cc22bebae93865c130b0eb68842a83aa91edacb58e0d6da626af17b894daa6fa

Analysis

max time kernel
45s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4911eca4cdcedea3e25dc86f8492b35.exe
Size

184KB
MD5

b4911eca4cdcedea3e25dc86f8492b35
SHA1

53fb2956d28e9630df940b6018b91ad90e61ea70
SHA256

cc22bebae93865c130b0eb68842a83aa91edacb58e0d6da626af17b894daa6fa
SHA512

89fa907f1bc47d78cb172178e6a58d0e9df5681a500d60ec5233b9e9f05349cbfaaa2907d620905b1f6b21bd7db3c925ee17f852611907d0a04028b8ab9b3dd1
SSDEEP

3072:waHeoYbkfYA01OjYdTsWl8Fb6d96DDWI0DExq9PpaNlPvpFF:wa+oh501HdoWl8XXG+NlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 56 IoCs

pid	Process
2980	Unicorn-54306.exe
3064	Unicorn-49511.exe
2588	Unicorn-25561.exe
2728	Unicorn-48608.exe
2572	Unicorn-20574.exe
2452	Unicorn-32272.exe
2056	Unicorn-57098.exe
804	Unicorn-33148.exe
2372	Unicorn-24234.exe
1896	Unicorn-11789.exe
276	Unicorn-49293.exe
2320	Unicorn-39859.exe
312	Unicorn-3465.exe
1364	Unicorn-15162.exe
2736	Unicorn-6994.exe
2100	Unicorn-23885.exe
2904	Unicorn-35583.exe
1824	Unicorn-62178.exe
988	Unicorn-16507.exe
344	Unicorn-26668.exe
2088	Unicorn-60087.exe
1588	Unicorn-55256.exe
1312	Unicorn-31306.exe
2252	Unicorn-43004.exe
2340	Unicorn-52516.exe
2244	Unicorn-27820.exe
1904	Unicorn-61239.exe
1968	Unicorn-11483.exe
1988	Unicorn-56408.exe
1728	Unicorn-36542.exe
1928	Unicorn-44156.exe
1920	Unicorn-7762.exe
2948	Unicorn-17597.exe
2536	Unicorn-59184.exe
2552	Unicorn-5344.exe
1980	Unicorn-27109.exe
2580	Unicorn-15926.exe
2440	Unicorn-7565.exe
2688	Unicorn-32816.exe
2920	Unicorn-7051.exe
1216	Unicorn-40238.exe
548	Unicorn-57129.exe
1468	Unicorn-357.exe
764	Unicorn-28946.exe
2184	Unicorn-41560.exe
2120	Unicorn-61426.exe
1580	Unicorn-61426.exe
1576	Unicorn-41560.exe
1568	Unicorn-41560.exe
1852	Unicorn-61426.exe
2312	Unicorn-14638.exe
2280	Unicorn-50627.exe
1676	Unicorn-50627.exe
628	Unicorn-51587.exe
2060	Unicorn-50300.exe
1736	Unicorn-45713.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	b4911eca4cdcedea3e25dc86f8492b35.exe
2204	b4911eca4cdcedea3e25dc86f8492b35.exe
2980	Unicorn-54306.exe
2980	Unicorn-54306.exe
2204	b4911eca4cdcedea3e25dc86f8492b35.exe
2204	b4911eca4cdcedea3e25dc86f8492b35.exe
3064	Unicorn-49511.exe
3064	Unicorn-49511.exe
2980	Unicorn-54306.exe
2980	Unicorn-54306.exe
2588	Unicorn-25561.exe
2588	Unicorn-25561.exe
2728	Unicorn-48608.exe
2728	Unicorn-48608.exe
3064	Unicorn-49511.exe
3064	Unicorn-49511.exe
2572	Unicorn-20574.exe
2572	Unicorn-20574.exe
2452	Unicorn-32272.exe
2452	Unicorn-32272.exe
2588	Unicorn-25561.exe
2588	Unicorn-25561.exe
2056	Unicorn-57098.exe
2056	Unicorn-57098.exe
2728	Unicorn-48608.exe
2728	Unicorn-48608.exe
804	Unicorn-33148.exe
804	Unicorn-33148.exe
2372	Unicorn-24234.exe
2372	Unicorn-24234.exe
2572	Unicorn-20574.exe
2572	Unicorn-20574.exe
1896	Unicorn-11789.exe
1896	Unicorn-11789.exe
2452	Unicorn-32272.exe
276	Unicorn-49293.exe
2452	Unicorn-32272.exe
276	Unicorn-49293.exe
2320	Unicorn-39859.exe
2320	Unicorn-39859.exe
2056	Unicorn-57098.exe
2056	Unicorn-57098.exe
1364	Unicorn-15162.exe
1364	Unicorn-15162.exe
804	Unicorn-33148.exe
804	Unicorn-33148.exe
312	Unicorn-3465.exe
312	Unicorn-3465.exe
2100	Unicorn-23885.exe
2100	Unicorn-23885.exe
988	Unicorn-16507.exe
988	Unicorn-16507.exe
276	Unicorn-49293.exe
276	Unicorn-49293.exe
2736	Unicorn-6994.exe
2736	Unicorn-6994.exe
1824	Unicorn-62178.exe
2372	Unicorn-24234.exe
1824	Unicorn-62178.exe
2372	Unicorn-24234.exe
2904	Unicorn-35583.exe
2904	Unicorn-35583.exe
1896	Unicorn-11789.exe
1896	Unicorn-11789.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1152	2688	WerFault.exe	66

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
2204	b4911eca4cdcedea3e25dc86f8492b35.exe
2980	Unicorn-54306.exe
3064	Unicorn-49511.exe
2588	Unicorn-25561.exe
2728	Unicorn-48608.exe
2572	Unicorn-20574.exe
2452	Unicorn-32272.exe
2056	Unicorn-57098.exe
804	Unicorn-33148.exe
2372	Unicorn-24234.exe
1896	Unicorn-11789.exe
276	Unicorn-49293.exe
2320	Unicorn-39859.exe
1364	Unicorn-15162.exe
312	Unicorn-3465.exe
2736	Unicorn-6994.exe
2100	Unicorn-23885.exe
1824	Unicorn-62178.exe
2904	Unicorn-35583.exe
988	Unicorn-16507.exe
344	Unicorn-26668.exe
2088	Unicorn-60087.exe
1312	Unicorn-31306.exe
1588	Unicorn-55256.exe
2252	Unicorn-43004.exe
2340	Unicorn-52516.exe
2244	Unicorn-27820.exe
1904	Unicorn-61239.exe
1968	Unicorn-11483.exe
1728	Unicorn-36542.exe
1928	Unicorn-44156.exe
1988	Unicorn-56408.exe
2536	Unicorn-59184.exe
2948	Unicorn-17597.exe
2552	Unicorn-5344.exe
2580	Unicorn-15926.exe
1980	Unicorn-27109.exe
2440	Unicorn-7565.exe
2920	Unicorn-7051.exe
2688	Unicorn-32816.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2980	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	28
PID 2204 wrote to memory of 2980	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	28
PID 2204 wrote to memory of 2980	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	28
PID 2204 wrote to memory of 2980	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	28
PID 2980 wrote to memory of 3064	2980	Unicorn-54306.exe	29
PID 2980 wrote to memory of 3064	2980	Unicorn-54306.exe	29
PID 2980 wrote to memory of 3064	2980	Unicorn-54306.exe	29
PID 2980 wrote to memory of 3064	2980	Unicorn-54306.exe	29
PID 2204 wrote to memory of 2588	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	30
PID 2204 wrote to memory of 2588	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	30
PID 2204 wrote to memory of 2588	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	30
PID 2204 wrote to memory of 2588	2204	b4911eca4cdcedea3e25dc86f8492b35.exe	30
PID 3064 wrote to memory of 2728	3064	Unicorn-49511.exe	31
PID 3064 wrote to memory of 2728	3064	Unicorn-49511.exe	31
PID 3064 wrote to memory of 2728	3064	Unicorn-49511.exe	31
PID 3064 wrote to memory of 2728	3064	Unicorn-49511.exe	31
PID 2980 wrote to memory of 2572	2980	Unicorn-54306.exe	32
PID 2980 wrote to memory of 2572	2980	Unicorn-54306.exe	32
PID 2980 wrote to memory of 2572	2980	Unicorn-54306.exe	32
PID 2980 wrote to memory of 2572	2980	Unicorn-54306.exe	32
PID 2588 wrote to memory of 2452	2588	Unicorn-25561.exe	33
PID 2588 wrote to memory of 2452	2588	Unicorn-25561.exe	33
PID 2588 wrote to memory of 2452	2588	Unicorn-25561.exe	33
PID 2588 wrote to memory of 2452	2588	Unicorn-25561.exe	33
PID 2728 wrote to memory of 2056	2728	Unicorn-48608.exe	34
PID 2728 wrote to memory of 2056	2728	Unicorn-48608.exe	34
PID 2728 wrote to memory of 2056	2728	Unicorn-48608.exe	34
PID 2728 wrote to memory of 2056	2728	Unicorn-48608.exe	34
PID 3064 wrote to memory of 804	3064	Unicorn-49511.exe	35
PID 3064 wrote to memory of 804	3064	Unicorn-49511.exe	35
PID 3064 wrote to memory of 804	3064	Unicorn-49511.exe	35
PID 3064 wrote to memory of 804	3064	Unicorn-49511.exe	35
PID 2572 wrote to memory of 2372	2572	Unicorn-20574.exe	36
PID 2572 wrote to memory of 2372	2572	Unicorn-20574.exe	36
PID 2572 wrote to memory of 2372	2572	Unicorn-20574.exe	36
PID 2572 wrote to memory of 2372	2572	Unicorn-20574.exe	36
PID 2452 wrote to memory of 1896	2452	Unicorn-32272.exe	37
PID 2452 wrote to memory of 1896	2452	Unicorn-32272.exe	37
PID 2452 wrote to memory of 1896	2452	Unicorn-32272.exe	37
PID 2452 wrote to memory of 1896	2452	Unicorn-32272.exe	37
PID 2588 wrote to memory of 276	2588	Unicorn-25561.exe	38
PID 2588 wrote to memory of 276	2588	Unicorn-25561.exe	38
PID 2588 wrote to memory of 276	2588	Unicorn-25561.exe	38
PID 2588 wrote to memory of 276	2588	Unicorn-25561.exe	38
PID 2056 wrote to memory of 2320	2056	Unicorn-57098.exe	39
PID 2056 wrote to memory of 2320	2056	Unicorn-57098.exe	39
PID 2056 wrote to memory of 2320	2056	Unicorn-57098.exe	39
PID 2056 wrote to memory of 2320	2056	Unicorn-57098.exe	39
PID 2728 wrote to memory of 312	2728	Unicorn-48608.exe	40
PID 2728 wrote to memory of 312	2728	Unicorn-48608.exe	40
PID 2728 wrote to memory of 312	2728	Unicorn-48608.exe	40
PID 2728 wrote to memory of 312	2728	Unicorn-48608.exe	40
PID 804 wrote to memory of 1364	804	Unicorn-33148.exe	41
PID 804 wrote to memory of 1364	804	Unicorn-33148.exe	41
PID 804 wrote to memory of 1364	804	Unicorn-33148.exe	41
PID 804 wrote to memory of 1364	804	Unicorn-33148.exe	41
PID 2372 wrote to memory of 2736	2372	Unicorn-24234.exe	42
PID 2372 wrote to memory of 2736	2372	Unicorn-24234.exe	42
PID 2372 wrote to memory of 2736	2372	Unicorn-24234.exe	42
PID 2372 wrote to memory of 2736	2372	Unicorn-24234.exe	42
PID 2572 wrote to memory of 2100	2572	Unicorn-20574.exe	43
PID 2572 wrote to memory of 2100	2572	Unicorn-20574.exe	43
PID 2572 wrote to memory of 2100	2572	Unicorn-20574.exe	43
PID 2572 wrote to memory of 2100	2572	Unicorn-20574.exe	43

C:\Users\Admin\AppData\Local\Temp\b4911eca4cdcedea3e25dc86f8492b35.exe
"C:\Users\Admin\AppData\Local\Temp\b4911eca4cdcedea3e25dc86f8492b35.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        8⤵
        Executes dropped EXE
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        9⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        8⤵
        Executes dropped EXE
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
        7⤵
        Executes dropped EXE
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        8⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        9⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 188
        7⤵
        Program crash
        
        PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        7⤵
        Executes dropped EXE
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        6⤵
        Executes dropped EXE
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        6⤵
        Executes dropped EXE
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        7⤵
        
        PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
        6⤵
        Executes dropped EXE
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        7⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        5⤵
        Executes dropped EXE
        
        PID:548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        7⤵
        Executes dropped EXE
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        5⤵
        Executes dropped EXE
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        6⤵
        Executes dropped EXE
        
        PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        6⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11013.exe
        8⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        5⤵
        Executes dropped EXE
        
        PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        6⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25645.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe
        8⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        5⤵
        Executes dropped EXE
        
        PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        5⤵
        Executes dropped EXE
        
        PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe

Filesize
184KB

MD5
8ecbf0d7d6538a9d559ce0af1fd2fe79

SHA1
fb52a01affaa9508a3a40592f1a775d713e6d1df

SHA256
f912823fdbc389fbfa4a4d023876fdc8a0436187608fe38b289a7802a339fa9d

SHA512
32b963faec894ff24a8394273ff9de1e8222e4260d25fd57e0cb44bd300d24ef08b9a2c68ea00987eda3e326b4dcc0f563dda9a98c8e60667171b8cd5d2e290a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe

Filesize
184KB

MD5
d0465358c26b7529a18b786efa125ed8

SHA1
96252ad791ace82a2f59c87273c0ebf99ec3cc53

SHA256
ec2af0d52e2f355a7ab4412b73c8a7d17da4e63ff65143cf8e21a77526718941

SHA512
426607506c48b299b85e4027cae216e618802aebcf5cda0a57ab06bd97691b101fe6aa3257a4d5217ca1a638cb60ef066258db0b2b4788e7bbfae51e3067e1eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe

Filesize
184KB

MD5
3efa71638d36f532215c79eb2d029003

SHA1
5b602d04f7e74d0c9df9ea206f41b40b2c2e4f37

SHA256
f8ab011d09597de1999c3df71c00a33c8584463e3aed7d382aac0d971fc366b4

SHA512
4f0e3b3ff92fea239a9d95593361185478320fb5281e044ff95df5aea4646894ce19c9adb50305d22a1b00127150bf28ea34e57a1c623e33fc19e0bb727f4174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe

Filesize
184KB

MD5
566e689962fed3964e1d51d95e91313c

SHA1
bb02a2889c70b2330f8c89d4d67fc6757e81a2d6

SHA256
72d07f9cce4ec16af9e9d01ae8c11a93649e9a1867c393c68125144ec6ed3f68

SHA512
026c3342abb4bd65996712286cea9266053635ddd82356a84221898b996b33ac3365a97439c6910d1ab18ee694eec39fb90a58bfa8086ff943b85686221f7d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe

Filesize
184KB

MD5
98ffbadfc9131aafcfa324d0d1b33abb

SHA1
42e65bcee62fb99a531fc640c85654468283f9ad

SHA256
bde48857fc7e18e48edeb9c3f5245ab716c9b6be1042f270c1f49c6ed4e7a056

SHA512
3db2e0a5415aede1401628962e6237a2b8602de54c2ce87a55753ed66a751421ea55629e57a371e175d08286a9dd587382dd72d1f32fcf75ceaaee44e580c0f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe

Filesize
184KB

MD5
96c314cc6e8233aa8957df023a64e65c

SHA1
f12f617afb4eaef39d9b831323158eb6566df982

SHA256
9f1e340d104643495f0b4a8a8ac84410c35f57b90d6c1f189312cefe60cee7ab

SHA512
3590911a8a81c79a71ff7e912df024dc171a73a29ba6e7f70ab8b39d43f8e1f6dd917c6cf763c8b67e23d35716b2ff3c4ca0fca70781d3ef436d00a26e5f8c8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe

Filesize
184KB

MD5
34ab9eadc3e3642856b1298fd59d9a0f

SHA1
f248218c6a27333edde1c81f9c4c54c9d8f489fc

SHA256
a8ebbdfcacaf2d3c8ffc44443988219b1d0b38aa7e57bdae8a7d9263d532e56e

SHA512
e8afd21523568b0df0c7fa2c76d07b4c8620c91e36f385161de7a60c9dac4f10bb9d97bf6787683dfd17d43dd4405d05453337d62b1689cc35822750503a1759

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe

Filesize
184KB

MD5
3675b82d97c24c894958e25ba9c1526f

SHA1
72a0c604fb78b9d3909e20b625e694662cf435f7

SHA256
2c3f16d90342df8e1532b7a3f1f47f98d6a00d4e2b87ee4361923d0999abc004

SHA512
f4fdb3a9e66b6c9c8b66b0fe0d7c29f6502a8f3f99ed6245100c93814e921d6e55cbc9cb3a2b66aaca729f3b1affd7e8344d78c49d99cd126297024a19e1602f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe

Filesize
184KB

MD5
5d1053c3b445b0258ae796915731a137

SHA1
ac8565e08ae7b5806716dba16409e1538c57ba9a

SHA256
c9f7978fea62237cd196196c70b12040a8b84b1cef2f9bebd15a28d330ebdb51

SHA512
ce492f075a68bbad7515dfce1ffb520fa679e399f1cab2cb795727e6f1ff57c8f6921329cbeddfe2f5269ea45938c468970c754cdf95d671e5f4df7fe1e1acdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe

Filesize
184KB

MD5
89e2cc67f00786fc14e61b71ffd26a5a

SHA1
164fbe620f083421bcaba710dabd3d4ca80af4e1

SHA256
18a85b19bed8a651ab25ce790d63943d55e0169aa9937756b9599466f0a948a2

SHA512
5e768e09fc2ac0356c1892dca73ddee2b71d6cc198295572b1971c6c0ac745004afedc060e1871e76546cd830cf1df2cfb0497c44bbb0d2e3a1c2fc19e469cbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe

Filesize
184KB

MD5
09cff0d70846ccd380f7a827da5b2c90

SHA1
25807838082ee0628f58dd85c33a24de1bb38d34

SHA256
6ddc6a3070d4604334838dfde6d8baaa717722be76dd370ba1fea9e7fb7de9c2

SHA512
5f1f21a326b3ffe6b5d2cad4a86c4e316cbf24ab23c6b769d6d50d621f76e3502f368e80c09a69a5bac657860a1773c5803d6eeb952be35635251f514559b582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39859.exe

Filesize
184KB

MD5
9247a11a36b18cdd026c878cd2b564cb

SHA1
9e75916b45c64aeb18850373018699bd33ccd1bf

SHA256
1d1c68640d3e8876f9781c601fef55856ed438860702ea27ec83747df3f802f7

SHA512
be8e3cf86392dd2b071bb8647407507457c6e20c0598922bd83fc61511527ef2a6dfa6bda814053946d4ada82ac9b5c3f7dc708d9cb7fc2e48a5a15c71770ebf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe

Filesize
184KB

MD5
e2dbd528a1bfd37d37c5f8e5cf14a677

SHA1
e9a7b3df33b7c7111416120374e55cab7b688c15

SHA256
96d18ef2f30baa4a86893c6300e5c865bb112670b9634675cc75ba793c0130e4

SHA512
eefe38fc9256da92b48c7efca9a8d3c432907a94ccf92154b8b242c605e74ad40a91689c1f035e2af21583ef8ee9bdc73d8b5b1da98656534579bee4c0828ded

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe

Filesize
184KB

MD5
ece7295e8e36fce3074346e1ddc1424a

SHA1
f1f60f3065ebdfc3fd02ca6fb2d6a8c346304e65

SHA256
44d08139ee6a64899cf1710c41ba9075b9cc45310d6540805e7f9bf8e6a3fb69

SHA512
db142b591c54d42265b5e87d4f63c859b7cf3cce184c4932387ac95688b2de3184dab5477526e5539a12b57572cbaf6a598d826e6cc71f1614c950fe1895a23e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe

Filesize
184KB

MD5
5766a56f008ca0988a2f221cd8559bea

SHA1
19736f6743393a6ccfd26649b5f40079710e684c

SHA256
354bdc05f7fe0bab46ac1b6454c911b6b3467242afd0c5871febcc777e986457

SHA512
a071dc5d2c87a0f128bd68fd9ebcaf06a3b274034791f1a4ed3e2c689a8cdd1228be2e1a8106c300cde564501da3dfe4ddff98f8ada8f16373c4ca44bd621f46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe

Filesize
184KB

MD5
5c631fac69b1ca0a183f207f5115c096

SHA1
4e649eb57ac33cf34b4a52e41e020e5ebe6006d6

SHA256
1bd63963f8c70711f082211b48ece311380aef1f75d3e24387f946d0a8f6a70e

SHA512
ba468750070782640b12bdcb9d498355aa34ae588654f0a73af184041b66c6711e58dba5630bd37bb4dcd2bb0fc1f0ebecc2a8cddd3a4fdec802d869593a17e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe

Filesize
184KB

MD5
493f5a8b1d25c9dda1d48b305a59da98

SHA1
6b3f59daad6d559b80743c094d9cad5e86326488

SHA256
d5cab45e1d5540ac15508341b7485c7aa379ea17ce8a131b6e7ff557d4b032a1

SHA512
5d166fcb5f0109c385ca3dd1110418a282f70b10898e241a2899d1cd97b5748aa6916e689c9a6b02e42860d5d7e0a9bb6fc33a75bc66432d5edec92a25cc4c0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe

Filesize
184KB

MD5
e054640cb7fb7aa4e62574726761fa56

SHA1
1d8d61c26996e3b544cb07577b4c09fe871701c6

SHA256
f5175b7f31a268db338886b26497293fcc09d16a791dde954273ea66ef2f08b9

SHA512
9c930a9ea2e2d630a19045897ca13fd3a0d6dacc78022763a607dbf732d2296716c552a36d2f7baba0a7ee3b7f56d60eb4162239111b4e8dde0ec7397e429bbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe

Filesize
184KB

MD5
3c6288d92fdd4d352ec7c866a5d2b216

SHA1
bcbc5723c6779659123abda4abcacfed7218ed91

SHA256
50aa090f2a42f3b85f16567428f4fb34352fdec24edcd3916c2cede4a389c940

SHA512
e559f364e1a47af18646c0c8abf38b74d95e4555b83e37013cefa7b040ada3594cff06a9438b167501af14f7b33342c40ee8bebc2f77e2d0f805117f009b879c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads