3270abde07956e042a257442901ee3fa38bc0af3fa3ce3f9e9ee015835f54b30

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b536d7dea8ffeac44e5195d91cb4a1b9.exe
Size

184KB
MD5

b536d7dea8ffeac44e5195d91cb4a1b9
SHA1

cafa1754acb14011279bb6541796314fd8ebf4e4
SHA256

3270abde07956e042a257442901ee3fa38bc0af3fa3ce3f9e9ee015835f54b30
SHA512

6b91e711cba542b9f0ba6f5ed0753f62d2d3d9305cfea9255ac597bc6c08e320d5335fbe3957fbd9f78a16011b3d9f17d6bb4c1470dbc9cccaf8d132bf913e4b
SSDEEP

3072:leHpocRAiA0bOjjMTRcAzFuOii6O/YIcDxx822r17lPdpFl:leJoXH0bIMNcAzvlDD7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
856	Unicorn-19498.exe
2436	Unicorn-45393.exe
2524	Unicorn-29611.exe
2444	Unicorn-58304.exe
2916	Unicorn-935.exe
2328	Unicorn-4697.exe
2104	Unicorn-21714.exe
2644	Unicorn-38796.exe
2716	Unicorn-5377.exe
2604	Unicorn-22460.exe
992	Unicorn-50494.exe
2888	Unicorn-59957.exe
2884	Unicorn-36413.exe
1256	Unicorn-20077.exe
3000	Unicorn-8379.exe
2156	Unicorn-11908.exe
2192	Unicorn-37159.exe
1416	Unicorn-40964.exe
908	Unicorn-21098.exe
1808	Unicorn-24327.exe
684	Unicorn-55266.exe
1592	Unicorn-56631.exe
1660	Unicorn-33170.exe
2304	Unicorn-33170.exe
2240	Unicorn-3673.exe
2288	Unicorn-13559.exe
2420	Unicorn-35407.exe
2468	Unicorn-61577.exe
2520	Unicorn-48256.exe
2768	Unicorn-21204.exe
2440	Unicorn-45983.exe
2400	Unicorn-7493.exe
2660	Unicorn-3876.exe
856	Unicorn-3876.exe
2700	Unicorn-30828.exe
2732	Unicorn-9312.exe
292	Unicorn-24549.exe
1136	Unicorn-44.exe
2272	Unicorn-11912.exe
1740	Unicorn-10205.exe
1712	Unicorn-55322.exe
1732	Unicorn-63490.exe
784	Unicorn-60750.exe
304	Unicorn-16380.exe
1536	Unicorn-48477.exe
2108	Unicorn-62395.exe
1780	Unicorn-42529.exe
2172	Unicorn-19369.exe
2548	Unicorn-19369.exe
1220	Unicorn-19369.exe
2792	Unicorn-39235.exe
2088	Unicorn-39235.exe
2988	Unicorn-39235.exe
1692	Unicorn-47766.exe
272	Unicorn-48088.exe
1788	Unicorn-6536.exe
1696	Unicorn-7626.exe
892	Unicorn-50242.exe
2364	Unicorn-62105.exe
1872	Unicorn-12305.exe
2632	Unicorn-36421.exe

Loads dropped DLL 64 IoCs

pid	Process
2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe
2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe
856	Unicorn-19498.exe
856	Unicorn-19498.exe
2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe
2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe
2524	Unicorn-29611.exe
2524	Unicorn-29611.exe
2436	Unicorn-45393.exe
2436	Unicorn-45393.exe
856	Unicorn-19498.exe
856	Unicorn-19498.exe
2444	Unicorn-58304.exe
2444	Unicorn-58304.exe
2524	Unicorn-29611.exe
2524	Unicorn-29611.exe
2916	Unicorn-935.exe
2916	Unicorn-935.exe
2436	Unicorn-45393.exe
2436	Unicorn-45393.exe
2328	Unicorn-4697.exe
2328	Unicorn-4697.exe
2644	Unicorn-38796.exe
2644	Unicorn-38796.exe
2604	Unicorn-22460.exe
2604	Unicorn-22460.exe
2104	Unicorn-21714.exe
2104	Unicorn-21714.exe
2444	Unicorn-58304.exe
2444	Unicorn-58304.exe
992	Unicorn-50494.exe
992	Unicorn-50494.exe
2328	Unicorn-4697.exe
2328	Unicorn-4697.exe
2888	Unicorn-59957.exe
2644	Unicorn-38796.exe
2888	Unicorn-59957.exe
2644	Unicorn-38796.exe
3000	Unicorn-8379.exe
3000	Unicorn-8379.exe
2192	Unicorn-37159.exe
2192	Unicorn-37159.exe
2156	Unicorn-11908.exe
2156	Unicorn-11908.exe
1416	Unicorn-40964.exe
1808	Unicorn-24327.exe
1808	Unicorn-24327.exe
1416	Unicorn-40964.exe
684	Unicorn-55266.exe
684	Unicorn-55266.exe
1660	Unicorn-33170.exe
1660	Unicorn-33170.exe
1592	Unicorn-56631.exe
1592	Unicorn-56631.exe
2288	Unicorn-13559.exe
2288	Unicorn-13559.exe
2240	Unicorn-3673.exe
2240	Unicorn-3673.exe
2304	Unicorn-33170.exe
2304	Unicorn-33170.exe
908	Unicorn-21098.exe
908	Unicorn-21098.exe
2468	Unicorn-61577.exe
2468	Unicorn-61577.exe

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe
856	Unicorn-19498.exe
2524	Unicorn-29611.exe
2436	Unicorn-45393.exe
2444	Unicorn-58304.exe
2916	Unicorn-935.exe
2328	Unicorn-4697.exe
2644	Unicorn-38796.exe
2104	Unicorn-21714.exe
2716	Unicorn-5377.exe
2604	Unicorn-22460.exe
992	Unicorn-50494.exe
2888	Unicorn-59957.exe
3000	Unicorn-8379.exe
2192	Unicorn-37159.exe
2156	Unicorn-11908.exe
1416	Unicorn-40964.exe
1808	Unicorn-24327.exe
684	Unicorn-55266.exe
1660	Unicorn-33170.exe
1592	Unicorn-56631.exe
908	Unicorn-21098.exe
2304	Unicorn-33170.exe
2288	Unicorn-13559.exe
2240	Unicorn-3673.exe
2420	Unicorn-35407.exe
2468	Unicorn-61577.exe
2520	Unicorn-48256.exe
2768	Unicorn-21204.exe
1256	Unicorn-20077.exe
2400	Unicorn-7493.exe
2440	Unicorn-45983.exe
2660	Unicorn-3876.exe
2732	Unicorn-9312.exe
856	Unicorn-3876.exe
2700	Unicorn-30828.exe
292	Unicorn-24549.exe
1136	Unicorn-44.exe
2272	Unicorn-11912.exe
1740	Unicorn-10205.exe
1712	Unicorn-55322.exe
1732	Unicorn-63490.exe
784	Unicorn-60750.exe
304	Unicorn-16380.exe
1780	Unicorn-42529.exe
1536	Unicorn-48477.exe
2108	Unicorn-62395.exe
2792	Unicorn-39235.exe
2548	Unicorn-19369.exe
272	Unicorn-48088.exe
1788	Unicorn-6536.exe
1696	Unicorn-7626.exe
2172	Unicorn-19369.exe
2988	Unicorn-39235.exe
1220	Unicorn-19369.exe
1692	Unicorn-47766.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 856	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	28
PID 2836 wrote to memory of 856	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	28
PID 2836 wrote to memory of 856	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	28
PID 2836 wrote to memory of 856	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	28
PID 856 wrote to memory of 2436	856	Unicorn-19498.exe	29
PID 856 wrote to memory of 2436	856	Unicorn-19498.exe	29
PID 856 wrote to memory of 2436	856	Unicorn-19498.exe	29
PID 856 wrote to memory of 2436	856	Unicorn-19498.exe	29
PID 2836 wrote to memory of 2524	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	30
PID 2836 wrote to memory of 2524	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	30
PID 2836 wrote to memory of 2524	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	30
PID 2836 wrote to memory of 2524	2836	b536d7dea8ffeac44e5195d91cb4a1b9.exe	30
PID 2524 wrote to memory of 2444	2524	Unicorn-29611.exe	31
PID 2524 wrote to memory of 2444	2524	Unicorn-29611.exe	31
PID 2524 wrote to memory of 2444	2524	Unicorn-29611.exe	31
PID 2524 wrote to memory of 2444	2524	Unicorn-29611.exe	31
PID 2436 wrote to memory of 2916	2436	Unicorn-45393.exe	32
PID 2436 wrote to memory of 2916	2436	Unicorn-45393.exe	32
PID 2436 wrote to memory of 2916	2436	Unicorn-45393.exe	32
PID 2436 wrote to memory of 2916	2436	Unicorn-45393.exe	32
PID 856 wrote to memory of 2328	856	Unicorn-19498.exe	33
PID 856 wrote to memory of 2328	856	Unicorn-19498.exe	33
PID 856 wrote to memory of 2328	856	Unicorn-19498.exe	33
PID 856 wrote to memory of 2328	856	Unicorn-19498.exe	33
PID 2444 wrote to memory of 2104	2444	Unicorn-58304.exe	34
PID 2444 wrote to memory of 2104	2444	Unicorn-58304.exe	34
PID 2444 wrote to memory of 2104	2444	Unicorn-58304.exe	34
PID 2444 wrote to memory of 2104	2444	Unicorn-58304.exe	34
PID 2524 wrote to memory of 2644	2524	Unicorn-29611.exe	35
PID 2524 wrote to memory of 2644	2524	Unicorn-29611.exe	35
PID 2524 wrote to memory of 2644	2524	Unicorn-29611.exe	35
PID 2524 wrote to memory of 2644	2524	Unicorn-29611.exe	35
PID 2916 wrote to memory of 2716	2916	Unicorn-935.exe	36
PID 2916 wrote to memory of 2716	2916	Unicorn-935.exe	36
PID 2916 wrote to memory of 2716	2916	Unicorn-935.exe	36
PID 2916 wrote to memory of 2716	2916	Unicorn-935.exe	36
PID 2436 wrote to memory of 2604	2436	Unicorn-45393.exe	37
PID 2436 wrote to memory of 2604	2436	Unicorn-45393.exe	37
PID 2436 wrote to memory of 2604	2436	Unicorn-45393.exe	37
PID 2436 wrote to memory of 2604	2436	Unicorn-45393.exe	37
PID 2328 wrote to memory of 992	2328	Unicorn-4697.exe	38
PID 2328 wrote to memory of 992	2328	Unicorn-4697.exe	38
PID 2328 wrote to memory of 992	2328	Unicorn-4697.exe	38
PID 2328 wrote to memory of 992	2328	Unicorn-4697.exe	38
PID 2644 wrote to memory of 2888	2644	Unicorn-38796.exe	39
PID 2644 wrote to memory of 2888	2644	Unicorn-38796.exe	39
PID 2644 wrote to memory of 2888	2644	Unicorn-38796.exe	39
PID 2644 wrote to memory of 2888	2644	Unicorn-38796.exe	39
PID 2604 wrote to memory of 2884	2604	Unicorn-22460.exe	40
PID 2604 wrote to memory of 2884	2604	Unicorn-22460.exe	40
PID 2604 wrote to memory of 2884	2604	Unicorn-22460.exe	40
PID 2604 wrote to memory of 2884	2604	Unicorn-22460.exe	40
PID 2104 wrote to memory of 1256	2104	Unicorn-21714.exe	41
PID 2104 wrote to memory of 1256	2104	Unicorn-21714.exe	41
PID 2104 wrote to memory of 1256	2104	Unicorn-21714.exe	41
PID 2104 wrote to memory of 1256	2104	Unicorn-21714.exe	41
PID 2444 wrote to memory of 3000	2444	Unicorn-58304.exe	42
PID 2444 wrote to memory of 3000	2444	Unicorn-58304.exe	42
PID 2444 wrote to memory of 3000	2444	Unicorn-58304.exe	42
PID 2444 wrote to memory of 3000	2444	Unicorn-58304.exe	42
PID 992 wrote to memory of 2156	992	Unicorn-50494.exe	43
PID 992 wrote to memory of 2156	992	Unicorn-50494.exe	43
PID 992 wrote to memory of 2156	992	Unicorn-50494.exe	43
PID 992 wrote to memory of 2156	992	Unicorn-50494.exe	43

C:\Users\Admin\AppData\Local\Temp\b536d7dea8ffeac44e5195d91cb4a1b9.exe
"C:\Users\Admin\AppData\Local\Temp\b536d7dea8ffeac44e5195d91cb4a1b9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        8⤵
        Executes dropped EXE
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        7⤵
        Executes dropped EXE
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        5⤵
        Executes dropped EXE
        
        PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55266.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        9⤵
        Executes dropped EXE
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
        13⤵
        Executes dropped EXE
        
        PID:1872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        10⤵
        Executes dropped EXE
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe

Filesize
184KB

MD5
cdb2d26dd9292a75f8b3716649edaab6

SHA1
750f157caf0cf6d427cf79ad4abd93ed02736fc5

SHA256
092465eb4436c9b91046cf97efb8514054cc74fe9e07e737ff078d4c2994395b

SHA512
eda9ffcb42b93bfb0d4e1308b2d6c46f1cd72a1af69cd39daaf7dd0a3b19b9b505831299181af4fd906b1823b3323a0832fcc95ad097100d51cfbb95139c5896

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe

Filesize
184KB

MD5
c0c00e66849cfca9620d9cf3c0d50f97

SHA1
4efb0380a314229a52ef0cd1022d8d5fe77a4bb9

SHA256
bb32d36723c121e2e42c210a7d7f05c785199cf58f806b5ccaaafb914da62daa

SHA512
c71a6c38ec0151bf76f5b13489012a773a92a0784f43dd6e97007d8b50c53785f90a4b84430b15465ebd8332e02c3873c960ce1b89728f897136155efdae6bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe

Filesize
184KB

MD5
9f1037ae26b0ddb0d84ec50bcb6b39fb

SHA1
3e19b41454fad1956cf296d37e4020147d370b6b

SHA256
db4485a152662d0a12f682d776f30f8ff66bab38e69d16041cbb8a60afe8fd32

SHA512
5ceb5891af4d112cfd9b3e0191eb5801b60e9dcb6ee53ba9331dfdaacd63b34825c742fd62cff2d7aed43af9d387859b9067672c004ae6285f015cc3abda9dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe

Filesize
184KB

MD5
8c90f0102216385c5d582d26e77b72d7

SHA1
cf46af8d2ca18fa7198c74a96447362906ae6752

SHA256
58445c7c48759ffb81ea1d7183fe8740f5976e5b9414b939b2346910a0c70e6b

SHA512
7bfe01ea021094aebb29894eb89a68e87693b047a81b0fb4842bf7db4d19d8c5af9bc8da4f0aa86cc0244ebcd0e1e7e3749574845a74f0903e2e880aa298c3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe

Filesize
184KB

MD5
e349297cab6ea6a4c930805ea30d51ff

SHA1
22da485a91689a14be81161c18f0d1277df3ae3f

SHA256
2287ad5563bca2d72e29d2f4b848c04ed2a975195e1c855a4639f8fe9c7ea4cd

SHA512
74a2a171a45440b78600a63d1415219cf69a43b262ea30a081fbdac28a5b5c6aa8d65c75cea9e56a8c98584ed40b9aa70f4231fe8a90c8a1dbc8a0816e2d9867

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe

Filesize
184KB

MD5
9dab68a9da6d0c2fca611fab0f01af8f

SHA1
72a1b33adfad6cb83f69555d8a81a4eff47fd9b4

SHA256
4dd6e81bc4da118866980eaca3f3ac3e66fe008e19323dbba217643beb574a44

SHA512
ad681a893089be20c7813349d6aa5a06134c6dca31ed31ea360529d7e996001af3914fdba984288acde410d58dfa5afdb994c0ce439792c537de596b2b19f663

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe

Filesize
184KB

MD5
0e2d78542e196afa11b20739267717eb

SHA1
56b9a66ef3e58ee5bb8d73794c92f6adff52036c

SHA256
673d98e9637b3b2458cc572978328b6fb912006920e1198ce1f7de64f8ab78d4

SHA512
161d826a7f7307102831fa0014ad8cb51e39e599f0b59307cfef73891daa026c259410210dcef9243f8f36697de9b3c713a8784d1b0881588f2bb59e296036dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe

Filesize
184KB

MD5
51f45d6da77c968d99de4957dc66214d

SHA1
05726dbf65b97551013baff795e564efd7248189

SHA256
de85b624563a3e5b0d5c7ee3ee980b4f9553c381e3873fa2c9b349ca0cd14ec8

SHA512
8d10a9617b08d5c326b03c143853ccca8f24d91d49f84210de0f9a7fe4c206c4ef377967823729b8e6a802744ad9eae25012e5e920492770a6967f84e0d6e3f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe

Filesize
184KB

MD5
660c9f03af14813eb72c9d94fee74657

SHA1
9a5004bdc7bf387aacbbf74789269140457408c7

SHA256
d1760d4e9163979e35f59d26a92a7c2f5ac4077b972dc8f8edf1790d17bda360

SHA512
c4642329821d0ccff842c24644377519750e75586c06101b19cf67f0996ea90cb4fe246e36651965ef91c8ad77c6a304e20949ab7847abc27242ad900ad981e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe

Filesize
184KB

MD5
a59c6b1cc1b9751a060caf44f9cc5a49

SHA1
8de6468a84e625eef739fccd165cc4563e579597

SHA256
2d3f52da88abe8f8d5ced2a3c74436c479666665689b6d6cbd16f9f73be90677

SHA512
1368e29c4b724aa2f9a19a9a8b87e04c802037ae1cc32e7c3b18a32efee3d890f90bf3763b62c315488d92b95783ca255299c51120627029888b0e0180164687

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe

Filesize
184KB

MD5
f5c1f943463349a8656ea586c38a343a

SHA1
867f0b9d053f04d40de59b8611eba5a2518b3382

SHA256
b4c4a8a659652d0c027275915978c23cd2677635abe038c90cd41c7dec505b87

SHA512
485d721924dd238f6a3e0325316a8212e4db4d56fe450c209a2ce66f089209944a59e674ad7afc8b19e65f46170957e768b22da0515eadcdd9105ec0f16f6fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe

Filesize
184KB

MD5
1183b45d6d7b19873d1705fb6a92a8b0

SHA1
845602b9b23d970c632d6157c8ed9e11af71e02e

SHA256
2695c5650fc023a613f366ca5d928bdc5d46bcd21ac43e2635bdcf76148a114a

SHA512
066146d6b773eb777fd03a56330a46c52faff077e8074546f57750df2e5eb7766a669ad34b04c2b6c92526a126e5856211a7ca13874d0f401af2b98080d31df4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe

Filesize
184KB

MD5
fa8d5e170fa70d92f99d9b89098b5a1e

SHA1
ad8af4e1c98e864b38d0ff73059b0ab5c50319aa

SHA256
3e2ecd18389ba144f4a79845b10ddbe28b39af54e1019c8261ba38d6126fcf61

SHA512
51b50b795d4b78d7098a7c23a5883deeb18265fa54327cba3c8ebdd76403d658e82ba10f773fffc7bb70657d495ffe46a2b0e27b64e2810f3c87aeed109b5ed2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe

Filesize
184KB

MD5
0ea364b03e38501d020c13774df288b5

SHA1
8be2554c3029910dab2649b0c72d72da2b64049e

SHA256
5c2f8258f2aee5e7a0ea11d80c7cff2dfcb854ca30b21c0e3f820d1448b16ba5

SHA512
593f7e4884336cf8157d543044a8d2273c58c27a407d18e5747f6b4cd0e3fde73bd9fd2d0858c590b7b670b799b68b97cdbe0095180cf751db9207849eb172b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe

Filesize
184KB

MD5
88ac040d2f008bf15b56762793d8f7da

SHA1
f2b0f24e29c683af51359c8e8337c3c50b07372f

SHA256
470530823e76691c51663ecf64b53536e27d5d0d9c97886734234234c441760f

SHA512
409f7532de4fffec671f1929eb9e8c14a7eae84827f1ebecce8ac2ab94e288184b94e4f3210ebbb2d5a0f44bcc44e98c3ceb83a9d363121154761cd6b9d91ed6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe

Filesize
184KB

MD5
a3620409358b1eca0d1f4d84e2458ab6

SHA1
d4c64606f2421e8d9b05b92eb3c07b8cc07904c1

SHA256
aefc12aa459388312230f3ad45a317fc2618250d4024f8f430b5acd4f513efa7

SHA512
6991a3764d8a623752147918a5dd8f1f6dd0159cbd1749e964bc69e20c0470e00cf501dc63c2320c42069efbe7630b91c57b4fa13bdd157cd747cff0d04bc646

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe

Filesize
184KB

MD5
9b790516443c51ae186992e72e63d51b

SHA1
fb795d192c0c1abc585fc3a47b2d6b1b9c1958d9

SHA256
2a85e3bd4a8192ad6a51ed43adbfcba895e696052938269df322da29c33b9be9

SHA512
5190457757723bc2fc4d1d02ca2bdf4d3558887b60ef0377c6badbb3c5cd721c6bc3959c7359b6049daf5f9dd58b78f36a0e947ec7c58f2b767ab4626b49712d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe

Filesize
184KB

MD5
0218802f4d59224d554d2c39a8b9643e

SHA1
3ef35c339bdc59c13993ad091c5fff2f979801dd

SHA256
89fb5d7d050cc3d9c0c40be31cff98596436dafc6a72fc03b5f62f3e9ddd7b9d

SHA512
b4dbb6ed91b759a140f739993062dda6abb9fa2d5ec38f4fe46b5b6b430897952adfa7e881a0cf77582323127134272b384404a7f63be1db9d0979b6b36fa382

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe

Filesize
184KB

MD5
d79a3dda58738485e1607bc4ea012e1f

SHA1
8b8d24ef808d4d3f8c79cbdcde7847c227f586ce

SHA256
66d51b2dffee9977af4364c6318e2e49674955d9f8a4e4477b18e42e90157a9f

SHA512
a3357f6d0be119e07eab7b54e202f5a002a7827fa9bbe45a02f24fe05acf0489da4320e4fba95b3e6cf95ec35369204e8346ce1dd68c750de90aa6a1a0bc2bfc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe

Filesize
184KB

MD5
f85ebba188c3b1ffc24253eb256be730

SHA1
fea08e0e11015dd34a98322b8dac368cdff948a6

SHA256
6162859adb48a08715648dcf5ccfc14f776413482820a0da80d4ba8c62f4422d

SHA512
a938acddff6fbab4c5e6f1a4d157d38c1d350fe5631da1f416035fd03c97680cb77ff881444228c8d924ec3a6438a184de6d072974fb4a0860e47b5a8e464a22

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads