8375d98fb4ff0d343d5cd92abca38f0a314530c21c59d434064e691095748980

Analysis

max time kernel
49s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be9e94b3ff8035b529c4188e98e85138.exe
Size

184KB
MD5

be9e94b3ff8035b529c4188e98e85138
SHA1

786ce528790a34ab3fd930b4e045a48ad004618c
SHA256

8375d98fb4ff0d343d5cd92abca38f0a314530c21c59d434064e691095748980
SHA512

353d461f166e9de9c25a0a6148bf848c5c7544477cedf417e7f5278f53a2aa993c47c2feb2d74ecd05dee34486b3dd7564509d3923c03596fb0408de2592764a
SSDEEP

3072:wRIqom0H38Ask5aw/TOS28AbpBp6gKYh5hLx+ld9M+lPvpFK:wR9oDdskH/qS28/IkK+lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 42 IoCs

pid	Process
2504	Unicorn-58408.exe
2624	Unicorn-25025.exe
2896	Unicorn-45808.exe
2436	Unicorn-28891.exe
2576	Unicorn-20723.exe
3052	Unicorn-29637.exe
764	Unicorn-899.exe
880	Unicorn-29850.exe
948	Unicorn-29296.exe
2836	Unicorn-54547.exe
2452	Unicorn-12959.exe
2680	Unicorn-41906.exe
1480	Unicorn-30016.exe
2792	Unicorn-45606.exe
1840	Unicorn-46950.exe
1340	Unicorn-63649.exe
1228	Unicorn-17978.exe
1344	Unicorn-55481.exe
1980	Unicorn-9809.exe
1792	Unicorn-61387.exe
2328	Unicorn-53582.exe
1608	Unicorn-32607.exe
1152	Unicorn-58455.exe
2204	Unicorn-34313.exe
1060	Unicorn-25015.exe
1976	Unicorn-510.exe
1648	Unicorn-51610.exe
1008	Unicorn-51055.exe
3020	Unicorn-26167.exe
1012	Unicorn-6301.exe
2352	Unicorn-54947.exe
2228	Unicorn-40042.exe
2208	Unicorn-3115.exe
2560	Unicorn-16328.exe
1560	Unicorn-16328.exe
1684	Unicorn-61999.exe
2932	Unicorn-16328.exe
2628	Unicorn-61999.exe
2052	Unicorn-31355.exe
2608	Unicorn-18527.exe
2444	Unicorn-38393.exe
816	Unicorn-44958.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	be9e94b3ff8035b529c4188e98e85138.exe
3036	be9e94b3ff8035b529c4188e98e85138.exe
2504	Unicorn-58408.exe
2504	Unicorn-58408.exe
3036	be9e94b3ff8035b529c4188e98e85138.exe
3036	be9e94b3ff8035b529c4188e98e85138.exe
2624	Unicorn-25025.exe
2896	Unicorn-45808.exe
2624	Unicorn-25025.exe
2896	Unicorn-45808.exe
2504	Unicorn-58408.exe
2504	Unicorn-58408.exe
2576	Unicorn-20723.exe
2576	Unicorn-20723.exe
2896	Unicorn-45808.exe
2896	Unicorn-45808.exe
2436	Unicorn-28891.exe
2436	Unicorn-28891.exe
2624	Unicorn-25025.exe
2624	Unicorn-25025.exe
3052	Unicorn-29637.exe
3052	Unicorn-29637.exe
764	Unicorn-899.exe
764	Unicorn-899.exe
2576	Unicorn-20723.exe
2576	Unicorn-20723.exe
2836	Unicorn-54547.exe
2836	Unicorn-54547.exe
948	Unicorn-29296.exe
948	Unicorn-29296.exe
2452	Unicorn-12959.exe
2436	Unicorn-28891.exe
2452	Unicorn-12959.exe
2436	Unicorn-28891.exe
3052	Unicorn-29637.exe
3052	Unicorn-29637.exe
880	Unicorn-29850.exe
880	Unicorn-29850.exe
2680	Unicorn-41906.exe
2680	Unicorn-41906.exe
764	Unicorn-899.exe
764	Unicorn-899.exe
1480	Unicorn-30016.exe
1480	Unicorn-30016.exe
2792	Unicorn-45606.exe
2792	Unicorn-45606.exe
2836	Unicorn-54547.exe
2836	Unicorn-54547.exe
1840	Unicorn-46950.exe
1840	Unicorn-46950.exe
1340	Unicorn-63649.exe
1340	Unicorn-63649.exe
948	Unicorn-29296.exe
948	Unicorn-29296.exe
1980	Unicorn-9809.exe
1980	Unicorn-9809.exe
880	Unicorn-29850.exe
880	Unicorn-29850.exe
1344	Unicorn-55481.exe
1344	Unicorn-55481.exe
1228	Unicorn-17978.exe
1228	Unicorn-17978.exe
2452	Unicorn-12959.exe
2452	Unicorn-12959.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2612	2204	WerFault.exe	51
2264	1060	WerFault.exe	52
2868	936	WerFault.exe	82
1336	292	WerFault.exe	79

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
3036	be9e94b3ff8035b529c4188e98e85138.exe
2504	Unicorn-58408.exe
2896	Unicorn-45808.exe
2624	Unicorn-25025.exe
2576	Unicorn-20723.exe
2436	Unicorn-28891.exe
3052	Unicorn-29637.exe
764	Unicorn-899.exe
948	Unicorn-29296.exe
880	Unicorn-29850.exe
2836	Unicorn-54547.exe
2452	Unicorn-12959.exe
2680	Unicorn-41906.exe
1480	Unicorn-30016.exe
2792	Unicorn-45606.exe
1840	Unicorn-46950.exe
1340	Unicorn-63649.exe
1344	Unicorn-55481.exe
1228	Unicorn-17978.exe
1980	Unicorn-9809.exe
1792	Unicorn-61387.exe
2328	Unicorn-53582.exe
1608	Unicorn-32607.exe
1152	Unicorn-58455.exe
2204	Unicorn-34313.exe
1060	Unicorn-25015.exe
1976	Unicorn-510.exe
1648	Unicorn-51610.exe
1012	Unicorn-6301.exe
3020	Unicorn-26167.exe
1560	Unicorn-16328.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2504	3036	be9e94b3ff8035b529c4188e98e85138.exe	28
PID 3036 wrote to memory of 2504	3036	be9e94b3ff8035b529c4188e98e85138.exe	28
PID 3036 wrote to memory of 2504	3036	be9e94b3ff8035b529c4188e98e85138.exe	28
PID 3036 wrote to memory of 2504	3036	be9e94b3ff8035b529c4188e98e85138.exe	28
PID 2504 wrote to memory of 2624	2504	Unicorn-58408.exe	29
PID 2504 wrote to memory of 2624	2504	Unicorn-58408.exe	29
PID 2504 wrote to memory of 2624	2504	Unicorn-58408.exe	29
PID 2504 wrote to memory of 2624	2504	Unicorn-58408.exe	29
PID 3036 wrote to memory of 2896	3036	be9e94b3ff8035b529c4188e98e85138.exe	30
PID 3036 wrote to memory of 2896	3036	be9e94b3ff8035b529c4188e98e85138.exe	30
PID 3036 wrote to memory of 2896	3036	be9e94b3ff8035b529c4188e98e85138.exe	30
PID 3036 wrote to memory of 2896	3036	be9e94b3ff8035b529c4188e98e85138.exe	30
PID 2624 wrote to memory of 2436	2624	Unicorn-25025.exe	31
PID 2624 wrote to memory of 2436	2624	Unicorn-25025.exe	31
PID 2624 wrote to memory of 2436	2624	Unicorn-25025.exe	31
PID 2624 wrote to memory of 2436	2624	Unicorn-25025.exe	31
PID 2896 wrote to memory of 2576	2896	Unicorn-45808.exe	32
PID 2896 wrote to memory of 2576	2896	Unicorn-45808.exe	32
PID 2896 wrote to memory of 2576	2896	Unicorn-45808.exe	32
PID 2896 wrote to memory of 2576	2896	Unicorn-45808.exe	32
PID 2504 wrote to memory of 3052	2504	Unicorn-58408.exe	33
PID 2504 wrote to memory of 3052	2504	Unicorn-58408.exe	33
PID 2504 wrote to memory of 3052	2504	Unicorn-58408.exe	33
PID 2504 wrote to memory of 3052	2504	Unicorn-58408.exe	33
PID 2576 wrote to memory of 764	2576	Unicorn-20723.exe	34
PID 2576 wrote to memory of 764	2576	Unicorn-20723.exe	34
PID 2576 wrote to memory of 764	2576	Unicorn-20723.exe	34
PID 2576 wrote to memory of 764	2576	Unicorn-20723.exe	34
PID 2896 wrote to memory of 880	2896	Unicorn-45808.exe	35
PID 2896 wrote to memory of 880	2896	Unicorn-45808.exe	35
PID 2896 wrote to memory of 880	2896	Unicorn-45808.exe	35
PID 2896 wrote to memory of 880	2896	Unicorn-45808.exe	35
PID 2436 wrote to memory of 948	2436	Unicorn-28891.exe	36
PID 2436 wrote to memory of 948	2436	Unicorn-28891.exe	36
PID 2436 wrote to memory of 948	2436	Unicorn-28891.exe	36
PID 2436 wrote to memory of 948	2436	Unicorn-28891.exe	36
PID 2624 wrote to memory of 2836	2624	Unicorn-25025.exe	37
PID 2624 wrote to memory of 2836	2624	Unicorn-25025.exe	37
PID 2624 wrote to memory of 2836	2624	Unicorn-25025.exe	37
PID 2624 wrote to memory of 2836	2624	Unicorn-25025.exe	37
PID 3052 wrote to memory of 2452	3052	Unicorn-29637.exe	38
PID 3052 wrote to memory of 2452	3052	Unicorn-29637.exe	38
PID 3052 wrote to memory of 2452	3052	Unicorn-29637.exe	38
PID 3052 wrote to memory of 2452	3052	Unicorn-29637.exe	38
PID 764 wrote to memory of 2680	764	Unicorn-899.exe	39
PID 764 wrote to memory of 2680	764	Unicorn-899.exe	39
PID 764 wrote to memory of 2680	764	Unicorn-899.exe	39
PID 764 wrote to memory of 2680	764	Unicorn-899.exe	39
PID 2576 wrote to memory of 1480	2576	Unicorn-20723.exe	40
PID 2576 wrote to memory of 1480	2576	Unicorn-20723.exe	40
PID 2576 wrote to memory of 1480	2576	Unicorn-20723.exe	40
PID 2576 wrote to memory of 1480	2576	Unicorn-20723.exe	40
PID 2836 wrote to memory of 2792	2836	Unicorn-54547.exe	41
PID 2836 wrote to memory of 2792	2836	Unicorn-54547.exe	41
PID 2836 wrote to memory of 2792	2836	Unicorn-54547.exe	41
PID 2836 wrote to memory of 2792	2836	Unicorn-54547.exe	41
PID 948 wrote to memory of 1840	948	Unicorn-29296.exe	42
PID 948 wrote to memory of 1840	948	Unicorn-29296.exe	42
PID 948 wrote to memory of 1840	948	Unicorn-29296.exe	42
PID 948 wrote to memory of 1840	948	Unicorn-29296.exe	42
PID 2452 wrote to memory of 1228	2452	Unicorn-12959.exe	43
PID 2452 wrote to memory of 1228	2452	Unicorn-12959.exe	43
PID 2452 wrote to memory of 1228	2452	Unicorn-12959.exe	43
PID 2452 wrote to memory of 1228	2452	Unicorn-12959.exe	43

C:\Users\Admin\AppData\Local\Temp\be9e94b3ff8035b529c4188e98e85138.exe
"C:\Users\Admin\AppData\Local\Temp\be9e94b3ff8035b529c4188e98e85138.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        8⤵
        Executes dropped EXE
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        9⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        8⤵
        Program crash
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        7⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
        9⤵
        
        PID:292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 188
        10⤵
        Program crash
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        8⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        7⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        8⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        6⤵
        Executes dropped EXE
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        6⤵
        Program crash
        
        PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
        6⤵
        Executes dropped EXE
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        8⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        5⤵
        Executes dropped EXE
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        6⤵
        
        PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        7⤵
        Executes dropped EXE
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        8⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        6⤵
        Executes dropped EXE
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
        7⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        6⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        7⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
        8⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        5⤵
        Executes dropped EXE
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        6⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        7⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        8⤵
        Program crash
        
        PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51055.exe
        5⤵
        Executes dropped EXE
        
        PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
        5⤵
        Executes dropped EXE
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        6⤵
        
        PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe

Filesize
184KB

MD5
eae9e00a3512572d00ba8ebb4cd53f4f

SHA1
acc64d3a7c7372a381e219c7a31333e91ec4f026

SHA256
a463e187bd97ec204eac1e4dd4e1dd10d6b5e1d0470f82a276701c7961c146f9

SHA512
dc8150c2859df1b5804b9602d2f67f9d8ed0000951c822ff88f194a6b9bfd50655a209cfe5ca6bab77cd2fce7ca99e95e082696777abe2048d2a54c7b89a7447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe

Filesize
184KB

MD5
3af49cb88c6ac39dd5ed4491504b6366

SHA1
601ea1f282db32762ce2e14513b7494a9e5381fb

SHA256
0fd13e86510d4d93617998c68990688e17534c771b2f2f8c043fcf2bbbcc3969

SHA512
01657fa6ef121569ff7dc2ff46c160a4d42e71cb4b0c645f95ea94072986a52eb426df4c3eae10d541be685219c77665a25ed8f0a4e5f2c55924b498af25eef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe

Filesize
184KB

MD5
27ec610f05424c7b4c3ee6f95d7e78e6

SHA1
7408fdb9252dcdc46ce7afc6fdf4f753af478df1

SHA256
18640c8f971ca9ec152802101e66e773e791a20f60a2862bf513a1100bf8fbc5

SHA512
2b68fec99bfef58699b26e350e9bf0af9784fa673aeb0a41be2005dc0aca489e2855245096957028062478a36445e045851873f0ff7d5a1b7dfffdd549808d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe

Filesize
184KB

MD5
47aeebac6f9493e38b3a44aa4afd44a0

SHA1
44624de9ce5e7bea6f95766f3a3b03d0dca7f36b

SHA256
ab63e2a4c5d273e89c03d92465b570ec6cd5d6018936ac1816374cb59411219e

SHA512
16b0db163eb110405cf6aba1b5fe373e233c26b44ccf4186de7df73418a2eb5071402041d0553bcbc47bae69fd43b8268ec7db1f8c7a47d6bd67b382a214e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe

Filesize
184KB

MD5
8b0c4b932481d4f396128250698b9a60

SHA1
01d5648ad8ab29f9cbbf921bd83c077ec4f7f758

SHA256
4b68610798c44e31da89eac61052a4ff79645d4413d7b1eab5b7396876c9046c

SHA512
c4d399895b92b5fb6a4734b9508136b719f25ea9af26270939e3df4e5cbdc53521c64ed15de72531eb6950c8ae0a2cb88f82a65454c619b794afdf6ce791c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe

Filesize
51KB

MD5
ee97933d2a44e4d550a57718dd66c572

SHA1
537b321bea148270cd8366271dcc6ea2551fdb3b

SHA256
cc89398dfde16d095f98202b64748559644e071e22aa2b542a8761ee38b5c34f

SHA512
fd397c83af86c7cf579d0d52e8e23b321846ec5a963b71f60f0dae4dfd653fe623b8e9f7984cc25459b9e0dbd53c30853db2d0c01613b7e9e56f9095a6efb4b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe

Filesize
184KB

MD5
61be7b8b688be806da4547763f6d54fb

SHA1
013ce53befc1738ab542d3100caa1d75b3dc33df

SHA256
9f6a2adb467b9dc63f97d35c6a1f5f2053e1515e4112bb24285a9d2ff699b11f

SHA512
28cc89213ddc54ec6a3037e7070a5150cc52961f27f6e023092e878715021aac5d6b65fd3ff51c7b6a09bf4d9a0a927c73e377d1f89b2f7efb04f34780e3c07a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe

Filesize
184KB

MD5
8c6384582cc4a172cde215986fd2c44b

SHA1
94e9f6f98b9e8fa0fcc33f6e1852a1aea2dc323e

SHA256
faad1f2dbf5d11dd8c6fed6a8c243b069c7f02976e93d77834b57b4a90f451e8

SHA512
acbaf61f68ba912b15be96bf748aba917b3e1497d0042f818bfc4687c8ca56fc41455d84f690f0c4aaa0a8f541de6fcbac3c77676eee26d1aa4c3db3e27ca3bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe

Filesize
184KB

MD5
a323a4e6ced76b8f404177e7b6c7f536

SHA1
fbcd6e29a8aae54d0952b5090d981d22f26cd883

SHA256
e98e67dc270294117cfe7f4a8bf3501e04c14ccd7dd7e5adc326697a81deafd9

SHA512
4ecf2ba159667b4f0ee15b567799470ddf6cacf85dd4e147aae3ad663e5867d3c90f3660f11334bc6230c4cbc93b81bc9a35268dece6bf29d3ce941537f9e82e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe

Filesize
184KB

MD5
f630bbcecc9a7d7a77455a2f8720b5ce

SHA1
f7bde6e5becff0c8d30bb26c334f1611e1ad2c47

SHA256
da0a74d157669c3d99a3e487d94501cd465367f910ebeb0243f8d1145a58f406

SHA512
f0ba14c9db919574bc8b2214cca3117d564412a7f4c401a90616d1f224781bc0a9169850227114fcad26b61f213bd6f02e646edc2a56a78bc3d9933c93aa9c6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe

Filesize
184KB

MD5
85f2c3f7e0d0b69a2b4ccf0cbb22b791

SHA1
4043c159afc7c2213608e64700d96a1ddaa82bdb

SHA256
08e199fd380061242238633610788a88a275e40fbe2ffde0cdfc1b30af4d7af3

SHA512
9374bb8d1c4f96076099eb8c7ec2a8e1f304d9097589e711e07ef6e0dd0ab6ee1c3feb572ba150091390188d0702c748c752da74019d73797011968af1e1f7c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe

Filesize
184KB

MD5
9686c1760e973be6f73123adc811e1b8

SHA1
341f44c68abadd59d9c97f9ed01b149c7b46d0a3

SHA256
7a45d730e09014bca42b4d8192ae17eac3262c7804480b2b1be536914f5d4597

SHA512
e48295e58e1520e5c5b8b6e0601c67ccd3af1cff82badfca109ee7349272c17f626d5bbbf37e3b2730a0571783f69a441b1c8f1950a6cb56e7a4821fe1e4415a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe

Filesize
184KB

MD5
749c72fc4cb405739d4662c3dd761dcf

SHA1
fa12b91974460e9e4f60c9d8dd17681704fffee2

SHA256
e4d456bcc33620cb9680bc5759f3c9f13c51137a7cc9dad666606fe49a283bab

SHA512
327454965c5b2b9091fd1cb8d6a9ad67391337cdf519773e54d900b2d1fc0d4f4f6b3353943db229a767baebeabecdfba3ddbab10d8f3993c34c87cbd7299c20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe

Filesize
184KB

MD5
4f6e64aae78e9b40b6c9515beddcbbd1

SHA1
e3493c95c74690cee3244978d8e52ef77ffaf1ba

SHA256
1e5bb88747277d285dea0f19a0e8f05050b0bb80e3050f989ebc15f99b25c77b

SHA512
94677c3b238ed9a9d6f175dc9a451cca480f8ec43561cb29f510326ac13021df71a15a7826cfb5c5c65b988c42c012f9a2585fde191ff1a29f5889e99b716334

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe

Filesize
184KB

MD5
8d3ba55e8b817f878a7aa8140688b59d

SHA1
5c48e7049e5115c248e45867132e728b55b2c0cf

SHA256
936e6558fb622292727747449c9d632701ecee3913eb3f61038426d2128cdb2f

SHA512
91b32dab7bb47b9039a988c762ea9ce2403dfd001b1b6eb6e1724f7666256a9f3f8f0e2f3512d428c320731eaff2ccb786016233ff3086c3034ed8902cb83090

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe

Filesize
184KB

MD5
6837f89e6c644fd983f82fcce487dc4b

SHA1
a80e6b840abf33dc9f653ef89c7d2c0478faeb84

SHA256
4624b3ae33d5d571b57772320d5b76cb980f25081e054d2ddca8e7188500786f

SHA512
74f3dc6ab93c8ced2f47b9c3a8f06a4b360f79f310ec1972d23e7487724c49c990d3f37bf6c2bbcba9ab31282bbce5e251981ac7e9f2bef5f009a39b049b1b4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe

Filesize
184KB

MD5
b5d5a28c2227c5fb1652f81989b5eab0

SHA1
1228bae338c82732116838491cb6e296a62eda1d

SHA256
8ebd8e54dcb0288e579faae02385c5ee6a6233ca99b684a9ac521de6f4f4f2fb

SHA512
79a1c533950b8ae02048e4b884fbfad4cc3c38e641abc986cd2cdf8e6d48420e971aa52dffd446ae1e76d344e968669f38b84eaf0c458e29108c9044f4e09708

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe

Filesize
184KB

MD5
25af4f3ec7e5a5793e59ecd3edf8f48e

SHA1
5b202013bdcf10df15df7b8a86816a954e5022ca

SHA256
ffc14e4926921d1a18c14f191e41b9c2e2e9bed92a75381969151a88af08fa8c

SHA512
0f759f09816ada79764045e25108f7713a5fef1efcff4221392248f38898a05607773f4f3f8cf27b0c17edc4e7fc72fe4d2c57174acfa2b0db78ac1456b4bec8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe

Filesize
184KB

MD5
8f7ce3a0ec2767b41c982c983a36dbe2

SHA1
1a20088e64bd68b6e8a8847bf5cbe89e1bb0abca

SHA256
88de5433994423bafa5b673a50172e172b6b70d76cb914dd98ce63eb162bf08c

SHA512
b0a0aa7b8ca668efaf66165747159f049ee178b425f9906f240bf908c3a5a6ee495eed6fe87d9bc26131aacb55415ef4b6aa1cee2aeba4f2338a065608a6e9ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-899.exe

Filesize
184KB

MD5
e98d26c8b37c595882acaf9915997a3d

SHA1
773c3de28f65651ea5b059840ec36d52fc3e8b4e

SHA256
bfd1eeef88c074457902f44853fc5145927825336f5488c8ff07f6ccb243adc9

SHA512
54eae9bc651391c4ca0c565a7f421d66bbd1b4bb69e2aea8d1fccf5c226835d591d8faf9b7a50698ebf40fb1e0250f2b73f59cac91b78425925aa20fdcf38b13

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads