2a634e2d1b455ad6e77ba526cbaa674ae8ca9ed5bbd8f561dab8fbcf0a5fff80

Analysis

max time kernel
28s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 12:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bb3a509870e68e7def8cbb135c1c1a20.exe
Size

184KB
MD5

bb3a509870e68e7def8cbb135c1c1a20
SHA1

3f5c1ebf7c6e4400706954b525572e8fa3cb4411
SHA256

2a634e2d1b455ad6e77ba526cbaa674ae8ca9ed5bbd8f561dab8fbcf0a5fff80
SHA512

cf61e9ad56a780fd941ae1796a261b5ce8109c4d1d4cf447af20c78705ec86537751c871f0a82a5da28bc70d9ade88c36ee4b5d61b3c07b2f006b1361fa3ab2d
SSDEEP

3072:+PdHoVUDVWAC4eP0HaLOJPcZClJJMP0klwQrxKVL84ClP6pFy:+PhoI7C4jHvJPc6EUzClP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 61 IoCs

pid	Process
2692	Unicorn-15803.exe
3048	Unicorn-11692.exe
2688	Unicorn-16331.exe
2512	Unicorn-6705.exe
2556	Unicorn-23042.exe
2648	Unicorn-60545.exe
2392	Unicorn-11386.exe
2432	Unicorn-62211.exe
2336	Unicorn-39783.exe
2180	Unicorn-24001.exe
2652	Unicorn-28600.exe
2228	Unicorn-27505.exe
908	Unicorn-60369.exe
1740	Unicorn-64453.exe
1400	Unicorn-48480.exe
1556	Unicorn-23975.exe
1544	Unicorn-43841.exe
1016	Unicorn-60177.exe
1020	Unicorn-30650.exe
1656	Unicorn-43648.exe
836	Unicorn-19742.exe
1820	Unicorn-3960.exe
1356	Unicorn-52414.exe
1332	Unicorn-28403.exe
2284	Unicorn-48823.exe
1992	Unicorn-24873.exe
2836	Unicorn-16151.exe
1660	Unicorn-61822.exe
1948	Unicorn-16151.exe
2808	Unicorn-53654.exe
2452	Unicorn-39451.exe
2468	Unicorn-24738.exe
2560	Unicorn-23115.exe
2764	Unicorn-49051.exe
2448	Unicorn-19908.exe
2672	Unicorn-40328.exe
2616	Unicorn-3187.exe
2544	Unicorn-44775.exe
2408	Unicorn-53540.exe
2376	Unicorn-37758.exe
2792	Unicorn-49456.exe
2348	Unicorn-9170.exe
2676	Unicorn-20676.exe
1860	Unicorn-57432.exe
2552	Unicorn-62263.exe
2328	Unicorn-28844.exe
1284	Unicorn-37012.exe
1720	Unicorn-8978.exe
1980	Unicorn-2668.exe
1648	Unicorn-43872.exe
1920	Unicorn-4339.exe
676	Unicorn-4339.exe
1528	Unicorn-20121.exe
860	Unicorn-20121.exe
1580	Unicorn-24759.exe
2172	Unicorn-24205.exe
576	Unicorn-24205.exe
1484	Unicorn-24205.exe
636	Unicorn-36457.exe
2712	Unicorn-48709.exe
2556	Unicorn-56856.exe

Loads dropped DLL 64 IoCs

pid	Process
2764	bb3a509870e68e7def8cbb135c1c1a20.exe
2764	bb3a509870e68e7def8cbb135c1c1a20.exe
2692	Unicorn-15803.exe
2764	bb3a509870e68e7def8cbb135c1c1a20.exe
2692	Unicorn-15803.exe
2764	bb3a509870e68e7def8cbb135c1c1a20.exe
2688	Unicorn-16331.exe
2688	Unicorn-16331.exe
3048	Unicorn-11692.exe
3048	Unicorn-11692.exe
2692	Unicorn-15803.exe
2692	Unicorn-15803.exe
2512	Unicorn-6705.exe
2688	Unicorn-16331.exe
2512	Unicorn-6705.exe
2688	Unicorn-16331.exe
2556	Unicorn-23042.exe
2556	Unicorn-23042.exe
3048	Unicorn-11692.exe
3048	Unicorn-11692.exe
2648	Unicorn-60545.exe
2648	Unicorn-60545.exe
2432	Unicorn-62211.exe
2432	Unicorn-62211.exe
2336	Unicorn-39783.exe
2336	Unicorn-39783.exe
2392	Unicorn-11386.exe
2392	Unicorn-11386.exe
2556	Unicorn-23042.exe
2556	Unicorn-23042.exe
2648	Unicorn-60545.exe
2648	Unicorn-60545.exe
2652	Unicorn-28600.exe
2652	Unicorn-28600.exe
2180	Unicorn-24001.exe
2180	Unicorn-24001.exe
2228	Unicorn-27505.exe
2228	Unicorn-27505.exe
2432	Unicorn-62211.exe
2432	Unicorn-62211.exe
908	Unicorn-60369.exe
2336	Unicorn-39783.exe
908	Unicorn-60369.exe
2336	Unicorn-39783.exe
1400	Unicorn-48480.exe
1400	Unicorn-48480.exe
1556	Unicorn-23975.exe
1740	Unicorn-64453.exe
1556	Unicorn-23975.exe
1740	Unicorn-64453.exe
2392	Unicorn-11386.exe
2392	Unicorn-11386.exe
1016	Unicorn-60177.exe
1016	Unicorn-60177.exe
1544	Unicorn-43841.exe
2652	Unicorn-28600.exe
1544	Unicorn-43841.exe
2652	Unicorn-28600.exe
2180	Unicorn-24001.exe
2180	Unicorn-24001.exe
1020	Unicorn-30650.exe
1020	Unicorn-30650.exe
2228	Unicorn-27505.exe
2228	Unicorn-27505.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2764	bb3a509870e68e7def8cbb135c1c1a20.exe
2692	Unicorn-15803.exe
2688	Unicorn-16331.exe
3048	Unicorn-11692.exe
2512	Unicorn-6705.exe
2556	Unicorn-23042.exe
2648	Unicorn-60545.exe
2392	Unicorn-11386.exe
2432	Unicorn-62211.exe
2336	Unicorn-39783.exe
2180	Unicorn-24001.exe
2652	Unicorn-28600.exe
2228	Unicorn-27505.exe
908	Unicorn-60369.exe
1400	Unicorn-48480.exe
1740	Unicorn-64453.exe
1556	Unicorn-23975.exe
1544	Unicorn-43841.exe
1016	Unicorn-60177.exe
1020	Unicorn-30650.exe
836	Unicorn-19742.exe
1656	Unicorn-43648.exe
1820	Unicorn-3960.exe
1356	Unicorn-52414.exe
1332	Unicorn-28403.exe
2284	Unicorn-48823.exe
1992	Unicorn-24873.exe
1660	Unicorn-61822.exe
2836	Unicorn-16151.exe
1948	Unicorn-16151.exe
2468	Unicorn-24738.exe
2452	Unicorn-39451.exe
2560	Unicorn-23115.exe
2764	Unicorn-49051.exe
2448	Unicorn-19908.exe
2616	Unicorn-3187.exe
2672	Unicorn-40328.exe
2544	Unicorn-44775.exe
2376	Unicorn-37758.exe
2348	Unicorn-9170.exe
2408	Unicorn-53540.exe
2792	Unicorn-49456.exe
1860	Unicorn-57432.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2692	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	28
PID 2764 wrote to memory of 2692	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	28
PID 2764 wrote to memory of 2692	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	28
PID 2764 wrote to memory of 2692	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	28
PID 2692 wrote to memory of 3048	2692	Unicorn-15803.exe	29
PID 2692 wrote to memory of 3048	2692	Unicorn-15803.exe	29
PID 2692 wrote to memory of 3048	2692	Unicorn-15803.exe	29
PID 2692 wrote to memory of 3048	2692	Unicorn-15803.exe	29
PID 2764 wrote to memory of 2688	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	30
PID 2764 wrote to memory of 2688	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	30
PID 2764 wrote to memory of 2688	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	30
PID 2764 wrote to memory of 2688	2764	bb3a509870e68e7def8cbb135c1c1a20.exe	30
PID 2688 wrote to memory of 2512	2688	Unicorn-16331.exe	31
PID 2688 wrote to memory of 2512	2688	Unicorn-16331.exe	31
PID 2688 wrote to memory of 2512	2688	Unicorn-16331.exe	31
PID 2688 wrote to memory of 2512	2688	Unicorn-16331.exe	31
PID 3048 wrote to memory of 2556	3048	Unicorn-11692.exe	32
PID 3048 wrote to memory of 2556	3048	Unicorn-11692.exe	32
PID 3048 wrote to memory of 2556	3048	Unicorn-11692.exe	32
PID 3048 wrote to memory of 2556	3048	Unicorn-11692.exe	32
PID 2692 wrote to memory of 2648	2692	Unicorn-15803.exe	33
PID 2692 wrote to memory of 2648	2692	Unicorn-15803.exe	33
PID 2692 wrote to memory of 2648	2692	Unicorn-15803.exe	33
PID 2692 wrote to memory of 2648	2692	Unicorn-15803.exe	33
PID 2512 wrote to memory of 2392	2512	Unicorn-6705.exe	34
PID 2512 wrote to memory of 2392	2512	Unicorn-6705.exe	34
PID 2512 wrote to memory of 2392	2512	Unicorn-6705.exe	34
PID 2512 wrote to memory of 2392	2512	Unicorn-6705.exe	34
PID 2688 wrote to memory of 2432	2688	Unicorn-16331.exe	35
PID 2688 wrote to memory of 2432	2688	Unicorn-16331.exe	35
PID 2688 wrote to memory of 2432	2688	Unicorn-16331.exe	35
PID 2688 wrote to memory of 2432	2688	Unicorn-16331.exe	35
PID 2556 wrote to memory of 2336	2556	Unicorn-23042.exe	36
PID 2556 wrote to memory of 2336	2556	Unicorn-23042.exe	36
PID 2556 wrote to memory of 2336	2556	Unicorn-23042.exe	36
PID 2556 wrote to memory of 2336	2556	Unicorn-23042.exe	36
PID 3048 wrote to memory of 2180	3048	Unicorn-11692.exe	37
PID 3048 wrote to memory of 2180	3048	Unicorn-11692.exe	37
PID 3048 wrote to memory of 2180	3048	Unicorn-11692.exe	37
PID 3048 wrote to memory of 2180	3048	Unicorn-11692.exe	37
PID 2648 wrote to memory of 2652	2648	Unicorn-60545.exe	38
PID 2648 wrote to memory of 2652	2648	Unicorn-60545.exe	38
PID 2648 wrote to memory of 2652	2648	Unicorn-60545.exe	38
PID 2648 wrote to memory of 2652	2648	Unicorn-60545.exe	38
PID 2432 wrote to memory of 2228	2432	Unicorn-62211.exe	39
PID 2432 wrote to memory of 2228	2432	Unicorn-62211.exe	39
PID 2432 wrote to memory of 2228	2432	Unicorn-62211.exe	39
PID 2432 wrote to memory of 2228	2432	Unicorn-62211.exe	39
PID 2336 wrote to memory of 908	2336	Unicorn-39783.exe	40
PID 2336 wrote to memory of 908	2336	Unicorn-39783.exe	40
PID 2336 wrote to memory of 908	2336	Unicorn-39783.exe	40
PID 2336 wrote to memory of 908	2336	Unicorn-39783.exe	40
PID 2392 wrote to memory of 1740	2392	Unicorn-11386.exe	41
PID 2392 wrote to memory of 1740	2392	Unicorn-11386.exe	41
PID 2392 wrote to memory of 1740	2392	Unicorn-11386.exe	41
PID 2392 wrote to memory of 1740	2392	Unicorn-11386.exe	41
PID 2556 wrote to memory of 1400	2556	Unicorn-23042.exe	42
PID 2556 wrote to memory of 1400	2556	Unicorn-23042.exe	42
PID 2556 wrote to memory of 1400	2556	Unicorn-23042.exe	42
PID 2556 wrote to memory of 1400	2556	Unicorn-23042.exe	42
PID 2648 wrote to memory of 1556	2648	Unicorn-60545.exe	43
PID 2648 wrote to memory of 1556	2648	Unicorn-60545.exe	43
PID 2648 wrote to memory of 1556	2648	Unicorn-60545.exe	43
PID 2648 wrote to memory of 1556	2648	Unicorn-60545.exe	43

C:\Users\Admin\AppData\Local\Temp\bb3a509870e68e7def8cbb135c1c1a20.exe
"C:\Users\Admin\AppData\Local\Temp\bb3a509870e68e7def8cbb135c1c1a20.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        9⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        8⤵
        Executes dropped EXE
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        8⤵
        Executes dropped EXE
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        9⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        8⤵
        Executes dropped EXE
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        7⤵
        Executes dropped EXE
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24205.exe
        8⤵
        Executes dropped EXE
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4339.exe
        7⤵
        Executes dropped EXE
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        7⤵
        Executes dropped EXE
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        7⤵
        Executes dropped EXE
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        6⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        8⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        5⤵
        Executes dropped EXE
        
        PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        7⤵
        Executes dropped EXE
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        6⤵
        Executes dropped EXE
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        7⤵
        
        PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        8⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        6⤵
        
        PID:1832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        9⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        10⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
        6⤵
        Executes dropped EXE
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        8⤵
        
        PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2668.exe
        7⤵
        Executes dropped EXE
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        9⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        6⤵
        Executes dropped EXE
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        Executes dropped EXE
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        9⤵
        
        PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
        6⤵
        Executes dropped EXE
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        8⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        5⤵
        Executes dropped EXE
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        6⤵
        
        PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe

Filesize
184KB

MD5
34f853a76f3c45a09d3c002169827e43

SHA1
610ec6b06d88e1766e0e9c1289af1d4cab26f13f

SHA256
e9bff0700f11346ee9afa17cc913d266ff93bc111183a693aca49dfee28a89cb

SHA512
6bce946a1d02c3f3a29431c858ed3688c96bf17e5d0e5cfeaa9c136fb68bf6ccf8b2401edb5668959797cd2fd81b6829c8385538c6f9ed311b24c6435168a09b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe

Filesize
184KB

MD5
3086ccb590bcdf12bdbfcd185c74ed53

SHA1
a29a54d3a45c6d092b9f1fd54a9e0bdef924b556

SHA256
250813b1dd43ae640b0df1714dd811567d48ecf984b46e0cb853ce46b1a1a8f7

SHA512
3c3db81ca0b6b257d9d20cfe5256f4bcd26079e7fa80515277d66010d527b9d709efd76b078884bed2b201c46be9ee8f65e2fcb7e459bbbd26cdf40e3ae8974e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe

Filesize
184KB

MD5
fd28d7f918edac0927871031426ffdb1

SHA1
70b7080e715b82f0f90cf3966defd45d0b1099e3

SHA256
33f381f19253a92ee65be81e962b730a676503a3a454e1d825735253f90f886f

SHA512
95afb374700620da5c42a0fa99570e1f31bffeb1dc699a8c26f3829a6e6a6d8999385b8ae4200e913894bc701e7d42f484e8f4e647531e984c59b940373dae56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe

Filesize
184KB

MD5
931156865db392325a0fce87fc8f9a45

SHA1
c8a8d557ed12a27f68eca7dfe313a17de2effc24

SHA256
532f3170993dafb66410d8dbc36a7282a2698b5dbca54ae50711bdba8cfac18e

SHA512
40cefe604b13c44ede4881abf76adbca8174c4b29282c4abf37d23e40360ff11845a4e9663c8b0811e3ec4fe87fa0cbc9176f997db85b8f22eb4e5ba05aa17b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe

Filesize
184KB

MD5
f94f59c4da8954255aa3cc1329e680b5

SHA1
ea3b60040f08d8ac8b951444f9c31d58c7fc803a

SHA256
e0f13e87008b0af838bc00034036a08f8d028fd91d01a9e4499bde56cc801e29

SHA512
9ea86214a6d2d91db3a34f7b8525a8452828cefb56e6c8fe04be8f16caa91660e27796f40d1f8ce0081d2421f5cc70c72e893a841bd8895ee5388f5e51a09130

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe

Filesize
184KB

MD5
d05391d43754ff1902e9ecfa5e7f1170

SHA1
3c523c61c4dfc49b756c273d36f1198d5256794a

SHA256
a82f00de99d7c139a4e4e0cebc43a69100d0009e8becaf317d6e15115fe5a53d

SHA512
f6e525a84875624e661d4c81e6983094a5bb58cac1792bc468cf27f5960c451996582cb3a64c8409382e95454d99cf0978432d22f7898d60d43650d9ffd976d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe

Filesize
184KB

MD5
a5e9bde94321a4d416605c7444531371

SHA1
c9c1df296ad6b6426daea53780c97a21c9ad1bc3

SHA256
8655b166c15a6d8e22f1c1c60de9ff24fc3204048785f9375ec34b037f80603e

SHA512
75188e18d181f41bdc1b19e7e24223159c5dcbbb7a0c5410671254035b6783c0a9480f7a1efd0cc05d1b97f73d1ae4db8fac5d9431e96d1e73fc199f194d4402

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe

Filesize
184KB

MD5
bfb0f6f54e1db526552fb044636bc714

SHA1
14de35c0701bde4c3e4302b9142420542eb49ca0

SHA256
e4ee7b9e83c9150585963be824a872725a086d8dfe777b35ae84db71250fcd8c

SHA512
3a29aebc0ed2d7a711c9b1c48b66044ca41d017c354eb651e0af54c7a06e5503c8bfb267aca46594833eaefe3e0cc5292bfd56e9185af058ab5f98ae4d1f3587

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe

Filesize
184KB

MD5
525d6be5cb66c87b00fcf6bbb3489998

SHA1
42cb86e111c0be477a4eaff66f96a25039ca1727

SHA256
df1b4097768947a97a691b3b2d902b414105e52ed3f52a9d774fee493a041a35

SHA512
a74e16c52c37e77db478cc131b10c9de84d81719c192b4f78b10cc4be5813139e7d911e8cc6df91180df03eeae7335b59f8b9a03237c45dce9d681442bf41cce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe

Filesize
184KB

MD5
475adcabc439f2e5603694416db16dfd

SHA1
b3ae6bcbc261edf8ba46d64f3a6f5785a06e9b6c

SHA256
de2640bbe34a735eaa5cc552b942230a926b0515b819c790bdfb44e7b2c1028d

SHA512
2458d0854b912185a9fe5913e0243a48d384e384068595aafd464887f10dc552733569e02c10b39ac35305512439a35ba0c5a6aff43ea646b928bede89577274

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe

Filesize
184KB

MD5
7e621cec909e1a7c53ed654b305893b7

SHA1
777f0ebd048da98d0a9bc25d75dbb7c0d9c04274

SHA256
e012e72c16f3529a2e63e4a51abc4301d0d8785e2d30dbf9d401e9eb09c62180

SHA512
4b6118c3115873ee872596fb53bda9796599446f2550cd63ee289ba89cd70ca3654b12ea29d9c78304ed9411052b9a57442627043d3859437931d7b1abfd799b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe

Filesize
184KB

MD5
863b3584247fe4a22a2a0b7b65213184

SHA1
e9f539cd981d9c65f750b16a2dce026a859a042e

SHA256
a13a88023c922cf2d55e543cd9009a818bf63ff00eb6b51e2872befe3253059a

SHA512
acf68fda330f2f308d47851d8f5b6d15388cd34981bb0e15d08e924ed453db8bc027076fb530dae1462e290da5d4280ee3511b50fba9515acbd87b02937d8a06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe

Filesize
184KB

MD5
81c9683cecd52299186fc61bf1f4a461

SHA1
51270272777db404b705f60a8a2cf0d71230d19a

SHA256
4727cc7bcc43eb74ee3ca8e6d4bc65f4d5e5591709236cbd0a18ab52b0ebe5bd

SHA512
486c916efc833710e7a5e0ce86b496fc1938ab7b037434195df831141b45a6a8a24be7f87bc2cd3bb8fa9b166c5819d564403a07196e3bb3a0a8d3966771394d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe

Filesize
184KB

MD5
417059b163a738182e72f8aa4211757f

SHA1
f32f1cb46cb47794ee5c69f1feebc279a20e5ca4

SHA256
66c3b4832e8d0e4d88f0ea4e80ad6bad6e0902d659cb7bb199daf6c55a79ea77

SHA512
e3fbe0be7532c16cd82094f440a70b7dfc7fced0d1bae2a062e782e74a1a94c3705e326115a452660516984122243e865871c9e812c34857ccc81f814bc75b22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe

Filesize
184KB

MD5
51b725b4892f33deed140e67f46e3a90

SHA1
fecede010077e909859be5730a7f198463b32a88

SHA256
2c13a961f4a8957b8bd85f22d51867f1283e73a8f8b30f5d73773d301f760d7d

SHA512
a154a82aedd3d6e9d1f597881a20afb0e36b5c9235b8a67daa7487f279a7919aa08f42a293fa4f166a818a5b9cfcfeb91c512958b241ea1530212eeb75a2ecef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe

Filesize
184KB

MD5
b66a70a08e29eefe76576db0474d7c72

SHA1
89769f3403f627df5c32fa247bee919f2befce24

SHA256
0838c2e13316cc801ee76052b7369651c90d22b1199c73258baf9ddcc820cfda

SHA512
dc69c0f1e4b0ddbf4b7fe4855cdad29bdcf4dcf6a79a083a82f27d120b15b8fad5aa8c0e90a18b5528fc48bbcdc1910913e07bde1e99268723b4ae8d66933016

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe

Filesize
184KB

MD5
3c4fc37173162e6e4c9e94e4619cf6f2

SHA1
36ff763fd40857dbb56f46338b98d21d8755f7ea

SHA256
decadd5c3dc025b7e7fd31c0042ec47ccaef3cebda36b6eb058cf67c97ea6be5

SHA512
99a1dbc2fd8e6db9499413bafbf705406fa8d97bcd4a7c49103b82e07141cb4f2f9e3af17bc26e6b368e4f51ff26a9416f4369dd47487b59dc640fa751dd2998

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe

Filesize
184KB

MD5
b82f2724bd98c4214294a1089122cc56

SHA1
2aac655bccab55bf3cd9d54c2f7c13ddc8948fd0

SHA256
32d5abd99acb741723f7d30209ef40dbcfb9b55a152b0347db4d37f8797f2392

SHA512
766a4ad4692cdbbc4ac1f2850251afa3181d245e8bafad46ab812d71aa05db37fc9a41da0ba2ec738bbd9c0297fafdb405f11c1c6a516f8ebb075f363a8f8a00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads