Unicorn-32279.exe
1224	Unicorn-63493.exe
1948	Unicorn-27291.exe
1436	Unicorn-6700.exe
904	Unicorn-36035.exe
860	Unicorn-55901.exe
1932	Unicorn-30816.exe
1156	Unicorn-32736.exe
848	Unicorn-4702.exe
1664	Unicorn-40712.exe
1816	Unicorn-16208.exe
1756	Unicorn-45927.exe
3052	Unicorn-45502.exe
956	Unicorn-8205.exe
832	Unicorn-52575.exe
2828	Unicorn-28263.exe
1504	Unicorn-56638.exe
2224	Unicorn-27111.exe
560	Unicorn-51807.exe
2848	Unicorn-19519.exe
356	Unicorn-48278.exe
1592	Unicorn-40685.exe
2000	Unicorn-10180.exe
2944	Unicorn-31347.exe
2596	Unicorn-9988.exe
2964	Unicorn-18541.exe
2908	Unicorn-47876.exe
2932	Unicorn-1244.exe
2356	Unicorn-13859.exe
2200	Unicorn-27010.exe
1824	Unicorn-52666.exe
2616	Unicorn-32800.exe
2284	Unicorn-52666.exe
3020	Unicorn-52666.exe
1640	Unicorn-52666.exe
2760	Unicorn-52666.exe
2484	Unicorn-23942.exe
1600	Unicorn-43808.exe
548	Unicorn-43808.exe

Loads dropped DLL 64 IoCs

pid	Process
2872	b4081c74f53c30deff2e67045efc0ab3.exe
2872	b4081c74f53c30deff2e67045efc0ab3.exe
2872	b4081c74f53c30deff2e67045efc0ab3.exe
2872	b4081c74f53c30deff2e67045efc0ab3.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
3020	Unicorn-40653.exe
3020	Unicorn-40653.exe
2740	Unicorn-2761.exe
2740	Unicorn-2761.exe
3020	Unicorn-40653.exe
3020	Unicorn-40653.exe
2216	Unicorn-57520.exe
2216	Unicorn-57520.exe
2740	Unicorn-2761.exe
2740	Unicorn-2761.exe
2464	Unicorn-29486.exe
2464	Unicorn-29486.exe
1036	Unicorn-56783.exe
1036	Unicorn-56783.exe
2216	Unicorn-57520.exe
2216	Unicorn-57520.exe
2880	Unicorn-32279.exe
2880	Unicorn-32279.exe
2464	Unicorn-29486.exe
2464	Unicorn-29486.exe
2708	Unicorn-20581.exe
2708	Unicorn-20581.exe
1948	Unicorn-27291.exe
1948	Unicorn-27291.exe
1436	Unicorn-6700.exe
1436	Unicorn-6700.exe
2880	Unicorn-32279.exe
2880	Unicorn-32279.exe
904	Unicorn-36035.exe
904	Unicorn-36035.exe
2708	Unicorn-20581.exe
2708	Unicorn-20581.exe
860	Unicorn-55901.exe
860	Unicorn-55901.exe
1932	Unicorn-30816.exe
1932	Unicorn-30816.exe
1948	Unicorn-27291.exe
1948	Unicorn-27291.exe
848	Unicorn-4702.exe
848	Unicorn-4702.exe
1156	Unicorn-32736.exe
1156	Unicorn-32736.exe
1436	Unicorn-6700.exe
1436	Unicorn-6700.exe
1664	Unicorn-40712.exe
1664	Unicorn-40712.exe
1756	Unicorn-45927.exe
1756	Unicorn-45927.exe
904	Unicorn-36035.exe
904	Unicorn-36035.exe
1816	Unicorn-16208.exe
1816	Unicorn-16208.exe
860	Unicorn-55901.exe
860	Unicorn-55901.exe
3052	Unicorn-45502.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2540	2212	WerFault.exe	28

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
2872	b4081c74f53c30deff2e67045efc0ab3.exe
2212	Unicorn-65376.exe
3020	Unicorn-40653.exe
2740	Unicorn-2761.exe
2216	Unicorn-57520.exe
2464	Unicorn-29486.exe
1036	Unicorn-56783.exe
2708	Unicorn-20581.exe
2880	Unicorn-32279.exe
1224	Unicorn-63493.exe
1948	Unicorn-27291.exe
1436	Unicorn-6700.exe
860	Unicorn-55901.exe
904	Unicorn-36035.exe
1932	Unicorn-30816.exe
848	Unicorn-4702.exe
1156	Unicorn-32736.exe
1664	Unicorn-40712.exe
1756	Unicorn-45927.exe
1816	Unicorn-16208.exe
3052	Unicorn-45502.exe
956	Unicorn-8205.exe
832	Unicorn-52575.exe
2828	Unicorn-28263.exe
1504	Unicorn-56638.exe
560	Unicorn-51807.exe
356	Unicorn-48278.exe
2224	Unicorn-27111.exe
2848	Unicorn-19519.exe
1592	Unicorn-40685.exe
2000	Unicorn-10180.exe
2944	Unicorn-31347.exe
2964	Unicorn-18541.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2212	2872	b4081c74f53c30deff2e67045efc0ab3.exe	28
PID 2872 wrote to memory of 2212	2872	b4081c74f53c30deff2e67045efc0ab3.exe	28
PID 2872 wrote to memory of 2212	2872	b4081c74f53c30deff2e67045efc0ab3.exe	28
PID 2872 wrote to memory of 2212	2872	b4081c74f53c30deff2e67045efc0ab3.exe	28
PID 2872 wrote to memory of 3020	2872	b4081c74f53c30deff2e67045efc0ab3.exe	30
PID 2872 wrote to memory of 3020	2872	b4081c74f53c30deff2e67045efc0ab3.exe	30
PID 2872 wrote to memory of 3020	2872	b4081c74f53c30deff2e67045efc0ab3.exe	30
PID 2872 wrote to memory of 3020	2872	b4081c74f53c30deff2e67045efc0ab3.exe	30
PID 2212 wrote to memory of 2540	2212	Unicorn-65376.exe	29
PID 2212 wrote to memory of 2540	2212	Unicorn-65376.exe	29
PID 2212 wrote to memory of 2540	2212	Unicorn-65376.exe	29
PID 2212 wrote to memory of 2540	2212	Unicorn-65376.exe	29
PID 3020 wrote to memory of 2740	3020	Unicorn-40653.exe	31
PID 3020 wrote to memory of 2740	3020	Unicorn-40653.exe	31
PID 3020 wrote to memory of 2740	3020	Unicorn-40653.exe	31
PID 3020 wrote to memory of 2740	3020	Unicorn-40653.exe	31
PID 2740 wrote to memory of 2216	2740	Unicorn-2761.exe	32
PID 2740 wrote to memory of 2216	2740	Unicorn-2761.exe	32
PID 2740 wrote to memory of 2216	2740	Unicorn-2761.exe	32
PID 2740 wrote to memory of 2216	2740	Unicorn-2761.exe	32
PID 3020 wrote to memory of 2464	3020	Unicorn-40653.exe	33
PID 3020 wrote to memory of 2464	3020	Unicorn-40653.exe	33
PID 3020 wrote to memory of 2464	3020	Unicorn-40653.exe	33
PID 3020 wrote to memory of 2464	3020	Unicorn-40653.exe	33
PID 2216 wrote to memory of 1036	2216	Unicorn-57520.exe	34
PID 2216 wrote to memory of 1036	2216	Unicorn-57520.exe	34
PID 2216 wrote to memory of 1036	2216	Unicorn-57520.exe	34
PID 2216 wrote to memory of 1036	2216	Unicorn-57520.exe	34
PID 2740 wrote to memory of 2708	2740	Unicorn-2761.exe	35
PID 2740 wrote to memory of 2708	2740	Unicorn-2761.exe	35
PID 2740 wrote to memory of 2708	2740	Unicorn-2761.exe	35
PID 2740 wrote to memory of 2708	2740	Unicorn-2761.exe	35
PID 2464 wrote to memory of 2880	2464	Unicorn-29486.exe	36
PID 2464 wrote to memory of 2880	2464	Unicorn-29486.exe	36
PID 2464 wrote to memory of 2880	2464	Unicorn-29486.exe	36
PID 2464 wrote to memory of 2880	2464	Unicorn-29486.exe	36
PID 1036 wrote to memory of 1224	1036	Unicorn-56783.exe	37
PID 1036 wrote to memory of 1224	1036	Unicorn-56783.exe	37
PID 1036 wrote to memory of 1224	1036	Unicorn-56783.exe	37
PID 1036 wrote to memory of 1224	1036	Unicorn-56783.exe	37
PID 2216 wrote to memory of 1948	2216	Unicorn-57520.exe	38
PID 2216 wrote to memory of 1948	2216	Unicorn-57520.exe	38
PID 2216 wrote to memory of 1948	2216	Unicorn-57520.exe	38
PID 2216 wrote to memory of 1948	2216	Unicorn-57520.exe	38
PID 2880 wrote to memory of 1436	2880	Unicorn-32279.exe	39
PID 2880 wrote to memory of 1436	2880	Unicorn-32279.exe	39
PID 2880 wrote to memory of 1436	2880	Unicorn-32279.exe	39
PID 2880 wrote to memory of 1436	2880	Unicorn-32279.exe	39
PID 2464 wrote to memory of 904	2464	Unicorn-29486.exe	40
PID 2464 wrote to memory of 904	2464	Unicorn-29486.exe	40
PID 2464 wrote to memory of 904	2464	Unicorn-29486.exe	40
PID 2464 wrote to memory of 904	2464	Unicorn-29486.exe	40
PID 2708 wrote to memory of 860	2708	Unicorn-20581.exe	41
PID 2708 wrote to memory of 860	2708	Unicorn-20581.exe	41
PID 2708 wrote to memory of 860	2708	Unicorn-20581.exe	41
PID 2708 wrote to memory of 860	2708	Unicorn-20581.exe	41
PID 1948 wrote to memory of 1932	1948	Unicorn-27291.exe	42
PID 1948 wrote to memory of 1932	1948	Unicorn-27291.exe	42
PID 1948 wrote to memory of 1932	1948	Unicorn-27291.exe	42
PID 1948 wrote to memory of 1932	1948	Unicorn-27291.exe	42
PID 1436 wrote to memory of 1156	1436	Unicorn-6700.exe	43
PID 1436 wrote to memory of 1156	1436	Unicorn-6700.exe	43
PID 1436 wrote to memory of 1156	1436	Unicorn-6700.exe	43
PID 1436 wrote to memory of 1156	1436	Unicorn-6700.exe	43

C:\Users\Admin\AppData\Local\Temp\b4081c74f53c30deff2e67045efc0ab3.exe
"C:\Users\Admin\AppData\Local\Temp\b4081c74f53c30deff2e67045efc0ab3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        9⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        8⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        8⤵
        Executes dropped EXE
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
        9⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        7⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        8⤵
        
        PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        8⤵
        Executes dropped EXE
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        9⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        7⤵
        Executes dropped EXE
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        7⤵
        Executes dropped EXE
        
        PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
        8⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        7⤵
        Executes dropped EXE
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        8⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        7⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        8⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        8⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        6⤵
        Executes dropped EXE
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        7⤵
        Executes dropped EXE
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        6⤵
        Executes dropped EXE
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
        7⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
        8⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        6⤵
        Executes dropped EXE
        
        PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe

Filesize
184KB

MD5
c7104e97ec4c8f795ec06d099f12ca8a

SHA1
4ea0282eb64d5a8f24208d09a78362379424adb8

SHA256
ed127c417f5b57e06699b576f69dac48fe841e759dbaaa8e7308d9e972bf71c9

SHA512
a9269544d1355764cc93a2c057a72e10421711e29cafb60d7dc592b432b8037ebadd1d000847a685cdb762c72c9b70b9dd199d8ca7531a91d0ab99e31113a0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe

Filesize
184KB

MD5
d1d90de050c8247833b2e402d758d422

SHA1
18b75dbdada6ada0a1682ad84229234fd76e1b5e

SHA256
2911b07fae1f0b47116cf508e459906369dfbec0d81b51247b355b580468e20b

SHA512
1e199845a394fb9c616b6af2df2aa6f843d792529202b9cbc3031c14675a427e06fbad3ad4073cb952aee1717ecb2c004dea607c49de8b87456cc4b6971b723e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe

Filesize
184KB

MD5
3c07deebd21eac850702976b263cebdd

SHA1
75df04846e90243ce15d67a1f722da7b11aa920d

SHA256
46cd77fd6602611cf3282e0269d53e10be5da877303a0861f15eb2fb9d52375b

SHA512
dfee867f5ccd98795f9a839e20ded27f87bc202c1ef4152082d2402993ac8e10327d5a4bb6bb3e80ae5602fb16d9313c02e1e94758c7732a7c990361cafc8bc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe

Filesize
184KB

MD5
de305f4519ece7c8fb5703ca8fd40db5

SHA1
801bc29b55fbbcabbe6f2cdbbdd2f8d6668a59f6

SHA256
ed0a056a4520133d9185331700cac4f28255a3957dd9be4fe86a3c464a2a301a

SHA512
504cd97cd230eb399cdb6e6bf985b1614b5f0548f5b4082f1eee5cec2151d73abc81ebc56eead6bba72709dae10a0f0300b8d63c303186117e4aedfdd8641b59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe

Filesize
184KB

MD5
2bddc3a0f6600471d145adb1bd46ef6f

SHA1
057fbf2a78093e7c4d575f2a997efb3c42de633f

SHA256
bad34310f6e1ada01e16eff82ee37728210b4b751f611ff4227272a0c2af3b84

SHA512
557991ea01aef335a99a64c5f9f15f34e45032605a7ceb264741ca281857a9c5f7e8743822964b3e19e72db12b59bcfff97ae5bee8221964aa0838bb29768c00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe

Filesize
184KB

MD5
7ef9bc4fe8e1780f06952ee1c87d5d5a

SHA1
509c926f9df626c38dcad43da6591b4e7ecde054

SHA256
280eed413df3b3cdc7fd9aa511030a1b74d40db70bc9678950c005cdd79f91f1

SHA512
60b75f06fa4d41ed874055fc9ba4d33dd1de1c5f05c6d49588568b8d9677196f3a5e78eed396cf7555ec577ad960c68c6524efee121cfead6a3a7ac4067915ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe

Filesize
184KB

MD5
24a9830f740dd11b9295f38715054237

SHA1
12e96f18442483303018b243a41dc10ffb181c00

SHA256
85101dae52505f67b19b6b717198a9faf05107bbb78f33e3acf291997c24d8b0

SHA512
0e4b9598d986c8e14dfcae31e8459c194e92f03815beaf0f103d91335952842e21c5555b3fb2a80063e2d78b6b88b8dafe8931cb550c44512f673ab2e49b1a2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe

Filesize
184KB

MD5
af58cade0253fe40f8f413870eadc4fb

SHA1
8052650f14ecfd1d09f101b6af612a401daef5b0

SHA256
6d7f692c014fa5243c5678ad852dba5e3498192bb007bc0654e41914fd66ad18

SHA512
05a40f594a975d569893d1f5b62fbec97875ed0578ea5dfe8689033cc5b3c042b7cfa1da9eb3b3f5b2421917c89b56b49c14589c7dd7ea0d284e864a91d3f825

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe

Filesize
184KB

MD5
ae426b3425ff384a6c450569b65ea8ca

SHA1
c87fb326d4d1ce29ae31cf66835ce6e27c53b708

SHA256
256399dc198cff576c667c270c286b86d99b475cb9045e972663a90d239f541c

SHA512
1f11c2774bebf3f1eddc320227fa3829d7039bbcc1974edc102fe1cea4de6773f08c874554c4a968fdfad2fc03a6feff49d26ddca409c2f1dc28a92d1110e6ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe

Filesize
184KB

MD5
1e071b41d5f040fd9e21b9d8653b4b1b

SHA1
add6d142318962245101975c0f41541ca3081269

SHA256
536554091d36987882accb1c9519a10dcc88b1ca46cbc2464449269d57d9a2da

SHA512
14ebda464b953ad8ebf8c0ba66d268edd0b0f0aed2178956b40cf1fe8f1b26e5b95661dc6df4e991f77f35a37024e9daa1b0e1874ad3535b7b9b3eb79ad5e01c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe

Filesize
184KB

MD5
1aed7cf0d8037f3bd0ea02f2bf927d82

SHA1
53f66b9898693bed804774ff2af6b928fcfc4002

SHA256
64996c872a579684cd06cf4f39728c83cd799f059ebb07a6d3479536a1142471

SHA512
a7ca6f160be8fd3d6c8dcca4faf7402b9ab8bc1d371821a68bb70d1e87c57481cd775134c41844ac15e7213e7dfd9d18db04c8a44ba6375b44a0c331ecf1405c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe

Filesize
184KB

MD5
21d8ab58079a6ce41c9b9d35f25295df

SHA1
104843dd5dc89cb6a8184debc2c20def4623cedd

SHA256
3db5a3e114fa70cb009373d6b141ff744987ba1c7182dbbc20e5584eff5f29d5

SHA512
3b163b3e7a28b8a8dbfc2a1888c654f4830b1141fd009ea6e0be7a29688bf35728c5e534e75e10e4ddace96adbcad5e5d1265f242dfff408b6e60368484b4281

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe

Filesize
184KB

MD5
fd66bcc49ad427371c2fdd4aed2e1ead

SHA1
bb42d72472b58aa9b700e315093c7e1e4220f4f0

SHA256
4c455cb10862684d43cffb26f90cea4b953900195c60870e28912e107b29b77d

SHA512
7eaf54e31f4b2188a161bf5b4ab14b5b0571ba26e263938d2f48c82212607bb2ab3908ba9e54af2d2f98cc638e5538e1d4da2184db708b96da926841212565e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe

Filesize
184KB

MD5
d9c674593edeb522118718685a44d575

SHA1
0716395793773830e6900bbdc97a66ccd7f5c2a8

SHA256
87951c1f183791e89cb1e7c658e48fdc5f590c30dfa5b0f922bb82a34cab42b3

SHA512
0ca7f073853a858252ac53093bfe72ef05197072e36629c25380898a1973e2b8020a9d0b86ee677f2eae38c91a91c94d7ffb429f8544d6313ab8c3cacba17620

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe

Filesize
184KB

MD5
3e0aeda782fa8b54dd43d2e979d2266a

SHA1
14715de12f1af9f8bc5cd391e8b126fc236374db

SHA256
b54bf985d9d9432d0c17caad697b2c932b051fe36d31b567dc160dca3fd470c2

SHA512
7890f6fb62d3f373a763a4b24ff15a6bb528d22d0c72015ec2a2ef289751f7eae79ad54c109e1d8b39fd6398dbf5d91c6ba342db380422727d8217a097c90dc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe

Filesize
184KB

MD5
dda2bbb98f521b644ca8d6daa7f66abd

SHA1
3c8941330e483e10399c1d796f71e2e0e3a42a67

SHA256
17237cfedb769bc18fc2057745eb313648367f2a5d97d7052d26ae0767922346

SHA512
10c4788f08e33225c980020cecc43084774544677c08b12458780cf6a50803eebaba9f43bf8a25d0938ab938576ab17900c3b7f4e0d46c4faa4c87eaf9ab713c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe

Filesize
184KB

MD5
fd7bc54e28957925800b154b2bbc6ee6

SHA1
cd74ee383413abac4f9ea0d1087731c3390248a6

SHA256
3a47cb771cb7a8fe37c9ef47de69b5ece19bccce6c24ded5507e2a692a97fd29

SHA512
86a0000bf246849e8b119977f25087e1532a355db181cd55914fcb39f508e2800ec64daeef9197bcf987711193ccc61636d48a44123734fdb8f630e11911a1c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads