d3ece2f05b8b476a92849e68d6aa6df71b70e4f956b31af5f8b6ffbb8416bb15

Analysis

max time kernel
112s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 15:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7cc2e070be9f43a6e4d35c5154ac790.exe
Size

184KB
MD5

b7cc2e070be9f43a6e4d35c5154ac790
SHA1

16d2a22be535028149bf8e53a035697f1baa2ef8
SHA256

d3ece2f05b8b476a92849e68d6aa6df71b70e4f956b31af5f8b6ffbb8416bb15
SHA512

ea5bd826b092425c9a248cc643cee16a2a09ffd244d550592c5f9cd5131291f7e41a01c40255cf27d9b089d22eb919bf93170033e3ea2aa6d38289e3ebafa4f9
SSDEEP

3072:ZVS2o4SytW5oFqjCoar+cJcXPLhMo42Sdixv9EqdNlvvpF2:ZVzosGoFFo0+cJs/JPNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2976	Unicorn-30879.exe
2948	Unicorn-19826.exe
2576	Unicorn-4044.exe
2612	Unicorn-8787.exe
2704	Unicorn-24569.exe
2440	Unicorn-36821.exe
2888	Unicorn-33095.exe
1500	Unicorn-53515.exe
2348	Unicorn-37925.exe
1860	Unicorn-61875.exe
764	Unicorn-46094.exe
1668	Unicorn-22042.exe
1940	Unicorn-10344.exe
1364	Unicorn-1813.exe
2756	Unicorn-26318.exe
1604	Unicorn-27832.exe
2036	Unicorn-59950.exe
1716	Unicorn-15300.exe
1044	Unicorn-4563.exe
2136	Unicorn-40957.exe
408	Unicorn-45041.exe
2828	Unicorn-57485.exe
1780	Unicorn-95.exe
2176	Unicorn-58040.exe
2128	Unicorn-10723.exe
1052	Unicorn-40058.exe
836	Unicorn-27060.exe
1904	Unicorn-57039.exe
1900	Unicorn-37173.exe
1912	Unicorn-57039.exe
2248	Unicorn-25135.exe
1928	Unicorn-41170.exe
2524	Unicorn-44564.exe
1560	Unicorn-56139.exe
1504	Unicorn-15288.exe
1868	Unicorn-7411.exe
1880	Unicorn-53846.exe
1420	Unicorn-22757.exe
2768	Unicorn-44412.exe
2856	Unicorn-33097.exe
772	Unicorn-57793.exe
2652	Unicorn-26164.exe
1708	Unicorn-54944.exe
344	Unicorn-5551.exe
1100	Unicorn-42500.exe
2088	Unicorn-54752.exe
1748	Unicorn-35810.exe
900	Unicorn-55676.exe
2900	Unicorn-2391.exe
2344	Unicorn-6475.exe
868	Unicorn-14643.exe
2600	Unicorn-48255.exe
996	Unicorn-2583.exe
2964	Unicorn-11218.exe
1932	Unicorn-7689.exe
340	Unicorn-39999.exe
1864	Unicorn-36469.exe
2532	Unicorn-55951.exe
2704	Unicorn-35016.exe
3056	Unicorn-9957.exe
2908	Unicorn-44337.exe
1580	Unicorn-24793.exe
2800	Unicorn-65079.exe
1468	Unicorn-43782.exe

Loads dropped DLL 64 IoCs

pid	Process
1888	b7cc2e070be9f43a6e4d35c5154ac790.exe
1888	b7cc2e070be9f43a6e4d35c5154ac790.exe
2976	Unicorn-30879.exe
2976	Unicorn-30879.exe
1888	b7cc2e070be9f43a6e4d35c5154ac790.exe
1888	b7cc2e070be9f43a6e4d35c5154ac790.exe
2948	Unicorn-19826.exe
2948	Unicorn-19826.exe
2976	Unicorn-30879.exe
2976	Unicorn-30879.exe
2576	Unicorn-4044.exe
2576	Unicorn-4044.exe
2612	Unicorn-8787.exe
2612	Unicorn-8787.exe
2704	Unicorn-24569.exe
2948	Unicorn-19826.exe
2704	Unicorn-24569.exe
2948	Unicorn-19826.exe
2440	Unicorn-36821.exe
2440	Unicorn-36821.exe
2576	Unicorn-4044.exe
2576	Unicorn-4044.exe
2888	Unicorn-33095.exe
2888	Unicorn-33095.exe
2612	Unicorn-8787.exe
2612	Unicorn-8787.exe
2348	Unicorn-37925.exe
2348	Unicorn-37925.exe
1860	Unicorn-61875.exe
1860	Unicorn-61875.exe
2440	Unicorn-36821.exe
2440	Unicorn-36821.exe
764	Unicorn-46094.exe
764	Unicorn-46094.exe
1668	Unicorn-22042.exe
1668	Unicorn-22042.exe
2888	Unicorn-33095.exe
2888	Unicorn-33095.exe
1940	Unicorn-10344.exe
1940	Unicorn-10344.exe
2756	Unicorn-26318.exe
2756	Unicorn-26318.exe
1364	Unicorn-1813.exe
1364	Unicorn-1813.exe
1860	Unicorn-61875.exe
1860	Unicorn-61875.exe
2348	Unicorn-37925.exe
2348	Unicorn-37925.exe
2036	Unicorn-59950.exe
2036	Unicorn-59950.exe
1604	Unicorn-27832.exe
1604	Unicorn-27832.exe
764	Unicorn-46094.exe
764	Unicorn-46094.exe
1668	Unicorn-22042.exe
1668	Unicorn-22042.exe
1044	Unicorn-4563.exe
1716	Unicorn-15300.exe
1044	Unicorn-4563.exe
1716	Unicorn-15300.exe
2828	Unicorn-57485.exe
2828	Unicorn-57485.exe
2136	Unicorn-40957.exe
2136	Unicorn-40957.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
1888	b7cc2e070be9f43a6e4d35c5154ac790.exe
2976	Unicorn-30879.exe
2948	Unicorn-19826.exe
2576	Unicorn-4044.exe
2612	Unicorn-8787.exe
2704	Unicorn-24569.exe
2440	Unicorn-36821.exe
2888	Unicorn-33095.exe
2348	Unicorn-37925.exe
1500	Unicorn-53515.exe
1860	Unicorn-61875.exe
764	Unicorn-46094.exe
1668	Unicorn-22042.exe
1940	Unicorn-10344.exe
1364	Unicorn-1813.exe
2756	Unicorn-26318.exe
2036	Unicorn-59950.exe
1604	Unicorn-27832.exe
1716	Unicorn-15300.exe
1044	Unicorn-4563.exe
2136	Unicorn-40957.exe
408	Unicorn-45041.exe
2828	Unicorn-57485.exe
1780	Unicorn-95.exe
2176	Unicorn-58040.exe
1900	Unicorn-37173.exe
2128	Unicorn-10723.exe
1052	Unicorn-40058.exe
836	Unicorn-27060.exe
1904	Unicorn-57039.exe
2248	Unicorn-25135.exe
2524	Unicorn-44564.exe
1912	Unicorn-57039.exe
1928	Unicorn-41170.exe
1560	Unicorn-56139.exe
1504	Unicorn-15288.exe
1868	Unicorn-7411.exe
1420	Unicorn-22757.exe
2856	Unicorn-33097.exe
1880	Unicorn-53846.exe
2768	Unicorn-44412.exe
772	Unicorn-57793.exe
2652	Unicorn-26164.exe
1708	Unicorn-54944.exe
344	Unicorn-5551.exe
1100	Unicorn-42500.exe
2088	Unicorn-54752.exe
1748	Unicorn-35810.exe
900	Unicorn-55676.exe
2900	Unicorn-2391.exe
868	Unicorn-14643.exe
2344	Unicorn-6475.exe
996	Unicorn-2583.exe
2600	Unicorn-48255.exe
2964	Unicorn-11218.exe
1932	Unicorn-7689.exe
1864	Unicorn-36469.exe
340	Unicorn-39999.exe
2532	Unicorn-55951.exe
2704	Unicorn-35016.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2976	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	28
PID 1888 wrote to memory of 2976	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	28
PID 1888 wrote to memory of 2976	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	28
PID 1888 wrote to memory of 2976	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	28
PID 2976 wrote to memory of 2948	2976	Unicorn-30879.exe	29
PID 2976 wrote to memory of 2948	2976	Unicorn-30879.exe	29
PID 2976 wrote to memory of 2948	2976	Unicorn-30879.exe	29
PID 2976 wrote to memory of 2948	2976	Unicorn-30879.exe	29
PID 1888 wrote to memory of 2576	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	30
PID 1888 wrote to memory of 2576	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	30
PID 1888 wrote to memory of 2576	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	30
PID 1888 wrote to memory of 2576	1888	b7cc2e070be9f43a6e4d35c5154ac790.exe	30
PID 2948 wrote to memory of 2704	2948	Unicorn-19826.exe	31
PID 2948 wrote to memory of 2704	2948	Unicorn-19826.exe	31
PID 2948 wrote to memory of 2704	2948	Unicorn-19826.exe	31
PID 2948 wrote to memory of 2704	2948	Unicorn-19826.exe	31
PID 2976 wrote to memory of 2612	2976	Unicorn-30879.exe	32
PID 2976 wrote to memory of 2612	2976	Unicorn-30879.exe	32
PID 2976 wrote to memory of 2612	2976	Unicorn-30879.exe	32
PID 2976 wrote to memory of 2612	2976	Unicorn-30879.exe	32
PID 2576 wrote to memory of 2440	2576	Unicorn-4044.exe	33
PID 2576 wrote to memory of 2440	2576	Unicorn-4044.exe	33
PID 2576 wrote to memory of 2440	2576	Unicorn-4044.exe	33
PID 2576 wrote to memory of 2440	2576	Unicorn-4044.exe	33
PID 2612 wrote to memory of 2888	2612	Unicorn-8787.exe	34
PID 2612 wrote to memory of 2888	2612	Unicorn-8787.exe	34
PID 2612 wrote to memory of 2888	2612	Unicorn-8787.exe	34
PID 2612 wrote to memory of 2888	2612	Unicorn-8787.exe	34
PID 2704 wrote to memory of 1500	2704	Unicorn-24569.exe	35
PID 2704 wrote to memory of 1500	2704	Unicorn-24569.exe	35
PID 2704 wrote to memory of 1500	2704	Unicorn-24569.exe	35
PID 2704 wrote to memory of 1500	2704	Unicorn-24569.exe	35
PID 2948 wrote to memory of 2348	2948	Unicorn-19826.exe	36
PID 2948 wrote to memory of 2348	2948	Unicorn-19826.exe	36
PID 2948 wrote to memory of 2348	2948	Unicorn-19826.exe	36
PID 2948 wrote to memory of 2348	2948	Unicorn-19826.exe	36
PID 2440 wrote to memory of 1860	2440	Unicorn-36821.exe	37
PID 2440 wrote to memory of 1860	2440	Unicorn-36821.exe	37
PID 2440 wrote to memory of 1860	2440	Unicorn-36821.exe	37
PID 2440 wrote to memory of 1860	2440	Unicorn-36821.exe	37
PID 2576 wrote to memory of 764	2576	Unicorn-4044.exe	38
PID 2576 wrote to memory of 764	2576	Unicorn-4044.exe	38
PID 2576 wrote to memory of 764	2576	Unicorn-4044.exe	38
PID 2576 wrote to memory of 764	2576	Unicorn-4044.exe	38
PID 2888 wrote to memory of 1668	2888	Unicorn-33095.exe	39
PID 2888 wrote to memory of 1668	2888	Unicorn-33095.exe	39
PID 2888 wrote to memory of 1668	2888	Unicorn-33095.exe	39
PID 2888 wrote to memory of 1668	2888	Unicorn-33095.exe	39
PID 2612 wrote to memory of 1940	2612	Unicorn-8787.exe	40
PID 2612 wrote to memory of 1940	2612	Unicorn-8787.exe	40
PID 2612 wrote to memory of 1940	2612	Unicorn-8787.exe	40
PID 2612 wrote to memory of 1940	2612	Unicorn-8787.exe	40
PID 2348 wrote to memory of 1364	2348	Unicorn-37925.exe	41
PID 2348 wrote to memory of 1364	2348	Unicorn-37925.exe	41
PID 2348 wrote to memory of 1364	2348	Unicorn-37925.exe	41
PID 2348 wrote to memory of 1364	2348	Unicorn-37925.exe	41
PID 1860 wrote to memory of 2756	1860	Unicorn-61875.exe	42
PID 1860 wrote to memory of 2756	1860	Unicorn-61875.exe	42
PID 1860 wrote to memory of 2756	1860	Unicorn-61875.exe	42
PID 1860 wrote to memory of 2756	1860	Unicorn-61875.exe	42
PID 2440 wrote to memory of 1604	2440	Unicorn-36821.exe	43
PID 2440 wrote to memory of 1604	2440	Unicorn-36821.exe	43
PID 2440 wrote to memory of 1604	2440	Unicorn-36821.exe	43
PID 2440 wrote to memory of 1604	2440	Unicorn-36821.exe	43

C:\Users\Admin\AppData\Local\Temp\b7cc2e070be9f43a6e4d35c5154ac790.exe
"C:\Users\Admin\AppData\Local\Temp\b7cc2e070be9f43a6e4d35c5154ac790.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        7⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        7⤵
        
        PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57485.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        9⤵
        Executes dropped EXE
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44337.exe
        8⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
        10⤵
        Executes dropped EXE
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        9⤵
        Executes dropped EXE
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        7⤵
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        9⤵
        Executes dropped EXE
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        8⤵
        
        PID:2500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        8⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        7⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        8⤵
        
        PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        9⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        7⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
        7⤵
        
        PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe

Filesize
184KB

MD5
0a74db4d3e3edb032f6c8646ed7de4fc

SHA1
fe729a7569dc96245b41620ff8eeb7ac978fcd59

SHA256
c81fc4e42d2355c383ac71e1bf9870db53326d1941fdd2f7b6c26369af1a3fa3

SHA512
b099df1db77b91869ebc6b463be35b5885566ce5f9c1a056060f706d09673307d942b37779cc4461e1bc3259a73555d8e3e6d7651987f96c56616a738eae00a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe

Filesize
184KB

MD5
e318fddc6ad363fa1489f26cd1d565a4

SHA1
ae0165c2c968401c3f09d5ec95204730242bded4

SHA256
23c690fc21dd2aa2b3fde2a4578f10b578136f2451fe071f6fccaa1a64436523

SHA512
55dfd06464e95170719077014fd8ecdb2c911b64cb3a2fe844dc42cdad40eb000c3d23621fcc4ddbbe000cd99b41609f1b872b05ede73d02e24553398dcd47ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe

Filesize
184KB

MD5
260050a276444ee60587a56f57815320

SHA1
ec8b14bb41e95182672059f732b16302f2cd7df3

SHA256
1d4f204028d561f8f7c3340dea7e7579979474854b358313d579b6cf56c35160

SHA512
9651832a84d98e0930ddc190a0a2ca77431242e2bff301a57b9c793f20d9c0d1228646d9fc4122e085632aabc687d376cc23a8822989938c8246f8d278002876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe

Filesize
184KB

MD5
08da0ccc7a53ca850a409744102e69a2

SHA1
fd6c9e0e03461e2078fa3dd4604728679cf0fd2b

SHA256
75598984f3328e87bdf445a423351828b297c3cbcb0d6b5931e0d04a0d688a06

SHA512
9d28a51f05420d4d3ee401df17ef74fc8a73910efc0ce36063565417a4d6af6fbb2103ebe5084b08a6cfd5270da7c20822c652e02880fa94bd2c529692143648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe

Filesize
184KB

MD5
e3a845d216c09c5a5d07ffb634e0c72d

SHA1
0a007947d9e89255a33c170f5839e9032c405e25

SHA256
8abed1a175c6476651a58e95f4a1e63019a4ee5fd67439513960711fe2484b36

SHA512
52f6715573fa01ce02cbc702fc52b2a7672637946965e25041135d7a53317c66241b05f98bd6a209680156ec0fe7e96578ea18671d6d8d95259287d5c4818aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe

Filesize
184KB

MD5
90eedefd0adced64c121a58e44a022c4

SHA1
b70e56aca3752a813a8de25b19689e5dc9c471d2

SHA256
b59335d06b459881eb032af7d6631d63d5dccdafad96186100fb80a701a34d0c

SHA512
95c5f484999eb5bf9100043786cc29d3ceedc4d6fb6b8816037373b8101047c4f42678e4e765f2e139b4d6aed2d0d12ad75bf36462ace4058c9241a1b1008615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe

Filesize
184KB

MD5
6318ca69e5ba71a287f0cdc0d6beb163

SHA1
1e38b36272280c70124fac4f7d4f6089ad47bc8f

SHA256
70c29905fd0896697fe2ef5a31775651b16244b0f1719c6583827db049f630f5

SHA512
56b03ce8823c47ab6cce001b2e4a36dd566cc1f3019263c1cfece340ddedd70fc110f376de78f526646ca321e88340d362f9771de20c6fd915d7685d9b5bac11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe

Filesize
184KB

MD5
d363d161cb90524f153bcf6ab80e7c3a

SHA1
92978e60f4fc1b6b16566d09d234977e57019d52

SHA256
966bc461f54eabbceaca945f37a5fda07ec074cb62578f9e093242b7e90f87c7

SHA512
921ab4e432805a2ecb1805b8cae7cdcae05241a59016bd4372bcd7c39108619476a57d24af3a47dc996dedcd51ab1a86e13524255d651e3f00646368e8950bf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe

Filesize
184KB

MD5
b76d2659a37a8875ef266bf24b04df1d

SHA1
ef1dd1265f1ebb58edb2818399868065288a4612

SHA256
31ea60190591df2433221ac9c7f62a0ff979a60e938238b030a67c85df24cc5a

SHA512
2a933b42dd9383fb6a2f49213d0e1f1f867b0883deedfae29ea9fb18fe79bddf464b1cb8d83514bda17c8cc1e3ddb54eb00d37310bbcb04be9357cd1def0d4f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe

Filesize
184KB

MD5
4997692d5c3c3769e24bf2b977ea6c86

SHA1
6c5562b72c59cd930a2a855ef32ef5bbe2215f57

SHA256
5f5d750e26c6707a560179e2f06200bd218c34d77d0feac62efa80db098b5d38

SHA512
15752625bab0ff0ada68d1908a297022314bbe3f36849de75a8353b718c9f32b5f9d60f51c26a1e336b84aef59369a6928eafa8263e9e9c6566a6df1b3fcabea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe

Filesize
184KB

MD5
e6437810e7336814b3560420e6da6f13

SHA1
79edcee7198f26a15a8500473f96b7d95cdc957a

SHA256
e2b149caf71ccc83a2c7800bdf1114a14233744354dd679041f9602a9b681976

SHA512
a39f495870c32a65f779c0ed1bec6e12d309d7485974baffeee83c143ff75daa2eb3b6e50db647d8b81a8251fb381710c21a01916ba49a6993876ad3e2f03f1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe

Filesize
184KB

MD5
7f293a1d24f4f1b7ce975c54c9ae9128

SHA1
b24a115b9db8829216c465e23a9b184e64ed28b4

SHA256
76897dd019e3306ae12e639f86c14bd56996f2517e56ad038eb4f50b6e17a6a6

SHA512
72dac1431f150e6419202f7a4566cd92c5e386835f6df4d66049331cb152dd7b4f64488d1874cebaf397d0492fd884073213ff684175ea47213441e1facadda2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe

Filesize
184KB

MD5
1cf228eaea12190df52ff966eda852a4

SHA1
6f6f2cad120db8e80180fabda750f95622128fb4

SHA256
f0a5f506dc81dab255b2b8cd60b262a510c02413bea304920b42d927db8fdd16

SHA512
876a25b9ad7ccb484d8825bb80ef897ca9ef08ac4374c50527dc4739cb773b58aa167e3f0970ce8815de91188092e6e54c0cb8e292562fc617ac3c518c2772dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe

Filesize
184KB

MD5
5141a115e15d12b1385230a25c57a6de

SHA1
4422d5e226b5705ad317d6cd0c927168de11bd2d

SHA256
5f0091b2b65278af8c84d1765e830ec1887d15f62922cc6b18d693d57358ca26

SHA512
94d5e1d4f09c6a695044690a516ce92c87085fbe3a7f707f6a3c3eb657c521f045594df5baf9ab6d6ee9f18f72c24bf50fb0c4036781da53662b4015e70fd243

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe

Filesize
184KB

MD5
00bcd39d633c08a7629fa0340a2131e4

SHA1
0ab8eedffc4e93113f86ba9eba01c0891a39aaf0

SHA256
d90690ea8bd53ea316d0f5ed671cae6f155a7322d5eb25eb3dfadb585ae7a301

SHA512
da7022afe879d5c53baca0810e2bed6a94a0165a4f44b285be93bc73ff939caa61b87b9a5dca34b0f6559c8e45dcda5103e16360b6e7262d0d194fbc1a031eed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe

Filesize
184KB

MD5
59ed82e19d7243086256205088b33772

SHA1
587b7d848d2da26246a0a3b5f7b9ee2e55065e66

SHA256
f500bd8d03d3fffc91636ce2f8ed3344ef7c47d4cc0c67d44494ea9ea84b8f47

SHA512
186ae2e0b5da714f0ed7f34350ab8787bf44989028417766a7ea9add8472bf1cb32dfd783ba5f66425f70ef6ba0f67dac407bb11d969a241957b35ae9abad2a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe

Filesize
184KB

MD5
580830c95c8c41c153f4d1edfbd2c3d7

SHA1
3208ee87b801f141b04746f2725540c8be3b0fe6

SHA256
e3d4820260d52c901e18d393d919d8ca3b46f940453bd0d3f6e992b79c2dd4dd

SHA512
1dd4169218d52f617d960b5a425e84dae45277556776316c7f4445821be45430a1588b2f6f2bbba5713a03d57ea341cb546e9546af2f43f79a54b6151fdf8668

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe

Filesize
184KB

MD5
1bb77bbc662ad261293ee48d433640dd

SHA1
3cfe9d143f8a08426a22e726d25879a1bb1ada1a

SHA256
32e6485e1d73eee661b1053aed1e1a4ed270db5fde75dd5e7909eb1bcf62c0f1

SHA512
a95dbe4efcba92fb2e4705efaaeb72881138d0557812bd4052cae470c425ff01b2eda3aee9028bb2a885abe89dc4eb21c8f9040eaa270acb9a877d1abbc50768

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe

Filesize
184KB

MD5
5dbb4b500c71e8b17a8518a9e2375de7

SHA1
5c385cfe3b873f4871a840a1590893d34833157b

SHA256
15bbac28667742ab6dfd1cd481f4d87874b4b3461481e885de556f879d42a743

SHA512
8deb9ec23d835f2c67818ba003fb2c60bbc1137871d6da281c26cc16bb45bd1f633ddb16dde56f3644f684ec1e1329bdf6d5b73621865e8371eaa1974b963cf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe

Filesize
184KB

MD5
d4342a023c03c759a1a1a075fc98fe03

SHA1
52f8b0d27101d467ec652b3bb52162fa1c0abbab

SHA256
ab7054a4e46bb4eebaa4437759c41f2315d24de512ac7c1a6152fa5370295d3c

SHA512
84bf81b936f454acc5540fae38a05c29a25a7dc72341ad6aa14f5ff163ab5ce4d4c7a355d671adef7e91a921d8763129f201530bcf95e719de8c388702da405f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe

Filesize
184KB

MD5
5733c090c43dfa512c18f421d158be06

SHA1
9eb61c3851b7b4d16cfb58fff1170f52ab5bc1bb

SHA256
345de09415e6bd935a3e285b9f84c8fbf504c46f921cdc88bd878c8cca9a8367

SHA512
2adc370146c62f924f8d1b71209a3253f604bddc7b49a870317b9fac10e9a1e415841d6e2ccb1132c71567f7f348666f15b28a2d96a727ea4774eabeeb915c9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe

Filesize
184KB

MD5
d072e067d1418cd78f656b1eeb5c8d48

SHA1
0f0522bda97237a677477cd84b4479e62d68b819

SHA256
0b69681594c1fff25ecaaab5f1afa974a78635ba74eb975e09756c3695dae6ac

SHA512
72d67e9381725906154301f0c697a9da6b392b2f3b46c140d0a0691d47498fa950945387de3675e6cd10c3b2db318db0cc98f58a0898e2e83155127e5fe8e849

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads