5ebeba8674ec4f31675220df60a124a9238eed07a7cf718c747769b359ae83e5

Analysis

max time kernel
26s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b838ef40b2343e49960e47d3f074d59c.exe
Size

184KB
MD5

b838ef40b2343e49960e47d3f074d59c
SHA1

a486838de5b3968901a4e598bff041a40bb9a08a
SHA256

5ebeba8674ec4f31675220df60a124a9238eed07a7cf718c747769b359ae83e5
SHA512

ea7171ea8a605727721e97b261d1bf3238d32ff85e02703628812aa5dae12a31033bf4503d211803f9028b7b2a3a5825927266892b9acd6478945645f025335f
SSDEEP

3072:h10JomqHo8A8k5aV7TWSk8db3Bp6PIzhLoLx+jdGxhlPv2Fk:h1Coqd8k67iSk8n1HshlPv2F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 37 IoCs

pid	Process
2160	Unicorn-52721.exe
2548	Unicorn-46774.exe
2688	Unicorn-57635.exe
2652	Unicorn-671.exe
2556	Unicorn-23784.exe
2432	Unicorn-8839.exe
2972	Unicorn-23313.exe
1592	Unicorn-34173.exe
2640	Unicorn-27951.exe
2792	Unicorn-17091.exe
1564	Unicorn-27480.exe
876	Unicorn-65004.exe
1156	Unicorn-57391.exe
3068	Unicorn-53307.exe
2208	Unicorn-22026.exe
2244	Unicorn-31310.exe
796	Unicorn-21750.exe
584	Unicorn-21004.exe
1720	Unicorn-54423.exe
1596	Unicorn-35202.exe
2096	Unicorn-35202.exe
2992	Unicorn-52285.exe
408	Unicorn-49592.exe
916	Unicorn-29447.exe
2108	Unicorn-38169.exe
1600	Unicorn-10780.exe
996	Unicorn-17557.exe
2088	Unicorn-59981.exe
2184	Unicorn-50251.exe
320	Unicorn-50251.exe
1776	Unicorn-30385.exe
2924	Unicorn-15440.exe
2132	Unicorn-9026.exe
2800	Unicorn-9026.exe
2740	Unicorn-54698.exe
2628	Unicorn-56535.exe
2660	Unicorn-10863.exe

Loads dropped DLL 64 IoCs

pid	Process
2876	b838ef40b2343e49960e47d3f074d59c.exe
2876	b838ef40b2343e49960e47d3f074d59c.exe
2160	Unicorn-52721.exe
2160	Unicorn-52721.exe
2876	b838ef40b2343e49960e47d3f074d59c.exe
2876	b838ef40b2343e49960e47d3f074d59c.exe
2548	Unicorn-46774.exe
2548	Unicorn-46774.exe
2160	Unicorn-52721.exe
2160	Unicorn-52721.exe
2688	Unicorn-57635.exe
2688	Unicorn-57635.exe
2652	Unicorn-671.exe
2652	Unicorn-671.exe
2548	Unicorn-46774.exe
2548	Unicorn-46774.exe
2688	Unicorn-57635.exe
2688	Unicorn-57635.exe
2432	Unicorn-8839.exe
2432	Unicorn-8839.exe
2972	Unicorn-23313.exe
2972	Unicorn-23313.exe
2792	Unicorn-17091.exe
2792	Unicorn-17091.exe
2432	Unicorn-8839.exe
2432	Unicorn-8839.exe
2652	Unicorn-671.exe
2652	Unicorn-671.exe
2640	Unicorn-27951.exe
2640	Unicorn-27951.exe
1564	Unicorn-27480.exe
1564	Unicorn-27480.exe
2972	Unicorn-23313.exe
2972	Unicorn-23313.exe
876	Unicorn-65004.exe
876	Unicorn-65004.exe
2792	Unicorn-17091.exe
2792	Unicorn-17091.exe
2208	Unicorn-22026.exe
3068	Unicorn-53307.exe
3068	Unicorn-53307.exe
2208	Unicorn-22026.exe
2640	Unicorn-27951.exe
2640	Unicorn-27951.exe
1156	Unicorn-57391.exe
1156	Unicorn-57391.exe
2244	Unicorn-31310.exe
2244	Unicorn-31310.exe
1564	Unicorn-27480.exe
1564	Unicorn-27480.exe
584	Unicorn-21004.exe
584	Unicorn-21004.exe
876	Unicorn-65004.exe
876	Unicorn-65004.exe
796	Unicorn-21750.exe
796	Unicorn-21750.exe
1720	Unicorn-54423.exe
1596	Unicorn-35202.exe
1596	Unicorn-35202.exe
2208	Unicorn-22026.exe
1720	Unicorn-54423.exe
2208	Unicorn-22026.exe
2992	Unicorn-52285.exe
2992	Unicorn-52285.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
2876	b838ef40b2343e49960e47d3f074d59c.exe
2160	Unicorn-52721.exe
2548	Unicorn-46774.exe
2688	Unicorn-57635.exe
2652	Unicorn-671.exe
2556	Unicorn-23784.exe
2432	Unicorn-8839.exe
1592	Unicorn-34173.exe
2972	Unicorn-23313.exe
2640	Unicorn-27951.exe
2792	Unicorn-17091.exe
1564	Unicorn-27480.exe
876	Unicorn-65004.exe
2208	Unicorn-22026.exe
3068	Unicorn-53307.exe
1156	Unicorn-57391.exe
2244	Unicorn-31310.exe
796	Unicorn-21750.exe
584	Unicorn-21004.exe
1720	Unicorn-54423.exe
1596	Unicorn-35202.exe
2992	Unicorn-52285.exe
408	Unicorn-49592.exe
2096	Unicorn-35202.exe
916	Unicorn-29447.exe
2108	Unicorn-38169.exe
1600	Unicorn-10780.exe
2088	Unicorn-59981.exe
1776	Unicorn-30385.exe
2924	Unicorn-15440.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2160	2876	b838ef40b2343e49960e47d3f074d59c.exe	28
PID 2876 wrote to memory of 2160	2876	b838ef40b2343e49960e47d3f074d59c.exe	28
PID 2876 wrote to memory of 2160	2876	b838ef40b2343e49960e47d3f074d59c.exe	28
PID 2876 wrote to memory of 2160	2876	b838ef40b2343e49960e47d3f074d59c.exe	28
PID 2160 wrote to memory of 2548	2160	Unicorn-52721.exe	29
PID 2160 wrote to memory of 2548	2160	Unicorn-52721.exe	29
PID 2160 wrote to memory of 2548	2160	Unicorn-52721.exe	29
PID 2160 wrote to memory of 2548	2160	Unicorn-52721.exe	29
PID 2876 wrote to memory of 2688	2876	b838ef40b2343e49960e47d3f074d59c.exe	30
PID 2876 wrote to memory of 2688	2876	b838ef40b2343e49960e47d3f074d59c.exe	30
PID 2876 wrote to memory of 2688	2876	b838ef40b2343e49960e47d3f074d59c.exe	30
PID 2876 wrote to memory of 2688	2876	b838ef40b2343e49960e47d3f074d59c.exe	30
PID 2548 wrote to memory of 2652	2548	Unicorn-46774.exe	31
PID 2548 wrote to memory of 2652	2548	Unicorn-46774.exe	31
PID 2548 wrote to memory of 2652	2548	Unicorn-46774.exe	31
PID 2548 wrote to memory of 2652	2548	Unicorn-46774.exe	31
PID 2160 wrote to memory of 2556	2160	Unicorn-52721.exe	32
PID 2160 wrote to memory of 2556	2160	Unicorn-52721.exe	32
PID 2160 wrote to memory of 2556	2160	Unicorn-52721.exe	32
PID 2160 wrote to memory of 2556	2160	Unicorn-52721.exe	32
PID 2688 wrote to memory of 2432	2688	Unicorn-57635.exe	33
PID 2688 wrote to memory of 2432	2688	Unicorn-57635.exe	33
PID 2688 wrote to memory of 2432	2688	Unicorn-57635.exe	33
PID 2688 wrote to memory of 2432	2688	Unicorn-57635.exe	33
PID 2652 wrote to memory of 2972	2652	Unicorn-671.exe	34
PID 2652 wrote to memory of 2972	2652	Unicorn-671.exe	34
PID 2652 wrote to memory of 2972	2652	Unicorn-671.exe	34
PID 2652 wrote to memory of 2972	2652	Unicorn-671.exe	34
PID 2548 wrote to memory of 1592	2548	Unicorn-46774.exe	35
PID 2548 wrote to memory of 1592	2548	Unicorn-46774.exe	35
PID 2548 wrote to memory of 1592	2548	Unicorn-46774.exe	35
PID 2548 wrote to memory of 1592	2548	Unicorn-46774.exe	35
PID 2688 wrote to memory of 2640	2688	Unicorn-57635.exe	36
PID 2688 wrote to memory of 2640	2688	Unicorn-57635.exe	36
PID 2688 wrote to memory of 2640	2688	Unicorn-57635.exe	36
PID 2688 wrote to memory of 2640	2688	Unicorn-57635.exe	36
PID 2432 wrote to memory of 2792	2432	Unicorn-8839.exe	37
PID 2432 wrote to memory of 2792	2432	Unicorn-8839.exe	37
PID 2432 wrote to memory of 2792	2432	Unicorn-8839.exe	37
PID 2432 wrote to memory of 2792	2432	Unicorn-8839.exe	37
PID 2972 wrote to memory of 1564	2972	Unicorn-23313.exe	38
PID 2972 wrote to memory of 1564	2972	Unicorn-23313.exe	38
PID 2972 wrote to memory of 1564	2972	Unicorn-23313.exe	38
PID 2972 wrote to memory of 1564	2972	Unicorn-23313.exe	38
PID 2792 wrote to memory of 876	2792	Unicorn-17091.exe	39
PID 2792 wrote to memory of 876	2792	Unicorn-17091.exe	39
PID 2792 wrote to memory of 876	2792	Unicorn-17091.exe	39
PID 2792 wrote to memory of 876	2792	Unicorn-17091.exe	39
PID 2432 wrote to memory of 1156	2432	Unicorn-8839.exe	40
PID 2432 wrote to memory of 1156	2432	Unicorn-8839.exe	40
PID 2432 wrote to memory of 1156	2432	Unicorn-8839.exe	40
PID 2432 wrote to memory of 1156	2432	Unicorn-8839.exe	40
PID 2652 wrote to memory of 3068	2652	Unicorn-671.exe	41
PID 2652 wrote to memory of 3068	2652	Unicorn-671.exe	41
PID 2652 wrote to memory of 3068	2652	Unicorn-671.exe	41
PID 2652 wrote to memory of 3068	2652	Unicorn-671.exe	41
PID 2640 wrote to memory of 2208	2640	Unicorn-27951.exe	42
PID 2640 wrote to memory of 2208	2640	Unicorn-27951.exe	42
PID 2640 wrote to memory of 2208	2640	Unicorn-27951.exe	42
PID 2640 wrote to memory of 2208	2640	Unicorn-27951.exe	42
PID 1564 wrote to memory of 2244	1564	Unicorn-27480.exe	43
PID 1564 wrote to memory of 2244	1564	Unicorn-27480.exe	43
PID 1564 wrote to memory of 2244	1564	Unicorn-27480.exe	43
PID 1564 wrote to memory of 2244	1564	Unicorn-27480.exe	43

C:\Users\Admin\AppData\Local\Temp\b838ef40b2343e49960e47d3f074d59c.exe
"C:\Users\Admin\AppData\Local\Temp\b838ef40b2343e49960e47d3f074d59c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        9⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        11⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
        8⤵
        Executes dropped EXE
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
        10⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        8⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
        11⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9026.exe
        7⤵
        Executes dropped EXE
        
        PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
        11⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        13⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        14⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        6⤵
        Executes dropped EXE
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        6⤵
        Executes dropped EXE
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        8⤵
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9026.exe
        6⤵
        Executes dropped EXE
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        5⤵
        Executes dropped EXE
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        9⤵
        
        PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        6⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        8⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe

Filesize
184KB

MD5
990c27eceed59db14da0fe05f0bb7b64

SHA1
1f5afb1734db10795232e6b1840e8c0de00e94c8

SHA256
dcc4cee46982a87dbdba67a8c3b459280dab9863dd45ad549cf01dc00c70bb3d

SHA512
14107ae714a6cfc6b49e99057e6e6e02373e83ebb000492f82542eaad2af12632b64af0decf5669fb68f47e425af473f4063af6922eab7b957e6a951b342aeaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe

Filesize
184KB

MD5
fb733daa873849e166218dd62bd7a236

SHA1
c9e36b107321c7f47a99083406f9aec4c0bbd73b

SHA256
4a27c8f09c08c9c77c0586f76bbac2b57e4070a151282676bdc3625ed0d2de3d

SHA512
2c4b5c71cfc7cdff7964b26ee7ec52269492cbf3f483b1014498cdd4b818c9ca5a32b9f1166f237dd49ed687895c025f6e82f6489d27dd4ccc186a4c7fa0a5b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe

Filesize
184KB

MD5
7254d6bc7778f18261372f8c80e8b7cd

SHA1
f17376cf7311f382d5805f170c03e483938606c1

SHA256
c54ff27718b020e446360170bf33396c7a9674afcb21f5ae0a0330d004756454

SHA512
6416504fa210bf1e151ae4e1b10965b82044372b61531fea9cbda624c1a042452e9535eff76ce343862593824e9843bdc09e312aca8ca0d08d855e401b7df068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe

Filesize
184KB

MD5
4b40fbab83c281fb335bb12907ca6f9e

SHA1
8fb6eda1e3294043abdc20495ac850cc2db30f7c

SHA256
018dd4156e5479c72708edc73c8225f6e017b7acdfb3bcba3dcd32d961f6237b

SHA512
13777734ff25555e39cbc64cc411045e19aad010875d908768a26d21cbd592c0e73416d4443fb3da612b4595d47142828d7951c9f0825c7d2afffdc4b30dce98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe

Filesize
184KB

MD5
4c91d1c7916baf85348651f7c31f85db

SHA1
c1fd302e9998f88d4aad7489c4327751dd563f04

SHA256
d8f48f643651a3153ec1a442f48f85272e5f317cb30b400dfda0ea4537a18fff

SHA512
0762df0e12b09f681b3b70d28751e58a335f9ee7b8c242bfc6e7e533a471473df0babee91310dd0fd51a73018cd8b366e5c03853c479670d00a15ae1acd7063f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe

Filesize
184KB

MD5
c158929c38e92757162c96edcd45ef58

SHA1
ce0039e043ef61234b9ca047a4ebd2941f5f9ff5

SHA256
8dc72f41d139148865cc90c108b130aa62517115d61de17ebec78dcd29b8c827

SHA512
771ceb1323fed9a97069db4bd18205c0139f22d7ee02a799204efa532e2af85e6c129f68692d50c2f48bbe82714338ddfadcaa2bdaa9885ce3943be027ddba78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe

Filesize
184KB

MD5
d0b960c92d8ab8b6ec37eccfa42315d4

SHA1
be1e59286320800e0a65b29a0779efdcae0a8ac8

SHA256
cd8903e4ac39b0d4dd5d41b627f8b872347f3d51bb385614597b8b55bf38f825

SHA512
3148c286fd11bc58b87b672676a94c62a788060ac690760b4bf47d630cfedc06bec027de1bd0cbd248d3b465561ebcc6c7374d86c1c886b8c947c21e8ce81d68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe

Filesize
184KB

MD5
c9db552a391f3aa9731855f499b771ee

SHA1
d00a7777e6b924d8da30ab02b1a0dddb2ca84e4f

SHA256
05c9d060986d8a881e80f5b31cfea723f29631932feb29c0a070b128aa8898b7

SHA512
eade3f53844b3500bf1fc2b0ee1a1e51e383a5f32bd44a1da065a0bff27971cab71e993051335aa711bd36ca61b43f78154b90fc28f65b3328cde1ba673e8718

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe

Filesize
184KB

MD5
cfd95831e3d49865b73e45dc189dd6e6

SHA1
cbd0144cf4e38dfcd7b24047db0cc74ed7918a05

SHA256
525450565e8dae1a7d4a6932ed7131f111fc4e5b7cc3ea461141a7c14342a524

SHA512
3b6f35b2701b91a659101e589d63293335e430f2a31f32e5974ce8cbcd56575aad8423a8545cf38bb9e703d7f4ae024e60fc09e27d268f08c8ea294d35bbf938

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe

Filesize
184KB

MD5
cb5be140976de74d362f605f08658608

SHA1
6c5f264dc3098d65a5abf92e77640ebcacf01617

SHA256
6b62a90d5002a12bd967308ea9b45fd06544444374c1de5d54eb9a94eb4ab59d

SHA512
d57acdbf6b903dac38085e6d620aca5be98e8e4476a11def6f9157ff92663ca5d43a06910085842a3e6c33a2454b6c57685d79b255675d825ef4b16e8eadbbb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe

Filesize
184KB

MD5
aba75bf2e4fd38aeda560934006dd55a

SHA1
ed3e6c9ce7d5fe886b5419f9c144f12d07cc512a

SHA256
d61b2bb8b117a87675f48d11e769bfc294a7a83954dca0101b36f82d63f79429

SHA512
b35bba0e50cc35698852e6ef8c71a5509b1d7eccbdeb9c17d778c24c499350ec19f74ae3376576a57c26920da88837b1c5f07b83b0b99950b6bbf78d74a0d01b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe

Filesize
184KB

MD5
f0f98b2812f72e91a974ec1eb12bfc06

SHA1
295c579db93dd4072c20dcc5c750b1689e58423c

SHA256
af6dc936fbc5a57f9c761f296d3672f8a94327d5d0d8fd1fed1e0e4798e99282

SHA512
2f50dab3387242cd3667e59aafcbff33355b1f4fb15667547c763bdfccb039bc950ac8a9ff94b1a8d8b38e7cb8e84b3d783aed4c86fd12d4ee3c76ae781d9a3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe

Filesize
184KB

MD5
54d80ab762caa8005092ae26e82746c0

SHA1
a3cc687cb837517e0d6d06ef18a187c6ec2d2f1f

SHA256
eaafe7cef14c5fa162e07897bacc65e9a1806860192afae504dea8bf95780a5e

SHA512
c5968ece8e3d74c8f1cafe4e7e919a7d027e3e6d7c24c230cba5b07a6e073889ac6fa421a666c3be2d756ed4dd2bfed54e21908194ac8522374f57cc8fe685ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe

Filesize
184KB

MD5
494e68427a611daab5d6a5ebb971a6c1

SHA1
1187253dba6bae8af1f8539c89feeeef14953f33

SHA256
fa6992f4116b6d84102aedbc8ccdeb95d813615b9398af7aea915089f868936c

SHA512
7dd31bb1895054cf6648330f9f61362a905cbfce3b5c8413d9feff232d02891287d8c520d93b49524463d778d574a1df78fc8a5e9a367a69f30b9a5a78f91c86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe

Filesize
184KB

MD5
c3c25e07921e24a5bf778a9b9e5a3f04

SHA1
5452a371995f00ffc128de32fd1499bfd68c5a27

SHA256
693dee5143dc7856ee4a003889242af96eb05df4d3e77d73e46b5be53c830074

SHA512
051fb849710a6c0119317f38b254e64c7fb322b35cdeb450e90077f776445c06e8e2577d198968afda2bfea3f1da0cefb2ad6fa4adaf7714ca2280c671e25877

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe

Filesize
184KB

MD5
72f42499e9cf7ac7fbf911ea53957fcc

SHA1
92ab94698288a33a9ac74f9518e1cd7f5a7c7470

SHA256
6f8d51fd0b068dbfb1962658ef7b2e81648158c609190f9b244b38b40eae718c

SHA512
121fadaf34155156deb2ef664b966be5e743bbdf35642a092f49ec7a1795be82748c87b421e7ee1312fd72c9c889708982dfb1401d0c59cf3229850b0455a884

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe

Filesize
184KB

MD5
2aefca33be03925a0623b51df9580580

SHA1
c08332edb4e40c9e9bff86bc437ab9a452b00a2e

SHA256
2d7b57d6995e5e6e028a08b4e1e9744cb6dc4624340bd84b8daa39ab0a297dcb

SHA512
259dc4096280cb9468d11e008770a718c8358fc27666193a4ad85054da7fdbb46321cc5cc683cd8d344de5f88a027c32341f4dcfb8dff70c6a4f73f1132774e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-671.exe

Filesize
184KB

MD5
bbf8229a43f2bf6e17e2b74b65282c9b

SHA1
a02500ed1e515828adf469a758b7edf2523723e3

SHA256
ed87fd44ea85605be354e168bb4f561286b59f86b6dbcaf58b35caf20cf5c0fb

SHA512
6497010d3fa757033574c99e5ab6d9bedd24c632fc429b2cc12f20abb556231cfbbf3e55a403c7e45ab8112a14670b26b28749e78b69cd046e276cadb68a712e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads