3eca1db8ac12cdbb9270bd3f34fb5e60ed5a58e268313b199c6254ccddb30c90

Analysis

max time kernel
51s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7304eae1aea621e8c083549deda1f53.exe
Size

184KB
MD5

b7304eae1aea621e8c083549deda1f53
SHA1

dd80e121a225b324999e310fab692c563bb354f5
SHA256

3eca1db8ac12cdbb9270bd3f34fb5e60ed5a58e268313b199c6254ccddb30c90
SHA512

68721adedab37f8d03452cc03fc8eed0600f3c27dedc769c2ed66eaad9d9f685e622880090da32a7cdacc5d30509fadb0b00a6217a7156578f86f62f0018703e
SSDEEP

3072:gUhPomq80DwMXOjLqi9D+7+LsQPJwsIxbjxovoYpxlv1pFB:gUVo9EMXAquD+7xVg/xlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 52 IoCs

pid	Process
2264	Unicorn-63179.exe
2140	Unicorn-55094.exe
2688	Unicorn-63817.exe
2452	Unicorn-5940.exe
3040	Unicorn-43443.exe
2420	Unicorn-59225.exe
2836	Unicorn-27513.exe
1872	Unicorn-43849.exe
2712	Unicorn-27766.exe
2320	Unicorn-60953.exe
756	Unicorn-61508.exe
580	Unicorn-26226.exe
1176	Unicorn-59645.exe
1676	Unicorn-61036.exe
1712	Unicorn-43116.exe
1352	Unicorn-52676.exe
1152	Unicorn-44508.exe
1328	Unicorn-3475.exe
1892	Unicorn-49147.exe
2164	Unicorn-52951.exe
1168	Unicorn-41253.exe
1820	Unicorn-50813.exe
1304	Unicorn-56843.exe
1056	Unicorn-56028.exe
540	Unicorn-63641.exe
2892	Unicorn-64196.exe
3056	Unicorn-38945.exe
2856	Unicorn-30777.exe
2852	Unicorn-40891.exe
1748	Unicorn-21025.exe
2804	Unicorn-59920.exe
3016	Unicorn-818.exe
2496	Unicorn-36183.exe
2524	Unicorn-41659.exe
2612	Unicorn-49827.exe
2128	Unicorn-11487.exe
2468	Unicorn-27823.exe
2584	Unicorn-7725.exe
2488	Unicorn-24794.exe
1716	Unicorn-45769.exe
2824	Unicorn-26548.exe
804	Unicorn-8841.exe
2476	Unicorn-37984.exe
1256	Unicorn-49874.exe
2604	Unicorn-24554.exe
1776	Unicorn-24554.exe
304	Unicorn-64819.exe
292	Unicorn-37622.exe
1936	Unicorn-31400.exe
1916	Unicorn-44420.exe
472	Unicorn-36252.exe
1648	Unicorn-39027.exe

Loads dropped DLL 64 IoCs

pid	Process
1764	b7304eae1aea621e8c083549deda1f53.exe
1764	b7304eae1aea621e8c083549deda1f53.exe
2264	Unicorn-63179.exe
2264	Unicorn-63179.exe
1764	b7304eae1aea621e8c083549deda1f53.exe
1764	b7304eae1aea621e8c083549deda1f53.exe
2140	Unicorn-55094.exe
2140	Unicorn-55094.exe
2264	Unicorn-63179.exe
2264	Unicorn-63179.exe
2688	Unicorn-63817.exe
2688	Unicorn-63817.exe
3040	Unicorn-43443.exe
3040	Unicorn-43443.exe
2452	Unicorn-5940.exe
2452	Unicorn-5940.exe
2140	Unicorn-55094.exe
2140	Unicorn-55094.exe
2420	Unicorn-59225.exe
2420	Unicorn-59225.exe
2688	Unicorn-63817.exe
2688	Unicorn-63817.exe
2836	Unicorn-27513.exe
2836	Unicorn-27513.exe
3040	Unicorn-43443.exe
3040	Unicorn-43443.exe
1872	Unicorn-43849.exe
1872	Unicorn-43849.exe
2452	Unicorn-5940.exe
2452	Unicorn-5940.exe
2712	Unicorn-27766.exe
2712	Unicorn-27766.exe
2320	Unicorn-60953.exe
2320	Unicorn-60953.exe
756	Unicorn-61508.exe
756	Unicorn-61508.exe
2420	Unicorn-59225.exe
2420	Unicorn-59225.exe
580	Unicorn-26226.exe
580	Unicorn-26226.exe
2836	Unicorn-27513.exe
2836	Unicorn-27513.exe
1176	Unicorn-59645.exe
1176	Unicorn-59645.exe
1676	Unicorn-61036.exe
1676	Unicorn-61036.exe
1872	Unicorn-43849.exe
1872	Unicorn-43849.exe
1328	Unicorn-3475.exe
1328	Unicorn-3475.exe
756	Unicorn-61508.exe
756	Unicorn-61508.exe
1712	Unicorn-43116.exe
1712	Unicorn-43116.exe
1352	Unicorn-52676.exe
1352	Unicorn-52676.exe
1152	Unicorn-44508.exe
1152	Unicorn-44508.exe
2712	Unicorn-27766.exe
2712	Unicorn-27766.exe
2320	Unicorn-60953.exe
2320	Unicorn-60953.exe
2164	Unicorn-52951.exe
2164	Unicorn-52951.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
308	1036	WerFault.exe	94

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1764	b7304eae1aea621e8c083549deda1f53.exe
2264	Unicorn-63179.exe
2140	Unicorn-55094.exe
2688	Unicorn-63817.exe
3040	Unicorn-43443.exe
2452	Unicorn-5940.exe
2420	Unicorn-59225.exe
2836	Unicorn-27513.exe
1872	Unicorn-43849.exe
2712	Unicorn-27766.exe
2320	Unicorn-60953.exe
756	Unicorn-61508.exe
580	Unicorn-26226.exe
1176	Unicorn-59645.exe
1676	Unicorn-61036.exe
1328	Unicorn-3475.exe
1152	Unicorn-44508.exe
1712	Unicorn-43116.exe
1892	Unicorn-49147.exe
1352	Unicorn-52676.exe
2164	Unicorn-52951.exe
1168	Unicorn-41253.exe
1820	Unicorn-50813.exe
1304	Unicorn-56843.exe
1056	Unicorn-56028.exe
540	Unicorn-63641.exe
3056	Unicorn-38945.exe
2892	Unicorn-64196.exe
2856	Unicorn-30777.exe
1748	Unicorn-21025.exe
2852	Unicorn-40891.exe
2804	Unicorn-59920.exe
2496	Unicorn-36183.exe
2524	Unicorn-41659.exe
2584	Unicorn-7725.exe
2612	Unicorn-49827.exe
2488	Unicorn-24794.exe
2128	Unicorn-11487.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2264	1764	b7304eae1aea621e8c083549deda1f53.exe	28
PID 1764 wrote to memory of 2264	1764	b7304eae1aea621e8c083549deda1f53.exe	28
PID 1764 wrote to memory of 2264	1764	b7304eae1aea621e8c083549deda1f53.exe	28
PID 1764 wrote to memory of 2264	1764	b7304eae1aea621e8c083549deda1f53.exe	28
PID 2264 wrote to memory of 2140	2264	Unicorn-63179.exe	29
PID 2264 wrote to memory of 2140	2264	Unicorn-63179.exe	29
PID 2264 wrote to memory of 2140	2264	Unicorn-63179.exe	29
PID 2264 wrote to memory of 2140	2264	Unicorn-63179.exe	29
PID 1764 wrote to memory of 2688	1764	b7304eae1aea621e8c083549deda1f53.exe	30
PID 1764 wrote to memory of 2688	1764	b7304eae1aea621e8c083549deda1f53.exe	30
PID 1764 wrote to memory of 2688	1764	b7304eae1aea621e8c083549deda1f53.exe	30
PID 1764 wrote to memory of 2688	1764	b7304eae1aea621e8c083549deda1f53.exe	30
PID 2140 wrote to memory of 2452	2140	Unicorn-55094.exe	31
PID 2140 wrote to memory of 2452	2140	Unicorn-55094.exe	31
PID 2140 wrote to memory of 2452	2140	Unicorn-55094.exe	31
PID 2140 wrote to memory of 2452	2140	Unicorn-55094.exe	31
PID 2264 wrote to memory of 3040	2264	Unicorn-63179.exe	32
PID 2264 wrote to memory of 3040	2264	Unicorn-63179.exe	32
PID 2264 wrote to memory of 3040	2264	Unicorn-63179.exe	32
PID 2264 wrote to memory of 3040	2264	Unicorn-63179.exe	32
PID 2688 wrote to memory of 2420	2688	Unicorn-63817.exe	33
PID 2688 wrote to memory of 2420	2688	Unicorn-63817.exe	33
PID 2688 wrote to memory of 2420	2688	Unicorn-63817.exe	33
PID 2688 wrote to memory of 2420	2688	Unicorn-63817.exe	33
PID 3040 wrote to memory of 2836	3040	Unicorn-43443.exe	34
PID 3040 wrote to memory of 2836	3040	Unicorn-43443.exe	34
PID 3040 wrote to memory of 2836	3040	Unicorn-43443.exe	34
PID 3040 wrote to memory of 2836	3040	Unicorn-43443.exe	34
PID 2452 wrote to memory of 1872	2452	Unicorn-5940.exe	35
PID 2452 wrote to memory of 1872	2452	Unicorn-5940.exe	35
PID 2452 wrote to memory of 1872	2452	Unicorn-5940.exe	35
PID 2452 wrote to memory of 1872	2452	Unicorn-5940.exe	35
PID 2140 wrote to memory of 2712	2140	Unicorn-55094.exe	36
PID 2140 wrote to memory of 2712	2140	Unicorn-55094.exe	36
PID 2140 wrote to memory of 2712	2140	Unicorn-55094.exe	36
PID 2140 wrote to memory of 2712	2140	Unicorn-55094.exe	36
PID 2420 wrote to memory of 2320	2420	Unicorn-59225.exe	37
PID 2420 wrote to memory of 2320	2420	Unicorn-59225.exe	37
PID 2420 wrote to memory of 2320	2420	Unicorn-59225.exe	37
PID 2420 wrote to memory of 2320	2420	Unicorn-59225.exe	37
PID 2688 wrote to memory of 756	2688	Unicorn-63817.exe	38
PID 2688 wrote to memory of 756	2688	Unicorn-63817.exe	38
PID 2688 wrote to memory of 756	2688	Unicorn-63817.exe	38
PID 2688 wrote to memory of 756	2688	Unicorn-63817.exe	38
PID 2836 wrote to memory of 580	2836	Unicorn-27513.exe	39
PID 2836 wrote to memory of 580	2836	Unicorn-27513.exe	39
PID 2836 wrote to memory of 580	2836	Unicorn-27513.exe	39
PID 2836 wrote to memory of 580	2836	Unicorn-27513.exe	39
PID 3040 wrote to memory of 1176	3040	Unicorn-43443.exe	40
PID 3040 wrote to memory of 1176	3040	Unicorn-43443.exe	40
PID 3040 wrote to memory of 1176	3040	Unicorn-43443.exe	40
PID 3040 wrote to memory of 1176	3040	Unicorn-43443.exe	40
PID 1872 wrote to memory of 1676	1872	Unicorn-43849.exe	41
PID 1872 wrote to memory of 1676	1872	Unicorn-43849.exe	41
PID 1872 wrote to memory of 1676	1872	Unicorn-43849.exe	41
PID 1872 wrote to memory of 1676	1872	Unicorn-43849.exe	41
PID 2452 wrote to memory of 1712	2452	Unicorn-5940.exe	42
PID 2452 wrote to memory of 1712	2452	Unicorn-5940.exe	42
PID 2452 wrote to memory of 1712	2452	Unicorn-5940.exe	42
PID 2452 wrote to memory of 1712	2452	Unicorn-5940.exe	42
PID 2712 wrote to memory of 1352	2712	Unicorn-27766.exe	43
PID 2712 wrote to memory of 1352	2712	Unicorn-27766.exe	43
PID 2712 wrote to memory of 1352	2712	Unicorn-27766.exe	43
PID 2712 wrote to memory of 1352	2712	Unicorn-27766.exe	43

C:\Users\Admin\AppData\Local\Temp\b7304eae1aea621e8c083549deda1f53.exe
"C:\Users\Admin\AppData\Local\Temp\b7304eae1aea621e8c083549deda1f53.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        7⤵
        Executes dropped EXE
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
        8⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        7⤵
        Executes dropped EXE
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        8⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        6⤵
        Executes dropped EXE
        
        PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26548.exe
        7⤵
        Executes dropped EXE
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        8⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        6⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        7⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        6⤵
        Executes dropped EXE
        
        PID:472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        7⤵
        Executes dropped EXE
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        7⤵
        Executes dropped EXE
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        9⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 200
        10⤵
        Program crash
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        7⤵
        Executes dropped EXE
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        6⤵
        Executes dropped EXE
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        6⤵
        Executes dropped EXE
        
        PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        5⤵
        Executes dropped EXE
        
        PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
        6⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        8⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        5⤵
        Executes dropped EXE
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        8⤵
        
        PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        5⤵
        Executes dropped EXE
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        6⤵
        
        PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe

Filesize
184KB

MD5
4b3e4bc31e7e5f4a7993f8538e019afa

SHA1
137b6070270041a6b23ff4b73a2b228ac69fdd33

SHA256
a01fa9aaf4480cb36244b2b045b2f5c1b7e481a42be7058328b7002da580a83b

SHA512
661709979dfbdcc2da2d0b9bebc7f2da02ec6fbeb57375c89be597d52abecee8e1261a8f246dcf43e3708b180ccaade218547bc6c7c68a43b7a8386df4f5c41c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe

Filesize
184KB

MD5
8036fa448d5d9b54977a61b1e519c426

SHA1
732a2a25741faa8b356dc0cfbf615d7d9c7362fc

SHA256
06fb7354c313fbba08803cc1c8763d9926c1a580b51b3357d619ecb75e187ccf

SHA512
dfffbefe2a7dfa8b0686fdda1bf7154ff2c11cd4194b1753b8b98e461fc94b7512be9b3b82b8e007076e4836c54bcb53c75a334a10ebb7c8b81e70812351c4b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe

Filesize
184KB

MD5
528688e5fcc8c51c9d43e826444f9566

SHA1
96196692883702d163ad260462044f78ed71547d

SHA256
449fb4591cdb14370c603a1f50fc66d6d0d5674722658b013446f2d07f9314b1

SHA512
de0963e09aab401695873bee233718f04bd0052435280c5400fa6c3ff616c11eb7cdffdb5bbd681a81a413758d6149bf2169560fbce11644873a6600306ff693

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe

Filesize
184KB

MD5
87356706786eae5e2f8d6c2721da1e09

SHA1
cb2c06412772b656b2769b45205fcad9547ddbdf

SHA256
26a76d95536ebe49f93f44b36450091b118e666118935e2abf50b78eaee1435d

SHA512
8ee2a62c36b435127a9f0236aa26989ac83d221fdc532843fe498e86fb99b4f9f0906dee2949a95f2c4ddd740796717b1c3590844ec4b4c7afbd4ba6485f907f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe

Filesize
184KB

MD5
5a14b54b61e48b301fe2f2f76e279667

SHA1
6e098af8b6424788b643c9304259e60a75bf2a85

SHA256
185a38792bd21fe01e647cc577e80a7e3bc50b57ee67c093151688bde4facacd

SHA512
02adbf7f25e74bb08214c8596fe264738141cd775ba274c3c5b2075785b401866d911c1abfccf9f8cae8db9ff59591f7cf3d7fbecb4fdcdb5d96c39f6f30a4ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe

Filesize
184KB

MD5
a8d65002a543714802129d87a66aceb6

SHA1
1fd7b9833a83d7e74c59aea36d6ba412b07bee6a

SHA256
20add662173652d7f8c7600c61ca925c0c15c653dba21d5845479118d7ad5126

SHA512
1193c57b100581a6b54e9322df4d51cbd6c0a71d476e482a7b001ed6b4f91b323ded017af52377bc2e7ac065383a5be7d130fb8a60dc95421c7f2b58ed9bfd29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe

Filesize
184KB

MD5
c3494865f105064e14e69f33346f69d5

SHA1
6c741a34fb9a1149498b884ae894a78fa4553c42

SHA256
89e069e1afb4a8c8cf56b8307c5ad5315dfc0027fa5f7716048e076125f74007

SHA512
757a354e14d8f194156dd7291ff5bf17d7fe4e9d322e5dc92d7481618deee387399dc78fc3d835ca113962fb695735210fdd10670f5b3c5f9156a032e737498d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe

Filesize
184KB

MD5
1e1ddcdb09fcd52b4cee6cb66f490a30

SHA1
6d88ea266d5555c9d6667738a0f2eefa195c1aaf

SHA256
1ef7d4a74ec747ed46178e0053558b9c88f7d265ce83c7564db76e548ad2df89

SHA512
6921d50bc9976a2eaf88d3a34aa8cde953b3db57447634d9e84e76d23a9b48b7de6636da0be039fe0696d6ebb6dd647c4ac9c4e1536763cc01ac52b5a05d2861

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe

Filesize
184KB

MD5
d541af68f1bfd1ff5d9252e4469a1e59

SHA1
24467d7eae153ada3db854ccd2a5c47ced638b4d

SHA256
c67a54891344e3e95093fd103763064bcff9c47b523413b25f10de5e323d717b

SHA512
394e84caa5db4e5f005615c9b272bd7eae466ca7f6b58ba4edcf95c09a6d673dee2ce4589209cf38df7a9ed595a397c5712b8229e255196f9ce908e1df7088cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe

Filesize
184KB

MD5
346a79a0fe083050abad102c8b20c74a

SHA1
794f99d37df86379f32b124439166884713d39bc

SHA256
860cbabc20753cde76c4d22b8cdab61d1eeef8ecf3c45e6f9bb13f4ed031f5f3

SHA512
e8f069a2e5ad79ae97a4248f505061ccf4ef9bf2a6c0abe74ec275604104b989f349c72c4094112027f4b238da8ea6bc01c3c2df7130701dcafc3548053243ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe

Filesize
184KB

MD5
920f02ca7dee1f7d9eeba703ebb6acf4

SHA1
bee48e78f768fb5fe832b4bc355fc6412e08a0b6

SHA256
32234506338f87aff52aaf5cc7720cbfdab013b1b579a993a606bc928ee70226

SHA512
528dad402a6ad1d5c07cc06b8fdb63f7b92ae9cedbe91ceea43beabb9c5d61023df9ce93e4ca43517242ff06d56c9dd38cbca8ada1380d166d866a28e21fe8aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52676.exe

Filesize
184KB

MD5
f998ed4553241e496831ff12fde0bfe8

SHA1
7dcc2344dd487596ce4a4760397b3b593ed71e17

SHA256
0208c5464cd6d18811a72e504b191ebe6fce703eb73d0207a80e24d536db777d

SHA512
30a1db90768278b352f3c2f5c532060b34c4150b91645d642605133e02922137d352c7a7ae9d0e21fd9a7ca3733ffdac21576095dfad4a4029e8554e7ef8f9a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe

Filesize
184KB

MD5
b454e1a90a5fd84ef8e6859396ea0466

SHA1
42f8bfd19d3a587c42ff77ab856c2160f085217a

SHA256
9243cc1874a75a063f6920c151770db2b8d434b54c9f6ee65f50b9a46bd950df

SHA512
bb8f8bf6dcbc98b3b04b292b1ad547324044bd6846b75b420a37037f56c0687dc8ae760aae7b6b6329c8890ad390cf8fe3c4ccbc39494cc0727cf8b87bd3e510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe

Filesize
184KB

MD5
200c5aa025479169dc29a6694f849503

SHA1
5a3007403d1e1ca5c607dccb50f1becd8e4de564

SHA256
ba34821169db8f2ce5beb8404ff05f3a754036fefdf9746fad7a49bb839e6cc9

SHA512
060078b18375d58cc9986ba383e3d413645ccd6bb6f223b84ae494ab2e7b7642b83c2f2d700c158ea9ad9789abaf0d469a32e569033748c6a3d4f3e8d96db173

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe

Filesize
184KB

MD5
d18ba875865912ea3087bc95c7e6107c

SHA1
4fb867ecbfebeb30fd847eeccea1523878d20361

SHA256
b2ffb0780130c989362a034681236605f29a4e3ff91cc259d362471c7d2715b2

SHA512
221f0ef362d38a7afd10aa04983ec34c6b8025041d67ac8d2e8523e38b2cd0c2ee51dd185870f5684872986184fdd5690342286ff414ee783f0ca987d854142c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe

Filesize
184KB

MD5
a0b9b6afb8c9efe68d506db66c6c0bd8

SHA1
5ad4eb698da65cfdbe0b5536f248ab729cab002b

SHA256
47296d07f02239ce9ef6ed8f458d170edfbccdd4b9df0384cea9b1c17ebf64ba

SHA512
93dcbca6c3c0aab4a467c8977394f9a1d07aa35c2975cac53bf21cab98799880c947b0245ea47ead2ca2054b3619ef57cadf1430c62c228f19d2c9de3a347e33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe

Filesize
184KB

MD5
ba0f4f59a484a686095ca3a0190cc4f5

SHA1
dea79339b34d87f1265d02974b8c0367d3f442f1

SHA256
cea3309f856072d0ae2d69f012dda8da2522abe791bbec0433c0a0bd34444db2

SHA512
c1ae0f2b691f074128143a4152828ea8f2f2b9f7dcf7077eb97b27356c170c57d244f6b3f3d398695074ee67c6a8b2c9e229933d1496bfb1ddab789c23f01d7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe

Filesize
184KB

MD5
f4c6a59932c00b2201b8fb43e191e0d9

SHA1
0abe5e6d361e6d2135ee96d794c217d13a678448

SHA256
4d02a6143e49405c41b476312758d202f70025f15da541681dc76c55319081a8

SHA512
e67b04fff09a21274a4a0e38c9fcdf03dd8119b2fd0f06ba5e084ac214236528d43ef9e9486a19a542692e843c16b9c7b9287eccfa5fb8f4058b4d5a1334113f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads