7cc4d697bc001ebc9fabd5f8fe7180528133f5fe60955c571b52bad6a3d6402c

Analysis

max time kernel
73s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 18:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b56744b8b68a65daa0235749d066d53a.exe
Size

184KB
MD5

b56744b8b68a65daa0235749d066d53a
SHA1

a3abcea411d8c75023a5ee4de3dff8a43131879b
SHA256

7cc4d697bc001ebc9fabd5f8fe7180528133f5fe60955c571b52bad6a3d6402c
SHA512

a84db8a386229aedb421927743298a9afce7f54156635064a1c459e76d838d61d01870dac2f4af9fe69021611ebb4681f9339f3f059139e8b2f17244c0ee415b
SSDEEP

3072:reQZom07QrLC8ejSMHZE5xcqFzJRMqyplEQrxKKPZsylP6pF8:reeo83C8xMC5xcFropylP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 38 IoCs

pid	Process
2584	Unicorn-52986.exe
2556	Unicorn-59255.exe
2688	Unicorn-12747.exe
2608	Unicorn-1969.exe
2400	Unicorn-50184.exe
2476	Unicorn-3676.exe
1188	Unicorn-62519.exe
2188	Unicorn-1066.exe
2664	Unicorn-16011.exe
1556	Unicorn-36728.exe
1532	Unicorn-20946.exe
680	Unicorn-3863.exe
336	Unicorn-3863.exe
2156	Unicorn-31060.exe
2248	Unicorn-13243.exe
2380	Unicorn-62999.exe
1640	Unicorn-37748.exe
1736	Unicorn-35610.exe
1096	Unicorn-8967.exe
2076	Unicorn-8967.exe
2132	Unicorn-36164.exe
1084	Unicorn-58723.exe
1312	Unicorn-9242.exe
380	Unicorn-32355.exe
920	Unicorn-25579.exe
3064	Unicorn-45999.exe
1760	Unicorn-65049.exe
2796	Unicorn-45184.exe
2980	Unicorn-26709.exe
1980	Unicorn-46575.exe
2336	Unicorn-32739.exe
2084	Unicorn-52605.exe
2096	Unicorn-52605.exe
2228	Unicorn-43429.exe
1376	Unicorn-11956.exe
1464	Unicorn-15018.exe
1632	Unicorn-46233.exe
352	Unicorn-46233.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	b56744b8b68a65daa0235749d066d53a.exe
2700	b56744b8b68a65daa0235749d066d53a.exe
2584	Unicorn-52986.exe
2584	Unicorn-52986.exe
2700	b56744b8b68a65daa0235749d066d53a.exe
2700	b56744b8b68a65daa0235749d066d53a.exe
2688	Unicorn-12747.exe
2688	Unicorn-12747.exe
2608	Unicorn-1969.exe
2608	Unicorn-1969.exe
2688	Unicorn-12747.exe
2688	Unicorn-12747.exe
2400	Unicorn-50184.exe
2400	Unicorn-50184.exe
2608	Unicorn-1969.exe
2608	Unicorn-1969.exe
2476	Unicorn-3676.exe
2476	Unicorn-3676.exe
1188	Unicorn-62519.exe
1188	Unicorn-62519.exe
2400	Unicorn-50184.exe
2400	Unicorn-50184.exe
2664	Unicorn-16011.exe
2188	Unicorn-1066.exe
2188	Unicorn-1066.exe
2664	Unicorn-16011.exe
2476	Unicorn-3676.exe
2476	Unicorn-3676.exe
1556	Unicorn-36728.exe
1556	Unicorn-36728.exe
1188	Unicorn-62519.exe
1188	Unicorn-62519.exe
1532	Unicorn-20946.exe
1532	Unicorn-20946.exe
2156	Unicorn-31060.exe
2156	Unicorn-31060.exe
680	Unicorn-3863.exe
680	Unicorn-3863.exe
336	Unicorn-3863.exe
336	Unicorn-3863.exe
2664	Unicorn-16011.exe
2664	Unicorn-16011.exe
2188	Unicorn-1066.exe
2188	Unicorn-1066.exe
2248	Unicorn-13243.exe
2248	Unicorn-13243.exe
1556	Unicorn-36728.exe
1556	Unicorn-36728.exe
2380	Unicorn-62999.exe
2380	Unicorn-62999.exe
1640	Unicorn-37748.exe
1640	Unicorn-37748.exe
1532	Unicorn-20946.exe
1096	Unicorn-8967.exe
1096	Unicorn-8967.exe
1532	Unicorn-20946.exe
680	Unicorn-3863.exe
680	Unicorn-3863.exe
1736	Unicorn-35610.exe
1736	Unicorn-35610.exe
2156	Unicorn-31060.exe
2076	Unicorn-8967.exe
2132	Unicorn-36164.exe
2156	Unicorn-31060.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
2700	b56744b8b68a65daa0235749d066d53a.exe
2584	Unicorn-52986.exe
2556	Unicorn-59255.exe
2688	Unicorn-12747.exe
2608	Unicorn-1969.exe
2400	Unicorn-50184.exe
2476	Unicorn-3676.exe
1188	Unicorn-62519.exe
2188	Unicorn-1066.exe
2664	Unicorn-16011.exe
1556	Unicorn-36728.exe
1532	Unicorn-20946.exe
680	Unicorn-3863.exe
2156	Unicorn-31060.exe
336	Unicorn-3863.exe
2248	Unicorn-13243.exe
2380	Unicorn-62999.exe
1640	Unicorn-37748.exe
1096	Unicorn-8967.exe
1736	Unicorn-35610.exe
2076	Unicorn-8967.exe
2132	Unicorn-36164.exe
1084	Unicorn-58723.exe
380	Unicorn-32355.exe
1312	Unicorn-9242.exe
1980	Unicorn-46575.exe
3064	Unicorn-45999.exe
1760	Unicorn-65049.exe
2796	Unicorn-45184.exe
2228	Unicorn-43429.exe
2096	Unicorn-52605.exe
2336	Unicorn-32739.exe
2980	Unicorn-26709.exe
2084	Unicorn-52605.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2584	2700	b56744b8b68a65daa0235749d066d53a.exe	28
PID 2700 wrote to memory of 2584	2700	b56744b8b68a65daa0235749d066d53a.exe	28
PID 2700 wrote to memory of 2584	2700	b56744b8b68a65daa0235749d066d53a.exe	28
PID 2700 wrote to memory of 2584	2700	b56744b8b68a65daa0235749d066d53a.exe	28
PID 2584 wrote to memory of 2556	2584	Unicorn-52986.exe	29
PID 2584 wrote to memory of 2556	2584	Unicorn-52986.exe	29
PID 2584 wrote to memory of 2556	2584	Unicorn-52986.exe	29
PID 2584 wrote to memory of 2556	2584	Unicorn-52986.exe	29
PID 2700 wrote to memory of 2688	2700	b56744b8b68a65daa0235749d066d53a.exe	30
PID 2700 wrote to memory of 2688	2700	b56744b8b68a65daa0235749d066d53a.exe	30
PID 2700 wrote to memory of 2688	2700	b56744b8b68a65daa0235749d066d53a.exe	30
PID 2700 wrote to memory of 2688	2700	b56744b8b68a65daa0235749d066d53a.exe	30
PID 2688 wrote to memory of 2608	2688	Unicorn-12747.exe	31
PID 2688 wrote to memory of 2608	2688	Unicorn-12747.exe	31
PID 2688 wrote to memory of 2608	2688	Unicorn-12747.exe	31
PID 2688 wrote to memory of 2608	2688	Unicorn-12747.exe	31
PID 2608 wrote to memory of 2400	2608	Unicorn-1969.exe	32
PID 2608 wrote to memory of 2400	2608	Unicorn-1969.exe	32
PID 2608 wrote to memory of 2400	2608	Unicorn-1969.exe	32
PID 2608 wrote to memory of 2400	2608	Unicorn-1969.exe	32
PID 2688 wrote to memory of 2476	2688	Unicorn-12747.exe	33
PID 2688 wrote to memory of 2476	2688	Unicorn-12747.exe	33
PID 2688 wrote to memory of 2476	2688	Unicorn-12747.exe	33
PID 2688 wrote to memory of 2476	2688	Unicorn-12747.exe	33
PID 2400 wrote to memory of 1188	2400	Unicorn-50184.exe	34
PID 2400 wrote to memory of 1188	2400	Unicorn-50184.exe	34
PID 2400 wrote to memory of 1188	2400	Unicorn-50184.exe	34
PID 2400 wrote to memory of 1188	2400	Unicorn-50184.exe	34
PID 2608 wrote to memory of 2664	2608	Unicorn-1969.exe	35
PID 2608 wrote to memory of 2664	2608	Unicorn-1969.exe	35
PID 2608 wrote to memory of 2664	2608	Unicorn-1969.exe	35
PID 2608 wrote to memory of 2664	2608	Unicorn-1969.exe	35
PID 2476 wrote to memory of 2188	2476	Unicorn-3676.exe	36
PID 2476 wrote to memory of 2188	2476	Unicorn-3676.exe	36
PID 2476 wrote to memory of 2188	2476	Unicorn-3676.exe	36
PID 2476 wrote to memory of 2188	2476	Unicorn-3676.exe	36
PID 1188 wrote to memory of 1556	1188	Unicorn-62519.exe	37
PID 1188 wrote to memory of 1556	1188	Unicorn-62519.exe	37
PID 1188 wrote to memory of 1556	1188	Unicorn-62519.exe	37
PID 1188 wrote to memory of 1556	1188	Unicorn-62519.exe	37
PID 2400 wrote to memory of 1532	2400	Unicorn-50184.exe	38
PID 2400 wrote to memory of 1532	2400	Unicorn-50184.exe	38
PID 2400 wrote to memory of 1532	2400	Unicorn-50184.exe	38
PID 2400 wrote to memory of 1532	2400	Unicorn-50184.exe	38
PID 2188 wrote to memory of 336	2188	Unicorn-1066.exe	39
PID 2188 wrote to memory of 336	2188	Unicorn-1066.exe	39
PID 2188 wrote to memory of 336	2188	Unicorn-1066.exe	39
PID 2188 wrote to memory of 336	2188	Unicorn-1066.exe	39
PID 2664 wrote to memory of 680	2664	Unicorn-16011.exe	40
PID 2664 wrote to memory of 680	2664	Unicorn-16011.exe	40
PID 2664 wrote to memory of 680	2664	Unicorn-16011.exe	40
PID 2664 wrote to memory of 680	2664	Unicorn-16011.exe	40
PID 2476 wrote to memory of 2156	2476	Unicorn-3676.exe	41
PID 2476 wrote to memory of 2156	2476	Unicorn-3676.exe	41
PID 2476 wrote to memory of 2156	2476	Unicorn-3676.exe	41
PID 2476 wrote to memory of 2156	2476	Unicorn-3676.exe	41
PID 1556 wrote to memory of 2248	1556	Unicorn-36728.exe	42
PID 1556 wrote to memory of 2248	1556	Unicorn-36728.exe	42
PID 1556 wrote to memory of 2248	1556	Unicorn-36728.exe	42
PID 1556 wrote to memory of 2248	1556	Unicorn-36728.exe	42
PID 1188 wrote to memory of 2380	1188	Unicorn-62519.exe	43
PID 1188 wrote to memory of 2380	1188	Unicorn-62519.exe	43
PID 1188 wrote to memory of 2380	1188	Unicorn-62519.exe	43
PID 1188 wrote to memory of 2380	1188	Unicorn-62519.exe	43

C:\Users\Admin\AppData\Local\Temp\b56744b8b68a65daa0235749d066d53a.exe
"C:\Users\Admin\AppData\Local\Temp\b56744b8b68a65daa0235749d066d53a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25579.exe
        7⤵
        Executes dropped EXE
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        8⤵
        Executes dropped EXE
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        10⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        9⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2580.exe
        7⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        8⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        7⤵
        Executes dropped EXE
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        9⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        6⤵
        Executes dropped EXE
        
        PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        7⤵
        Executes dropped EXE
        
        PID:352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        7⤵
        
        PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe

Filesize
184KB

MD5
fe7e360e5cafed0c7c9e9fc8820c8129

SHA1
cede25bb9100a7a36d83b19b9699e404101acdc8

SHA256
6ade56e01106d61a366cbfa4ce81d17d668bddd5051f688dc05a6d24a89d4f62

SHA512
6bab956951a61bb2e2a2b647fc736c73dbe7cdc2b70ef308f6735b3c67181d328febb1d79a3a7a6e5979466e179e5e8015d23d167df2aad1ff7590a15f7a7d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe

Filesize
184KB

MD5
36762bb0b72014760a61b4c9272b25da

SHA1
0a27851adf0f4c4dc4abea70987ff91bf041984d

SHA256
0d62619070a4364378e5bef6840f85ec18eb493830ff834a0837f807472ab853

SHA512
177e188b2582fe9c73f0199a6dcf2905bbb79f09cc2a74b2c618443020c28fe319505d910a0b9e79b055379973fb2ab8fa1e9b6842f590a4ce50b1fd741df590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe

Filesize
184KB

MD5
d98436a1f7dcb25e25d36b3b0ddc8f35

SHA1
8c85384088424bf9ca297b12fb80b7e2332049cb

SHA256
5d15bba1f6923e410d194d7e723a9db5d8754472f7c278e56944b5561fcc59be

SHA512
3761e304a3d9e21c0e868dbdea8ce97f4260fd20a77513b50830518f8f98f1317b4b8fc66af502992ade5134f35e84ca5fac790d1ea62c3715581e5380464612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe

Filesize
184KB

MD5
ee23a4db1d12d0a6356f083c1645ca87

SHA1
01980ba26e19bed29261ebd3c7a929d0fc9497da

SHA256
d1d79521c04a9a592cda42fa10f1cc0c4f5679d46505b6d072b4257a78891ab9

SHA512
5a4e44325c9159901b8d2cc17bbcbc0525a758487e826897a445ac8619dca7bf08183095ec090108fc6467566f1c1693d15d7695cbcabb503ec86d66f9f4f022

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe

Filesize
184KB

MD5
340a6a11b9dc184fe556b1d34ce936ca

SHA1
7d389d86aec0b07c3ab8718056810bbedc9e6301

SHA256
2a16b3f8296474aa0506627e9ccb346d061ed8852717729975fb0bedf755da0c

SHA512
5361199d74eae8d56b80cbcfb1f395a38b47bca29776ad15ed003ecba8c4394b2a5e179491b735a966ef15f9c7d8bcf48513603ab27786b5215608f16c615ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe

Filesize
184KB

MD5
621fe21614385bff461abb23fa6d66c9

SHA1
2d27bf132eee313f76e4c74139fce6fb717c4419

SHA256
fe8346a8bd26c984e9287c2e906a1aa9d425964cdc306b5c5acb9aedb066c3ad

SHA512
4808f660c5877fb802a388b7bbcffe2649862014c1306ac1a774bfaba679346b58e6a165aa8e52aaaf6472b6f9f6d8c23364b1d0cee134053a0bcd6ca7c4148f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe

Filesize
184KB

MD5
91d7c35e9a0b34a6975bea74b68b1f7e

SHA1
5e3cf738ab6ddc6316629cfe9036fd2f4d495ac2

SHA256
b3d02da10ff5d43443fb4b5ed484ba2a9b110144aae53ef81a5e4cb7658c5e07

SHA512
7d983e4e40f4fff683f1478ea6ab3175359be99086f98a8d4f8560aaa7a339a0f9d74680e775aae9207af6f7363ea03d1808909949a0308ef8bb723d21315ccf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe

Filesize
184KB

MD5
1223bf7a619ec00cbebef7c1074e820b

SHA1
9ce67c8904f1f1772dab79ff09438061a94048d4

SHA256
c4e710e8cd9a3f6e867df138f2659f2caf14bb00c999f875e6d0f17e16bd5421

SHA512
f0a26d2165ad83bc9c52f0c873ad0598a592b6de88119b8e00e7df0cdfbf91a4bc64a32d64c5368ae162301ccfe49688e99c5a7b7b5745797febda8f8a0e8a13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe

Filesize
184KB

MD5
a89148e3235eb0ee3a1408626e57fd88

SHA1
f8bc3f57bf38197a3b025e03d9cee9e812ea37be

SHA256
4dd22a82e31e761345a09a38ca795810c19c0e81d1e6b1f65896c7f97bf3fb09

SHA512
79a9e2e86c66fc3f89e6ef49667f18425ac4df2864c048a3c40bb778b1e080fc5c7add2b3baea6fd0e6cd17904f22248b80b26d86d00b94485405c668809ef9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe

Filesize
184KB

MD5
996ae3a3f4eb367c0d90f56d30fcf5ef

SHA1
bf6500062592ffb356c73281672ee8d6ee730b10

SHA256
04d806ac98f6fd527e984394a21961dbd441aa97c69285af03bf8e2b72be3f5c

SHA512
9a462ffb41ba85a3e4eb554fdd8b8653d9918aa116acb1c2bff4bf72f53ca6a4d76abfeed017e857b9dbf6268a3fb9bad2a47d0649c8c73acdd5b915689d6ded

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe

Filesize
184KB

MD5
aee49c88968cd0eb2c0b7176239db363

SHA1
b69500a80ba651e7d89408988d51cbf9b21e6d48

SHA256
0af31fa052ab47f0b9a77ede7cb04a0cf73a73c20e739498c046f32fa011ae5c

SHA512
f0f8b4ed3c7f054bc445efe4036cdd01950b46c0784c13a76d5d16f0fca77a6e26d50f5d3746c5ce817262972c7cfe4b9d8c5393dece7be3b2938949f1d7c1df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe

Filesize
184KB

MD5
97ed06db1b656384fdf9c35cabdc0cdf

SHA1
56025a96ef477fa52a60a5f19d6dfac90610ab23

SHA256
30f9da38f9548762acff4ed5394ec190d0b2cce53d36c1b1869fc2b92f87b293

SHA512
5859354c55b72c61a0d2098d4e79d5183f9837ba4e1079c4326480040e41b1decbc01edc20e78ba4609c76eb78824ea8be03c02b1a688d43b94bccbca809a37e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe

Filesize
184KB

MD5
b1523bf00169c2f85187f9e0792ea1ed

SHA1
1486ffe9968a1784bbaa073d6ec509ba4edf4f30

SHA256
5ba21fbc1a569b8d33d3e47130097b64091316f860ac39067ae180fe3626f0ce

SHA512
5a3419c46eca138cf5f9088a3d5d85b100b05b2a0342bed88f2f61b11a00b1a197bca710f077dd10cfd6523387c2fc38805f123fe201c1c92171362649373f8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe

Filesize
184KB

MD5
35ba9085d1d52b782b6cd6a934924ec6

SHA1
ec4d8be12e20a4ce79eaad3b849f971f93a45e6c

SHA256
3e7564a2f8dc168ce059e97d9ea4ad8f30c9b9e0990532c697a8ffd2f4d6cb66

SHA512
0cd11acb10c509b7a929bce101971bbe244621fe4217110bbbb874a6b4716dd432f0a40c5ad170215c77b1228d9bfa4de3528640c17bbb39d8f319c59fc4f504

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe

Filesize
184KB

MD5
042b9d5e666d6b42b52b752c30c26d02

SHA1
1d6a1a2acd687ba0655a5c8db12159b58b217984

SHA256
b3f5165c2d2756aabac4cab2199296f9e36cc1e519a7f8174cb926d4f127256e

SHA512
5a12b91dd4f4212148442e8ac3182a9d0aa1afb1a55a90a765a9ecdde53e98d8efa135b1c39436bdfa71b26d82892c0a5bd12bd9303404c438d9785d4bb20a47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe

Filesize
184KB

MD5
6a83508f88df7ca96e1918d5f03839e8

SHA1
cfc1e54fd341d9ce2ebf2e1f8eb4dc781f545a50

SHA256
3eea7ff5165bfbffa6893b82aabb5930c3cba1077e63add68455ba607962f294

SHA512
1dbb288113c23000439be61e116df753f2e62fd25b1aee39822a6083d82cc42160cd97ae54d006dbda5bb223226c132b84a7538c73a05a5dfd8bbe3446f92a80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe

Filesize
184KB

MD5
40e71d6ea3dc9281e99605b38d58ffe5

SHA1
d7c2c9d5b0532aa882953bb33657e56a593b9f18

SHA256
7bd007bfc8f46334dbaf551d69e87906d84622656d95f638cbe0aed63c236005

SHA512
dabac040b97c2f9515ba0ac4a97db93a0c54cc8fcea74267d3b9d35ca50fe97c15cd0db6848d9198b732b641dc9ef6128611f71d148d70016d03ad5a7334e687

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads