36a14cf4f67884f53d2f3b5c4c19ff824bd5209d1ef2a266096834577998b34a

Analysis

max time kernel
128s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b61c01a0ebd162e9c4e403bac21b0b2f.exe
Size

184KB
MD5

b61c01a0ebd162e9c4e403bac21b0b2f
SHA1

aab7a7f53055ca5845da94ec250ffbdbcd1d1814
SHA256

36a14cf4f67884f53d2f3b5c4c19ff824bd5209d1ef2a266096834577998b34a
SHA512

a17d62dec9bd894c4947fbfae86e2fbd4185142381ee5bab0384a1376544c0129acf919ddf1d694dc9ee72e7ff66956853eef7876d657bca6afb62c18b515619
SSDEEP

3072:0RV9o87xfzAHt0jBMhvNN8vMS4ZMR0QlXUSxQ1cZp8lPvpFQ:0RfoEsHt0MVNN8OQ2y8lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2256	Unicorn-17311.exe
2844	Unicorn-41541.exe
2680	Unicorn-34420.exe
2732	Unicorn-7974.exe
1620	Unicorn-5130.exe
2484	Unicorn-47184.exe
1568	Unicorn-41791.exe
2292	Unicorn-61465.exe
1284	Unicorn-20421.exe
1796	Unicorn-40466.exe
708	Unicorn-42735.exe
1216	Unicorn-25029.exe
1588	Unicorn-38930.exe
3068	Unicorn-29031.exe
684	Unicorn-22049.exe
976	Unicorn-57191.exe
328	Unicorn-23812.exe
2848	Unicorn-36640.exe
2380	Unicorn-39485.exe
1984	Unicorn-32906.exe
1884	Unicorn-25977.exe
1084	Unicorn-36170.exe
1868	Unicorn-16304.exe
1152	Unicorn-22870.exe
720	Unicorn-4312.exe
2076	Unicorn-19013.exe
628	Unicorn-20981.exe
3040	Unicorn-1115.exe
644	Unicorn-25750.exe
2724	Unicorn-11783.exe
2216	Unicorn-16273.exe
2240	Unicorn-61944.exe
856	Unicorn-55725.exe
2872	Unicorn-43001.exe
2604	Unicorn-12482.exe
2524	Unicorn-45953.exe
1676	Unicorn-1352.exe
2456	Unicorn-11460.exe
1836	Unicorn-42486.exe
1528	Unicorn-4657.exe
832	Unicorn-54398.exe
1160	Unicorn-9771.exe
1568	Unicorn-54674.exe
288	Unicorn-6951.exe
2232	Unicorn-57652.exe
360	Unicorn-6633.exe
1448	Unicorn-7593.exe
2224	Unicorn-1013.exe
2056	Unicorn-28336.exe
3024	Unicorn-9046.exe
2204	Unicorn-59830.exe
1624	Unicorn-12082.exe
2804	Unicorn-7458.exe
2628	Unicorn-58294.exe
2796	Unicorn-45689.exe
2128	Unicorn-44460.exe
1620	Unicorn-41807.exe
556	Unicorn-85.exe
328	Unicorn-53993.exe
1264	Unicorn-22063.exe
644	Unicorn-33691.exe
980	Unicorn-35192.exe
1424	Unicorn-38878.exe
1868	Unicorn-8832.exe

Loads dropped DLL 64 IoCs

pid	Process
2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe
2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe
2256	Unicorn-17311.exe
2256	Unicorn-17311.exe
2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe
2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe
2844	Unicorn-41541.exe
2844	Unicorn-41541.exe
2256	Unicorn-17311.exe
2256	Unicorn-17311.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2732	Unicorn-7974.exe
2732	Unicorn-7974.exe
2844	Unicorn-41541.exe
2844	Unicorn-41541.exe
1620	Unicorn-5130.exe
1620	Unicorn-5130.exe
2484	Unicorn-47184.exe
2484	Unicorn-47184.exe
2732	Unicorn-7974.exe
2732	Unicorn-7974.exe
1568	Unicorn-41791.exe
1568	Unicorn-41791.exe
2292	Unicorn-61465.exe
2292	Unicorn-61465.exe
1620	Unicorn-5130.exe
1620	Unicorn-5130.exe
1796	Unicorn-40466.exe
1796	Unicorn-40466.exe
1588	Unicorn-38930.exe
1588	Unicorn-38930.exe
708	Unicorn-42735.exe
708	Unicorn-42735.exe
1568	Unicorn-41791.exe
1568	Unicorn-41791.exe
1216	Unicorn-25029.exe
1216	Unicorn-25029.exe
2292	Unicorn-61465.exe
2292	Unicorn-61465.exe
3068	Unicorn-29031.exe
3068	Unicorn-29031.exe
1796	Unicorn-40466.exe
1796	Unicorn-40466.exe
684	Unicorn-22049.exe
684	Unicorn-22049.exe
1588	Unicorn-38930.exe
1588	Unicorn-38930.exe
2848	Unicorn-36640.exe
2848	Unicorn-36640.exe
2380	Unicorn-39485.exe
2380	Unicorn-39485.exe
1216	Unicorn-25029.exe
1216	Unicorn-25029.exe
708	Unicorn-42735.exe
328	Unicorn-23812.exe
976	Unicorn-57191.exe
708	Unicorn-42735.exe
328	Unicorn-23812.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2632	2680	WerFault.exe	30
1996	2872	WerFault.exe	62
2084	644	WerFault.exe	92

Suspicious use of SetWindowsHookEx 62 IoCs

pid	Process
2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe
2256	Unicorn-17311.exe
2680	Unicorn-34420.exe
2844	Unicorn-41541.exe
2732	Unicorn-7974.exe
1620	Unicorn-5130.exe
2484	Unicorn-47184.exe
1568	Unicorn-41791.exe
2292	Unicorn-61465.exe
1796	Unicorn-40466.exe
1216	Unicorn-25029.exe
1588	Unicorn-38930.exe
708	Unicorn-42735.exe
3068	Unicorn-29031.exe
684	Unicorn-22049.exe
976	Unicorn-57191.exe
328	Unicorn-23812.exe
2848	Unicorn-36640.exe
2380	Unicorn-39485.exe
1984	Unicorn-32906.exe
1884	Unicorn-25977.exe
1152	Unicorn-22870.exe
1868	Unicorn-16304.exe
1084	Unicorn-36170.exe
628	Unicorn-20981.exe
644	Unicorn-25750.exe
3040	Unicorn-1115.exe
720	Unicorn-4312.exe
2216	Unicorn-16273.exe
2604	Unicorn-12482.exe
856	Unicorn-55725.exe
1836	Unicorn-42486.exe
1676	Unicorn-1352.exe
2240	Unicorn-61944.exe
2724	Unicorn-11783.exe
2872	Unicorn-43001.exe
2524	Unicorn-45953.exe
2456	Unicorn-11460.exe
1528	Unicorn-4657.exe
832	Unicorn-54398.exe
1160	Unicorn-9771.exe
1568	Unicorn-54674.exe
1284	Unicorn-20421.exe
2232	Unicorn-57652.exe
288	Unicorn-6951.exe
360	Unicorn-6633.exe
1448	Unicorn-7593.exe
2224	Unicorn-1013.exe
3024	Unicorn-9046.exe
2204	Unicorn-59830.exe
1624	Unicorn-12082.exe
2056	Unicorn-28336.exe
2804	Unicorn-7458.exe
2628	Unicorn-58294.exe
2796	Unicorn-45689.exe
2128	Unicorn-44460.exe
1620	Unicorn-41807.exe
556	Unicorn-85.exe
328	Unicorn-53993.exe
644	Unicorn-33691.exe
1264	Unicorn-22063.exe
980	Unicorn-35192.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2256	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	28
PID 2824 wrote to memory of 2256	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	28
PID 2824 wrote to memory of 2256	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	28
PID 2824 wrote to memory of 2256	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	28
PID 2256 wrote to memory of 2844	2256	Unicorn-17311.exe	29
PID 2256 wrote to memory of 2844	2256	Unicorn-17311.exe	29
PID 2256 wrote to memory of 2844	2256	Unicorn-17311.exe	29
PID 2256 wrote to memory of 2844	2256	Unicorn-17311.exe	29
PID 2824 wrote to memory of 2680	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	30
PID 2824 wrote to memory of 2680	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	30
PID 2824 wrote to memory of 2680	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	30
PID 2824 wrote to memory of 2680	2824	b61c01a0ebd162e9c4e403bac21b0b2f.exe	30
PID 2844 wrote to memory of 2732	2844	Unicorn-41541.exe	32
PID 2844 wrote to memory of 2732	2844	Unicorn-41541.exe	32
PID 2844 wrote to memory of 2732	2844	Unicorn-41541.exe	32
PID 2844 wrote to memory of 2732	2844	Unicorn-41541.exe	32
PID 2680 wrote to memory of 2632	2680	Unicorn-34420.exe	31
PID 2680 wrote to memory of 2632	2680	Unicorn-34420.exe	31
PID 2680 wrote to memory of 2632	2680	Unicorn-34420.exe	31
PID 2680 wrote to memory of 2632	2680	Unicorn-34420.exe	31
PID 2256 wrote to memory of 1620	2256	Unicorn-17311.exe	33
PID 2256 wrote to memory of 1620	2256	Unicorn-17311.exe	33
PID 2256 wrote to memory of 1620	2256	Unicorn-17311.exe	33
PID 2256 wrote to memory of 1620	2256	Unicorn-17311.exe	33
PID 2732 wrote to memory of 2484	2732	Unicorn-7974.exe	34
PID 2732 wrote to memory of 2484	2732	Unicorn-7974.exe	34
PID 2732 wrote to memory of 2484	2732	Unicorn-7974.exe	34
PID 2732 wrote to memory of 2484	2732	Unicorn-7974.exe	34
PID 2844 wrote to memory of 1568	2844	Unicorn-41541.exe	35
PID 2844 wrote to memory of 1568	2844	Unicorn-41541.exe	35
PID 2844 wrote to memory of 1568	2844	Unicorn-41541.exe	35
PID 2844 wrote to memory of 1568	2844	Unicorn-41541.exe	35
PID 1620 wrote to memory of 2292	1620	Unicorn-5130.exe	36
PID 1620 wrote to memory of 2292	1620	Unicorn-5130.exe	36
PID 1620 wrote to memory of 2292	1620	Unicorn-5130.exe	36
PID 1620 wrote to memory of 2292	1620	Unicorn-5130.exe	36
PID 2484 wrote to memory of 1284	2484	Unicorn-47184.exe	37
PID 2484 wrote to memory of 1284	2484	Unicorn-47184.exe	37
PID 2484 wrote to memory of 1284	2484	Unicorn-47184.exe	37
PID 2484 wrote to memory of 1284	2484	Unicorn-47184.exe	37
PID 2732 wrote to memory of 1796	2732	Unicorn-7974.exe	38
PID 2732 wrote to memory of 1796	2732	Unicorn-7974.exe	38
PID 2732 wrote to memory of 1796	2732	Unicorn-7974.exe	38
PID 2732 wrote to memory of 1796	2732	Unicorn-7974.exe	38
PID 1568 wrote to memory of 708	1568	Unicorn-41791.exe	39
PID 1568 wrote to memory of 708	1568	Unicorn-41791.exe	39
PID 1568 wrote to memory of 708	1568	Unicorn-41791.exe	39
PID 1568 wrote to memory of 708	1568	Unicorn-41791.exe	39
PID 2292 wrote to memory of 1216	2292	Unicorn-61465.exe	40
PID 2292 wrote to memory of 1216	2292	Unicorn-61465.exe	40
PID 2292 wrote to memory of 1216	2292	Unicorn-61465.exe	40
PID 2292 wrote to memory of 1216	2292	Unicorn-61465.exe	40
PID 1620 wrote to memory of 1588	1620	Unicorn-5130.exe	41
PID 1620 wrote to memory of 1588	1620	Unicorn-5130.exe	41
PID 1620 wrote to memory of 1588	1620	Unicorn-5130.exe	41
PID 1620 wrote to memory of 1588	1620	Unicorn-5130.exe	41
PID 1796 wrote to memory of 3068	1796	Unicorn-40466.exe	42
PID 1796 wrote to memory of 3068	1796	Unicorn-40466.exe	42
PID 1796 wrote to memory of 3068	1796	Unicorn-40466.exe	42
PID 1796 wrote to memory of 3068	1796	Unicorn-40466.exe	42
PID 1588 wrote to memory of 684	1588	Unicorn-38930.exe	43
PID 1588 wrote to memory of 684	1588	Unicorn-38930.exe	43
PID 1588 wrote to memory of 684	1588	Unicorn-38930.exe	43
PID 1588 wrote to memory of 684	1588	Unicorn-38930.exe	43

C:\Users\Admin\AppData\Local\Temp\b61c01a0ebd162e9c4e403bac21b0b2f.exe
"C:\Users\Admin\AppData\Local\Temp\b61c01a0ebd162e9c4e403bac21b0b2f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
        8⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        7⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        11⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31261.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        10⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 200
        9⤵
        Program crash
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12476.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        12⤵
        Executes dropped EXE
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        13⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        12⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        11⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        10⤵
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25029.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        10⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        6⤵
        Executes dropped EXE
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 224
        8⤵
        Program crash
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        7⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        8⤵
        
        PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe

Filesize
184KB

MD5
380fceb27984920401a892810f63b753

SHA1
c17e8905823991f5cd6e6900b453758128f57dfa

SHA256
9b1ad0e3fba1f78b5f20a887a04f767f9d432eb51c557a6fe4cd62a0667df3f6

SHA512
3759898b27f9a13be4d44bf19123e5a4f1b2b3cc4dbaa346d123c862f1dcd716b8095f757c4b3ee0521b6a5f9225b5d3f2056558f7030fd32cde11a33b7d8fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe

Filesize
184KB

MD5
2a21845ea3dfbc266474cb9227face95

SHA1
2bd91a607de06f1e859c4aefb95113423827d4a3

SHA256
fda264d982e3b7e6aaacc1c22274ee1f2bd2ffc7d4e634783be1cef984bdf73e

SHA512
934fa439c0fcb55b8ba791d5abd6713b699d31f69bdb665894e29a560efc0f3baaacff00fdfcecf4a23229eb65f5a4093d494c63bf7df13eb0c18639a26f0cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe

Filesize
184KB

MD5
52781ed2f06432dc141de5afe324df9b

SHA1
924ecd80cd69fc7e1e2dcaf52fdd4c71db4f1fc7

SHA256
b0a8f8c615b1bb9272bea8840dffb7006086398a3273a625bdda32f0ec21d80c

SHA512
ab6c9f1a7a5ac849944ea655e426fbe7052d2b6d63171030af936b81d864fcfd045103f09e8c848a8a215fdf526f68587d66943e125921897cd6d26d2ff16612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe

Filesize
184KB

MD5
ecaac8a1fb69de003479ac8264221e97

SHA1
a066447814cf9bd3a6b6343d20c139d692d27bc8

SHA256
1c73cc3299a7c6a101c31863408fa2680f0f659222b27323e2d0820d1402eba8

SHA512
469af2ea330b9ddd86827e3b8f31ea24ffa56435a1c04366be2aacc57c248aa636ce469d57bd1f096fabf06d5c38d4224efba9cb603864f08f799fbb0787c953

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe

Filesize
184KB

MD5
8176ab998b7e00b7c012f893dbdc0307

SHA1
cda9b48cb52623f5605886e84dc020d9bf842f2e

SHA256
c013398c74d844597ee0c52bc9417584ef8aeb33f922896fd039f0a12e1082dd

SHA512
0231b1b9dd322f542dbe8dce571959b90a9b7dceba4ac07719b8a51129751b7b8c7ed0d4f6a5a91b4597ad53dde9e5b85e6de74b585f514f87096fc46f2421b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe

Filesize
184KB

MD5
a8751d8a7ea46b0c99ed1ff191ac0dbf

SHA1
e6dc01067cb8e17400c49aca4c00bf96b12ac91d

SHA256
e070ffac61d4de7661bea020221b7a06028003ab9ba096540e60173c1bed534e

SHA512
4d2ae54bce6f893f7eb869801e5c76dbfe5ae9147e3b84e6a33c34be953179f2d18d26e4fca5fb1cc5313d756e6f3504078b4b5619ef152dc8c05253d9f6b46b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe

Filesize
184KB

MD5
ec29848fee2968c2823e79d5733aa725

SHA1
aefb14c6d0abfdf47650bf764dac092068846b4d

SHA256
169af90e71ea3a088bb94f823aa9bf153544ede7219abe91597d967a920a948a

SHA512
f69b350ed69dbf59bd69b36f3bf6b52e03157c6393b7f2c27c6f9a865f21ba77c7c87918e697ce2593e7317fa831d4abbb45b8bc76cfe1f2ba6d9102843ad1fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe

Filesize
184KB

MD5
5ff0858113ab5adc37727bd05b04fc58

SHA1
caba2438218bc0ddf046416b794ac7149ef13bd2

SHA256
04dd9dcae887c83a0dcec249ce562039fe7a13e00fabad09945c39834ecb3b87

SHA512
60ee70daed082a8e958e2d938102dc1fff49d5ebb9806f5c801d0718bfb40350ee9fc69c6d28f2f1c384c4b2588ba725348e665d91bd2c3b4a3491fd632e0373

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25029.exe

Filesize
184KB

MD5
21042748a6f325671f6e63ec3598c33d

SHA1
ca2a3c0a6a2748af1747c1bf6be5f92a5edf7f69

SHA256
5c1116656d73577c99b51e87491eb4ef5384ed1803e22642aea2e89e1420b453

SHA512
3915826c0f6070d539d24d1a39a743e4773154f63e73ec0f619a50de714c524fd41614c7bd35cc6223cd7b5732f7cabcbaec48d30b9f5401f4c93d4da9fa0e54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe

Filesize
184KB

MD5
a1f120adfbe27ff748e844e4bc4ca95e

SHA1
355f3e8a6f727e7a1cca3df62b007f6cafef8ce1

SHA256
a816e2a3c55af6cebf3efa891eaaf435dd49504017d97f94df0ca327e584be10

SHA512
f3251da3bb21fe6fc99299572c349a7b2d356485d55fef253d2d2a04eea7f632e9bf26ce944b1b362ea08b0651d8fcd77c7145ef5d3f1c0b604f650c9d37bcf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe

Filesize
184KB

MD5
113bac1a2c230c2f7c0902169ed928c1

SHA1
847e52e6c8012f06f84f64e1f225b874cbd6cf88

SHA256
3902be13eb15cf34b757eb3da203f5d74d0f69cbcc42439a49f79649d29de625

SHA512
e9f29386a20d4dc8e85abec01c135caeb05c478b37bf25a666b8d1600bf963084eaf0cd1d0b385b7f7d1b173366730885e093722a2bae793803e9e713b3b5e32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe

Filesize
184KB

MD5
4aca3d77e80589fe1887354a925dfefc

SHA1
cf14c32b60f7d638568d4a2737213f4aa0ec1090

SHA256
1ab1e623858f6714c1fb1569460c4bc50858c6b5eb1064d88e05630931c8c609

SHA512
cd4f67af782a1d2b404c3a6b4aca4d28a3b8a9aeeb11d1cbb10e5b343e9cea1238deb8881cab8c0a00fc76a70ea0c50c732082599e15e84eb185eb81dc859743

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe

Filesize
184KB

MD5
cd314b2af9785e68a70c9a4111dc76ea

SHA1
de7ed6066b3126fe9955fc7f91104004fb20c833

SHA256
74d97c68915a3403d13ca9bec6a2fac9747c218e57c24f5ea006ed98bebb403a

SHA512
3a41beec098735976e519c64ced292fc4e93242be54bb138f54fff34fc78601de7b32eacec3d300cd1b8a2f487d6f5b1038eaa632df58c3cec1e78a5c075400b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe

Filesize
184KB

MD5
b1759b32be2b62174fed816d0d6da7a1

SHA1
a84fb1c98d20f2a9983d7b3a27f256bc6571ac4b

SHA256
8fb07a24caee9ec3ab9533984b52a806ebbbe7f21014840a414c8b6276f6992c

SHA512
fa7091388634a52a168cafcfc640b9f37eaa02e095f649042b0626ce29b06577666228f81404124b5c21bc933d3765592bdba20f9ebb543ef447afa32f4c4b18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe

Filesize
184KB

MD5
a8da4a3f22f0bda0d8f9e9239f9f6700

SHA1
51133c3785f670e3fd1e229a6e6db31c6aba6415

SHA256
562f42cba5f028818b7ed34b7b36edc061280c1cb8cb899bd8078503abce342d

SHA512
fa62ffa30710a3080ec2697f1c512e5bfd1fd7256f00cfe6f9a7c01f9a95389ee67940deb23e24d67643ee7c6cc5dbe14cab19875902bd13c1731a5f8dafe7ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe

Filesize
184KB

MD5
1e49b49f800df3f1877c13ee52ca2f01

SHA1
f468d3144681968c7d3b2e5599a9ba0eebcddba4

SHA256
b0a9429a208fdeb01dbcea1a6566480b4442254455a146abdf69016356863602

SHA512
818ef119aa0eaf2a9b42df74bf4a166681783bad5ff1752dbf19b49dd352fc69fefa8085368fab8c1c9cc848aedc0f77266050dcbc2fe7cba56f4e04957dd31c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe

Filesize
184KB

MD5
932fdd6f10ab44521cdb76601d894d4a

SHA1
703a247c251c93d9ce71589b4970f95affc415d5

SHA256
2e5d6866e389c0002f41f5773aebb789ee7adcdefc9260b2012777f507173133

SHA512
728722ee723631868c3aec0b1201528708b4516964141499f852430e9dfe7da4b2f4a62da70daa7bb13900c2fcdfcb65c1b93899c9b56c0f148cbc40fa774d12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe

Filesize
184KB

MD5
c615c43e74bd368cc1f1102455c8bc06

SHA1
52e9bee4ee2ea2ca1cec940e5f66c28ae9fb41b3

SHA256
14582594cbca1747b9d8faba1221d5196edfbb8eeb31a26a9dab745959e5792a

SHA512
2fe8210bb474d8aa2c62290c1a72a0163cf97d0131207a9f550d413797ddabaaf51459ecbb660d52957595e3e1a5f8cf6ded90a148569ead34749dce143442df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads