03aa1c3a81a657bb2d91bfe13e0013147160743cd341199cd420ffc06f85f2c1

Analysis

max time kernel
51s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b705d57b43b2bc0e0f0a4607be33d34c.exe
Size

184KB
MD5

b705d57b43b2bc0e0f0a4607be33d34c
SHA1

61e844f234e6b08f1fe28f053529744a6c88f3d6
SHA256

03aa1c3a81a657bb2d91bfe13e0013147160743cd341199cd420ffc06f85f2c1
SHA512

0e9a4ef7a21f5d5ff53fcfb56d39f1dd4fd1af6fe46baaaf6e78b7e0176d1fd978bf31a4ed3d6393fcc59272e0192cf4623c6d6ae0bde23ba8ebf225a2a22667
SSDEEP

3072:wdH+oz/TfjA01OjkdKEdyzCitsY6EDhImDhx8DPpQ7lPvpFH:wdeo3c017dbdyzpG9a7lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 60 IoCs

pid	Process
348	Unicorn-21733.exe
1696	Unicorn-8022.exe
2580	Unicorn-45526.exe
2572	Unicorn-53160.exe
2720	Unicorn-25126.exe
2680	Unicorn-28656.exe
2560	Unicorn-59029.exe
2500	Unicorn-24088.exe
1448	Unicorn-52122.exe
2740	Unicorn-12646.exe
2732	Unicorn-41981.exe
2744	Unicorn-37535.exe
2944	Unicorn-47431.exe
2324	Unicorn-11229.exe
1808	Unicorn-16438.exe
2336	Unicorn-55010.exe
1788	Unicorn-27403.exe
1480	Unicorn-27787.exe
1856	Unicorn-32617.exe
1132	Unicorn-3474.exe
700	Unicorn-26635.exe
2256	Unicorn-39633.exe
964	Unicorn-11772.exe
904	Unicorn-30029.exe
1032	Unicorn-26691.exe
1656	Unicorn-46557.exe
1704	Unicorn-2187.exe
1232	Unicorn-22053.exe
1528	Unicorn-23314.exe
2168	Unicorn-43411.exe
1596	Unicorn-38773.exe
1092	Unicorn-46666.exe
2392	Unicorn-62125.exe
1560	Unicorn-10464.exe
2648	Unicorn-2488.exe
2060	Unicorn-55026.exe
2864	Unicorn-18519.exe
2544	Unicorn-37293.exe
2612	Unicorn-25556.exe
2364	Unicorn-21149.exe
2516	Unicorn-1243.exe
1716	Unicorn-38746.exe
2052	Unicorn-283.exe
1980	Unicorn-5114.exe
2528	Unicorn-35753.exe
2632	Unicorn-35753.exe
2536	Unicorn-35753.exe
2624	Unicorn-35753.exe
2616	Unicorn-15887.exe
876	Unicorn-35753.exe
2956	Unicorn-13552.exe
2840	Unicorn-13552.exe
2984	Unicorn-13552.exe
1380	Unicorn-59224.exe
1248	Unicorn-59224.exe
1388	Unicorn-52893.exe
1724	Unicorn-7221.exe
2556	Unicorn-7221.exe
2680	Unicorn-13298.exe
1784	Unicorn-13334.exe

Loads dropped DLL 64 IoCs

pid	Process
2180	b705d57b43b2bc0e0f0a4607be33d34c.exe
2180	b705d57b43b2bc0e0f0a4607be33d34c.exe
348	Unicorn-21733.exe
348	Unicorn-21733.exe
2180	b705d57b43b2bc0e0f0a4607be33d34c.exe
2180	b705d57b43b2bc0e0f0a4607be33d34c.exe
1696	Unicorn-8022.exe
1696	Unicorn-8022.exe
348	Unicorn-21733.exe
348	Unicorn-21733.exe
2580	Unicorn-45526.exe
2580	Unicorn-45526.exe
2720	Unicorn-25126.exe
2720	Unicorn-25126.exe
2580	Unicorn-45526.exe
2680	Unicorn-28656.exe
2680	Unicorn-28656.exe
2580	Unicorn-45526.exe
2560	Unicorn-59029.exe
2560	Unicorn-59029.exe
2720	Unicorn-25126.exe
2720	Unicorn-25126.exe
2500	Unicorn-24088.exe
2500	Unicorn-24088.exe
1448	Unicorn-52122.exe
1448	Unicorn-52122.exe
2680	Unicorn-28656.exe
2680	Unicorn-28656.exe
2740	Unicorn-12646.exe
2740	Unicorn-12646.exe
2560	Unicorn-59029.exe
2560	Unicorn-59029.exe
2732	Unicorn-41981.exe
2732	Unicorn-41981.exe
2744	Unicorn-37535.exe
2744	Unicorn-37535.exe
2500	Unicorn-24088.exe
2500	Unicorn-24088.exe
2324	Unicorn-11229.exe
2324	Unicorn-11229.exe
2944	Unicorn-47431.exe
2944	Unicorn-47431.exe
1448	Unicorn-52122.exe
1448	Unicorn-52122.exe
2572	Unicorn-53160.exe
2572	Unicorn-53160.exe
1808	Unicorn-16438.exe
1808	Unicorn-16438.exe
2740	Unicorn-12646.exe
1788	Unicorn-27403.exe
2740	Unicorn-12646.exe
1788	Unicorn-27403.exe
2732	Unicorn-41981.exe
2336	Unicorn-55010.exe
2732	Unicorn-41981.exe
2336	Unicorn-55010.exe
1480	Unicorn-27787.exe
1480	Unicorn-27787.exe
2744	Unicorn-37535.exe
2744	Unicorn-37535.exe
1856	Unicorn-32617.exe
1856	Unicorn-32617.exe
1132	Unicorn-3474.exe
1132	Unicorn-3474.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3048	2260	WerFault.exe	101

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2180	b705d57b43b2bc0e0f0a4607be33d34c.exe
348	Unicorn-21733.exe
1696	Unicorn-8022.exe
2580	Unicorn-45526.exe
2572	Unicorn-53160.exe
2720	Unicorn-25126.exe
2680	Unicorn-28656.exe
2560	Unicorn-59029.exe
2500	Unicorn-24088.exe
1448	Unicorn-52122.exe
2740	Unicorn-12646.exe
2732	Unicorn-41981.exe
2744	Unicorn-37535.exe
2944	Unicorn-47431.exe
2324	Unicorn-11229.exe
1808	Unicorn-16438.exe
2336	Unicorn-55010.exe
1788	Unicorn-27403.exe
1480	Unicorn-27787.exe
1856	Unicorn-32617.exe
1132	Unicorn-3474.exe
700	Unicorn-26635.exe
2256	Unicorn-39633.exe
964	Unicorn-11772.exe
904	Unicorn-30029.exe
1656	Unicorn-46557.exe
1232	Unicorn-22053.exe
2168	Unicorn-43411.exe
1704	Unicorn-2187.exe
1092	Unicorn-46666.exe
1596	Unicorn-38773.exe
1528	Unicorn-23314.exe
1560	Unicorn-10464.exe
2392	Unicorn-62125.exe
2060	Unicorn-55026.exe
2648	Unicorn-2488.exe
2864	Unicorn-18519.exe
2544	Unicorn-37293.exe
2612	Unicorn-25556.exe
2364	Unicorn-21149.exe
1716	Unicorn-38746.exe
2516	Unicorn-1243.exe
1980	Unicorn-5114.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 348	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	28
PID 2180 wrote to memory of 348	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	28
PID 2180 wrote to memory of 348	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	28
PID 2180 wrote to memory of 348	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	28
PID 348 wrote to memory of 1696	348	Unicorn-21733.exe	29
PID 348 wrote to memory of 1696	348	Unicorn-21733.exe	29
PID 348 wrote to memory of 1696	348	Unicorn-21733.exe	29
PID 348 wrote to memory of 1696	348	Unicorn-21733.exe	29
PID 2180 wrote to memory of 2580	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	30
PID 2180 wrote to memory of 2580	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	30
PID 2180 wrote to memory of 2580	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	30
PID 2180 wrote to memory of 2580	2180	b705d57b43b2bc0e0f0a4607be33d34c.exe	30
PID 1696 wrote to memory of 2572	1696	Unicorn-8022.exe	31
PID 1696 wrote to memory of 2572	1696	Unicorn-8022.exe	31
PID 1696 wrote to memory of 2572	1696	Unicorn-8022.exe	31
PID 1696 wrote to memory of 2572	1696	Unicorn-8022.exe	31
PID 348 wrote to memory of 2720	348	Unicorn-21733.exe	32
PID 348 wrote to memory of 2720	348	Unicorn-21733.exe	32
PID 348 wrote to memory of 2720	348	Unicorn-21733.exe	32
PID 348 wrote to memory of 2720	348	Unicorn-21733.exe	32
PID 2580 wrote to memory of 2680	2580	Unicorn-45526.exe	33
PID 2580 wrote to memory of 2680	2580	Unicorn-45526.exe	33
PID 2580 wrote to memory of 2680	2580	Unicorn-45526.exe	33
PID 2580 wrote to memory of 2680	2580	Unicorn-45526.exe	33
PID 2720 wrote to memory of 2560	2720	Unicorn-25126.exe	34
PID 2720 wrote to memory of 2560	2720	Unicorn-25126.exe	34
PID 2720 wrote to memory of 2560	2720	Unicorn-25126.exe	34
PID 2720 wrote to memory of 2560	2720	Unicorn-25126.exe	34
PID 2680 wrote to memory of 1448	2680	Unicorn-28656.exe	35
PID 2680 wrote to memory of 1448	2680	Unicorn-28656.exe	35
PID 2680 wrote to memory of 1448	2680	Unicorn-28656.exe	35
PID 2680 wrote to memory of 1448	2680	Unicorn-28656.exe	35
PID 2580 wrote to memory of 2500	2580	Unicorn-45526.exe	36
PID 2580 wrote to memory of 2500	2580	Unicorn-45526.exe	36
PID 2580 wrote to memory of 2500	2580	Unicorn-45526.exe	36
PID 2580 wrote to memory of 2500	2580	Unicorn-45526.exe	36
PID 2560 wrote to memory of 2740	2560	Unicorn-59029.exe	37
PID 2560 wrote to memory of 2740	2560	Unicorn-59029.exe	37
PID 2560 wrote to memory of 2740	2560	Unicorn-59029.exe	37
PID 2560 wrote to memory of 2740	2560	Unicorn-59029.exe	37
PID 2720 wrote to memory of 2732	2720	Unicorn-25126.exe	38
PID 2720 wrote to memory of 2732	2720	Unicorn-25126.exe	38
PID 2720 wrote to memory of 2732	2720	Unicorn-25126.exe	38
PID 2720 wrote to memory of 2732	2720	Unicorn-25126.exe	38
PID 2500 wrote to memory of 2744	2500	Unicorn-24088.exe	39
PID 2500 wrote to memory of 2744	2500	Unicorn-24088.exe	39
PID 2500 wrote to memory of 2744	2500	Unicorn-24088.exe	39
PID 2500 wrote to memory of 2744	2500	Unicorn-24088.exe	39
PID 1448 wrote to memory of 2944	1448	Unicorn-52122.exe	40
PID 1448 wrote to memory of 2944	1448	Unicorn-52122.exe	40
PID 1448 wrote to memory of 2944	1448	Unicorn-52122.exe	40
PID 1448 wrote to memory of 2944	1448	Unicorn-52122.exe	40
PID 2680 wrote to memory of 2324	2680	Unicorn-28656.exe	41
PID 2680 wrote to memory of 2324	2680	Unicorn-28656.exe	41
PID 2680 wrote to memory of 2324	2680	Unicorn-28656.exe	41
PID 2680 wrote to memory of 2324	2680	Unicorn-28656.exe	41
PID 2740 wrote to memory of 1808	2740	Unicorn-12646.exe	42
PID 2740 wrote to memory of 1808	2740	Unicorn-12646.exe	42
PID 2740 wrote to memory of 1808	2740	Unicorn-12646.exe	42
PID 2740 wrote to memory of 1808	2740	Unicorn-12646.exe	42
PID 2560 wrote to memory of 2336	2560	Unicorn-59029.exe	43
PID 2560 wrote to memory of 2336	2560	Unicorn-59029.exe	43
PID 2560 wrote to memory of 2336	2560	Unicorn-59029.exe	43
PID 2560 wrote to memory of 2336	2560	Unicorn-59029.exe	43

C:\Users\Admin\AppData\Local\Temp\b705d57b43b2bc0e0f0a4607be33d34c.exe
"C:\Users\Admin\AppData\Local\Temp\b705d57b43b2bc0e0f0a4607be33d34c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        7⤵
        Executes dropped EXE
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        6⤵
        Executes dropped EXE
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        7⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        6⤵
        Executes dropped EXE
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        7⤵
        
        PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        8⤵
        Executes dropped EXE
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        6⤵
        Executes dropped EXE
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        7⤵
        Executes dropped EXE
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        7⤵
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        8⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        8⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        6⤵
        Executes dropped EXE
        
        PID:876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        8⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        7⤵
        Executes dropped EXE
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        7⤵
        Executes dropped EXE
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        7⤵
        Executes dropped EXE
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        9⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        6⤵
        Executes dropped EXE
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        7⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 188
        8⤵
        Program crash
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        7⤵
        Executes dropped EXE
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        12⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15887.exe
        6⤵
        Executes dropped EXE
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        8⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        6⤵
        Executes dropped EXE
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        9⤵
        
        PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        7⤵
        Executes dropped EXE
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        9⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        6⤵
        Executes dropped EXE
        
        PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        6⤵
        Executes dropped EXE
        
        PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe

Filesize
184KB

MD5
c14bc10c1953b499639d7d88e51b672a

SHA1
4a9d618941decfad5769c935d04dd6eed891149b

SHA256
6fcd9c71f41ebeb1c260d821af5cd73f5a5e0360f01efe985d5a59af47db6cac

SHA512
7081f42ab0db6b9c54b9c1575c02a0a945e6adbbdc24ea89c35b298df28f1f483528cfc31baafa0d1f34160217f5ab3a6cf4d0ce1230991017bdd4fc5d8c8d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe

Filesize
75KB

MD5
2d8caea1814046af5a3870e5fd4516ae

SHA1
e3fca3a2f295bfd6fd0c1cfdc9c160d6c21cd407

SHA256
f7fb25f8cd6bd941f73f8b5ec06c2f7f2f68b3323b08f0c83cff9c034d3014fa

SHA512
b4a453e5dad28048e1b2a641ff1a1d6f000fbc105ecb948aa600be12d735c0806855f0c691dcb63a4c5526e8892c4761d0152d467bc98837a99d1706912879e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe

Filesize
184KB

MD5
5aa4645774300f46f2f9ab275d5f9d06

SHA1
5b45c261c8d6b45bde412c5b651ae379f224cb0b

SHA256
f95061f16c790515785094722e050a372c80b9ed17be8a34c5e4f53a355b1433

SHA512
6a3bc4631d8f5f0c98a6616a8cfc09c2d3bb2ea0fa2e81ece9e02f893e08737772ff4b66edb22c82f6394f811dc8b4c6e9788a00467baeb3263df606a29fc30b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe

Filesize
184KB

MD5
003da161d0d3856aabab7431292b5b8f

SHA1
61d13f3e5c3591d0ff8f5387711618ae4addbe59

SHA256
1bfc78e9c8f5952a507d47e610b0382e1259ebc2e004e4ad45df00fefdbd5d31

SHA512
caa2d93bbd52ce0ba9bb95ed9c26b5f91b31b5b7a5bc9a5d57c47e5b93d66259afc52e6fe4c85a8f9024ece82d5f33e11cb2b49b176e498b51f79792e9cbf6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe

Filesize
184KB

MD5
2dee5cce77b584ad4a3edc89c38cfa58

SHA1
81aa080f458b0c452ff5582579778907758a3df3

SHA256
ca1e8055da3013b16888c9b61676c1823311e12ecd07363279c17bc2ce42180a

SHA512
1c7c8ee30f2d723fc282f8517c400e6746b12f6f809aa20400c8a9799e322af4f04775901a4cb6b7e18c638639e2fd5bb9ac1c663421e2b79e58656dcaa1e282

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe

Filesize
184KB

MD5
07b2c863c9e4affc097d7741c7242a8c

SHA1
ae5192d8adaa8b0fdf0c25d678bf4bb782bf987d

SHA256
1c7bc1f0e7e7af82a04f33f6357d3a0395585ca0049df1aa98587be83307c459

SHA512
65b29bed8938d52879bcaa2958917a9e3e9ba1718a9e1085029ec5a544841903428856ba7d36b0931d115c894a69b57b1568ae83207e9a20235e996e79637e07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe

Filesize
184KB

MD5
8a74a068febab51da9b93307ada3ad4b

SHA1
2128e78b9ec4a5f0031f902f4d2040a77af3c5c8

SHA256
71439ac41f745892ebd2880a9662e7ca6329699a30b5c3bef822f0304a2239fa

SHA512
8a1f3f1558eff1c68ab102d482918df2e0825ca50e8e35f9d48c0c43106e37ee933781da5ee7657207671c4db6e0cfa3cd1bc6b1bebf32c33f698a38370bb745

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe

Filesize
184KB

MD5
c904961a1e6fa9ab859d0c787d3335ab

SHA1
b343ccb8f3648549f10ac3175e82780954a76c42

SHA256
7bb448b0cef34f44ecaef3e4d56adb87a733f4a27e74e7b79c17c4eeb4b806a4

SHA512
e80614e3d972f02fc8e2318b672f045bf0d34c76aa6dbc0ac8e8c6aca37ea989f6b39775eed0b2b5f3c94ba2ff08348afb6d07cf26ca290dc474f29b6672fc35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe

Filesize
184KB

MD5
0952b30fa28388baed299a2cb08dc948

SHA1
dd39069ecf021a2b98cfe66f3ecfe4631b90654a

SHA256
740b985512374c6c753a7fe8cb78ece2f4863f80b57b445bbd6a69ec9eef1212

SHA512
317d1575521c81aac8147e7031cbd9921b4ea9acad323f844d5609fd810f1723587e5f85a6f8c4e1269028f61110206130c1c3734f81f81fab5488739c333553

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe

Filesize
184KB

MD5
57930c3bcc42eff63455092f9974a5c3

SHA1
7d9154b422704f352d6c77e468fa66c7f84b4f2c

SHA256
99315f5ac5551c66a520e59e70db831139135aae010966f37a979c6086794e95

SHA512
e48d2c12e766507ee545d6850a137f4f5433fec3743c2085c52e7515da59e8b372cb549cf024df890999ac2d238e5da4e2d4a0b59c9d606fc2f5bc6519c7315d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe

Filesize
184KB

MD5
f9e1bfd12b7cd45aeed1f4633c01d08e

SHA1
001ec3c9a1a245e587c648945c761bce944bfa70

SHA256
b9573ebe7b5b2909249e79ed7c357305d1cc4df9ea104a5ab3d373cb00306237

SHA512
5c981925bbc0ecce2cc638ce504aa67a1c37de9aaef08707f8304eb342529b6f92233921d443cc29263435c37c123b3c652ab05120b8a4addceb6276e7015cc6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe

Filesize
184KB

MD5
1791d7ac55f32385f1ee0aee484e401a

SHA1
257586f3feef6f7117c228af70e2144a3a5abd6b

SHA256
bec62ea728ab2a30785bb3a0d1e80122db930c0fc588afde8fe0638b377e24df

SHA512
8694a8435786bfc15d49117b66a81a63a7c6143084c661b98ddd5cfef3e20db09a0b24863f6b3a4cb828e017e096e28c422e237daff194e540762313f1233c93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe

Filesize
184KB

MD5
4d952170418f57fc04a74e8e7f269180

SHA1
0eb9d383459299622e3efaa71f9f983686694092

SHA256
9ceb00095f5193ec176b9843d96e955debaaa9c58d26ee2e30b645b496a29b23

SHA512
2c56eb620230aa374d49439aee42ab54be539e581ff76421d1c6640933d8213ec6b1b96ac95def5a63add8b343db82e93cb8b0b51fdc42948a80fbd0c7693c84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe

Filesize
184KB

MD5
a26871f8c81e76e7a2d14327592e5c8b

SHA1
839055950ed31203be2dea423b8a342c91c0f136

SHA256
75e4d5ff96269937842c0a9c307337c010e01e0ab0d030a35976934104235c4c

SHA512
a344f4edc904989659ae6158d9ab7a0393baf8f628975e91d04bfa6a7947a34f6dd34cf29c25448b77448c8d8526c1f571c2a16b519dd4c37ff764c7e7d1e9c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe

Filesize
184KB

MD5
151dd0c83389baaaf05c13e8f6c12528

SHA1
8286f3fa84f8a3830b205e4efb077753154fb6d7

SHA256
e923d275d54779daff7d6f236e398479e7cb301bd5a833309fa92dbd9c0a5732

SHA512
04c9c5811c51fca00a415e2411665aff76a3c5bb8b2e659a3b2a6a79cab9ed0ed8ec4a065faa71ef9aa8116e0c1544b3c79de61cbf10484d5ef2766b5c761364

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe

Filesize
184KB

MD5
975d7cc06111505d4162fdca8fa53d57

SHA1
cfa011b6b1f6f4eb60c163af25b6b9acf4e07d90

SHA256
11cd6d6b5ac2acb1c39d88c62c5f91984c66a1548a8c8bdadd4408d30c6814fc

SHA512
015a6607dbc320aafe5d568a9c0e6e9b6a74b254dcbfbd3555f6dc2301ef994429c0a74a28802abfbc5a8faf447654d795e6f52f1a521380a833c6c190f31256

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe

Filesize
184KB

MD5
b3586d8c4385519d4884768291640b8f

SHA1
03ceb07cb824960edc0780c87df98ba9745f239f

SHA256
9ecb57119dfb11e86d82467d42e6867525eff47674516c8ea4adb5a2f0be392d

SHA512
29bc21a68f7c59e52cf4af4ed5655843286b68d4df82c3977f1279cf2e0f13150bd0cf7f560d7fcb83022ee1abf2ae8c007e370dcdf6fa82422fe606561a3d28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe

Filesize
184KB

MD5
83b241c1513bc91051d54622ebb17701

SHA1
b84af5e7bbedc6f13c46a3ad288d57aea91e7b41

SHA256
eb94fb5574cab3f19eafc64734cbacfa92472192fc597098aa6b59e42e963ec9

SHA512
3aa570f3837e3a93483d0fc621b5bcdc74f464dfe92036a7bb446b5b3ef6df31fbea0420f81512f90472aa8280cec5d3bcd057b3720c0a1e70551350e562670e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe

Filesize
184KB

MD5
c3a770290c18311d9cfe88c5f1ca34ce

SHA1
0cf9602cdb4b283c5d4b1cff8b51af8a0d80a2c3

SHA256
3a3d2b492a6178958fcff3b62ffddd27ff14486eb489709f176e721bd25e957a

SHA512
d71fa9d2aed341aed3465b392a110a7d60c8cc9ff4155b1996d910a9410466936c4690c6099fa3b0519d53ea41dcc8225877716a909bc35d0c835c112c383dc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads