c2daad6e65c6f5b17ca6dbbe9ab6f4c1958526106ce39e2b551a5910e278cea5

Analysis

max time kernel
128s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 11:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c5bee411d5baecd331e27502bbe1d9c5.exe
Size

184KB
MD5

c5bee411d5baecd331e27502bbe1d9c5
SHA1

5f067347ca2c3bbda5340854a159798ebbe39deb
SHA256

c2daad6e65c6f5b17ca6dbbe9ab6f4c1958526106ce39e2b551a5910e278cea5
SHA512

7b923b238d297b860aeb952249decb180062a5dc41497be241e25895dd1c9b2c22b057bc31b6a684c6b1570b6157a9b79915429adb3f77ee743d15128b7d9a4f
SSDEEP

3072:oKlHomLyo3w/oRj1q3Q+MJSLGwXMztfz60xv/EpnNlvvpFG:oKJoWg/ovqg+MJx1lmNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1136	Unicorn-9408.exe
3044	Unicorn-301.exe
1988	Unicorn-41888.exe
2476	Unicorn-41177.exe
2724	Unicorn-56959.exe
2968	Unicorn-47888.exe
2800	Unicorn-48765.exe
2804	Unicorn-20731.exe
2036	Unicorn-60270.exe
672	Unicorn-28152.exe
1452	Unicorn-35766.exe
1580	Unicorn-7540.exe
2932	Unicorn-23322.exe
2304	Unicorn-63643.exe
1932	Unicorn-19081.exe
2120	Unicorn-18527.exe
1828	Unicorn-51199.exe
1092	Unicorn-44375.exe
452	Unicorn-4089.exe
2408	Unicorn-23955.exe
1916	Unicorn-53098.exe
1332	Unicorn-1287.exe
1788	Unicorn-34706.exe
944	Unicorn-42320.exe
2936	Unicorn-17624.exe
620	Unicorn-51043.exe
1716	Unicorn-43628.exe
1512	Unicorn-23016.exe
2524	Unicorn-7426.exe
1600	Unicorn-57504.exe
3048	Unicorn-44313.exe
2156	Unicorn-41189.exe
2272	Unicorn-33767.exe
1924	Unicorn-11256.exe
2572	Unicorn-10052.exe
2464	Unicorn-48433.exe
2556	Unicorn-2761.exe
2720	Unicorn-7784.exe
1100	Unicorn-9258.exe
2552	Unicorn-27650.exe
856	Unicorn-6881.exe
2908	Unicorn-47977.exe
696	Unicorn-18920.exe
1748	Unicorn-61270.exe
968	Unicorn-62547.exe
1316	Unicorn-50025.exe
2052	Unicorn-15812.exe
980	Unicorn-51473.exe
1608	Unicorn-62075.exe
2112	Unicorn-65064.exe
2336	Unicorn-38329.exe
2108	Unicorn-5137.exe
2040	Unicorn-37810.exe
2000	Unicorn-58230.exe
2212	Unicorn-25366.exe
1784	Unicorn-30327.exe
588	Unicorn-62122.exe
1988	Unicorn-54831.exe
1984	Unicorn-41510.exe
1512	Unicorn-50747.exe
1632	Unicorn-17883.exe
1996	Unicorn-51302.exe
1320	Unicorn-63780.exe
1492	Unicorn-63780.exe

Loads dropped DLL 64 IoCs

pid	Process
2240	c5bee411d5baecd331e27502bbe1d9c5.exe
2240	c5bee411d5baecd331e27502bbe1d9c5.exe
1136	Unicorn-9408.exe
1136	Unicorn-9408.exe
2240	c5bee411d5baecd331e27502bbe1d9c5.exe
2240	c5bee411d5baecd331e27502bbe1d9c5.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe
1136	Unicorn-9408.exe
1136	Unicorn-9408.exe
1988	Unicorn-41888.exe
1988	Unicorn-41888.exe
2588	WerFault.exe
2476	Unicorn-41177.exe
2476	Unicorn-41177.exe
2724	Unicorn-56959.exe
2724	Unicorn-56959.exe
1988	Unicorn-41888.exe
1988	Unicorn-41888.exe
2968	Unicorn-47888.exe
2968	Unicorn-47888.exe
2476	Unicorn-41177.exe
2476	Unicorn-41177.exe
2800	Unicorn-48765.exe
2800	Unicorn-48765.exe
2724	Unicorn-56959.exe
2724	Unicorn-56959.exe
2804	Unicorn-20731.exe
2804	Unicorn-20731.exe
2036	Unicorn-60270.exe
2036	Unicorn-60270.exe
2968	Unicorn-47888.exe
2968	Unicorn-47888.exe
672	Unicorn-28152.exe
672	Unicorn-28152.exe
2932	Unicorn-23322.exe
2932	Unicorn-23322.exe
1580	Unicorn-7540.exe
1580	Unicorn-7540.exe
2804	Unicorn-20731.exe
2804	Unicorn-20731.exe
1452	Unicorn-35766.exe
1452	Unicorn-35766.exe
2800	Unicorn-48765.exe
2800	Unicorn-48765.exe
2304	Unicorn-63643.exe
2304	Unicorn-63643.exe
2036	Unicorn-60270.exe
2036	Unicorn-60270.exe
1932	Unicorn-19081.exe
1932	Unicorn-19081.exe
2120	Unicorn-18527.exe
2120	Unicorn-18527.exe
672	Unicorn-28152.exe
672	Unicorn-28152.exe
1828	Unicorn-51199.exe
1828	Unicorn-51199.exe
1092	Unicorn-44375.exe
1092	Unicorn-44375.exe
2932	Unicorn-23322.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2588	3044	WerFault.exe	29
2500	1788	WerFault.exe	51
2208	2572	WerFault.exe	63
2560	2112	WerFault.exe	81

Suspicious use of SetWindowsHookEx 62 IoCs

pid	Process
2240	c5bee411d5baecd331e27502bbe1d9c5.exe
1136	Unicorn-9408.exe
3044	Unicorn-301.exe
1988	Unicorn-41888.exe
2476	Unicorn-41177.exe
2724	Unicorn-56959.exe
2968	Unicorn-47888.exe
2800	Unicorn-48765.exe
2804	Unicorn-20731.exe
2036	Unicorn-60270.exe
672	Unicorn-28152.exe
2932	Unicorn-23322.exe
1452	Unicorn-35766.exe
1580	Unicorn-7540.exe
2304	Unicorn-63643.exe
1932	Unicorn-19081.exe
2120	Unicorn-18527.exe
1828	Unicorn-51199.exe
1092	Unicorn-44375.exe
2408	Unicorn-23955.exe
452	Unicorn-4089.exe
1916	Unicorn-53098.exe
1788	Unicorn-34706.exe
1332	Unicorn-1287.exe
944	Unicorn-42320.exe
1716	Unicorn-43628.exe
1512	Unicorn-23016.exe
2272	Unicorn-33767.exe
3048	Unicorn-44313.exe
2156	Unicorn-41189.exe
2524	Unicorn-7426.exe
620	Unicorn-51043.exe
1924	Unicorn-11256.exe
1600	Unicorn-57504.exe
2572	Unicorn-10052.exe
2556	Unicorn-2761.exe
856	Unicorn-6881.exe
2720	Unicorn-7784.exe
2464	Unicorn-48433.exe
2552	Unicorn-27650.exe
1100	Unicorn-9258.exe
2908	Unicorn-47977.exe
696	Unicorn-18920.exe
1748	Unicorn-61270.exe
968	Unicorn-62547.exe
2052	Unicorn-15812.exe
980	Unicorn-51473.exe
1316	Unicorn-50025.exe
1608	Unicorn-62075.exe
2936	Unicorn-17624.exe
2112	Unicorn-65064.exe
2336	Unicorn-38329.exe
2108	Unicorn-5137.exe
2040	Unicorn-37810.exe
2000	Unicorn-58230.exe
1784	Unicorn-30327.exe
2212	Unicorn-25366.exe
1512	Unicorn-50747.exe
588	Unicorn-62122.exe
1996	Unicorn-51302.exe
1988	Unicorn-54831.exe
1984	Unicorn-41510.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1136	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	28
PID 2240 wrote to memory of 1136	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	28
PID 2240 wrote to memory of 1136	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	28
PID 2240 wrote to memory of 1136	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	28
PID 1136 wrote to memory of 3044	1136	Unicorn-9408.exe	29
PID 1136 wrote to memory of 3044	1136	Unicorn-9408.exe	29
PID 1136 wrote to memory of 3044	1136	Unicorn-9408.exe	29
PID 1136 wrote to memory of 3044	1136	Unicorn-9408.exe	29
PID 2240 wrote to memory of 1988	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	30
PID 2240 wrote to memory of 1988	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	30
PID 2240 wrote to memory of 1988	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	30
PID 2240 wrote to memory of 1988	2240	c5bee411d5baecd331e27502bbe1d9c5.exe	30
PID 3044 wrote to memory of 2588	3044	Unicorn-301.exe	31
PID 3044 wrote to memory of 2588	3044	Unicorn-301.exe	31
PID 3044 wrote to memory of 2588	3044	Unicorn-301.exe	31
PID 3044 wrote to memory of 2588	3044	Unicorn-301.exe	31
PID 1136 wrote to memory of 2476	1136	Unicorn-9408.exe	32
PID 1136 wrote to memory of 2476	1136	Unicorn-9408.exe	32
PID 1136 wrote to memory of 2476	1136	Unicorn-9408.exe	32
PID 1136 wrote to memory of 2476	1136	Unicorn-9408.exe	32
PID 1988 wrote to memory of 2724	1988	Unicorn-41888.exe	33
PID 1988 wrote to memory of 2724	1988	Unicorn-41888.exe	33
PID 1988 wrote to memory of 2724	1988	Unicorn-41888.exe	33
PID 1988 wrote to memory of 2724	1988	Unicorn-41888.exe	33
PID 2476 wrote to memory of 2968	2476	Unicorn-41177.exe	34
PID 2476 wrote to memory of 2968	2476	Unicorn-41177.exe	34
PID 2476 wrote to memory of 2968	2476	Unicorn-41177.exe	34
PID 2476 wrote to memory of 2968	2476	Unicorn-41177.exe	34
PID 2724 wrote to memory of 2800	2724	Unicorn-56959.exe	35
PID 2724 wrote to memory of 2800	2724	Unicorn-56959.exe	35
PID 2724 wrote to memory of 2800	2724	Unicorn-56959.exe	35
PID 2724 wrote to memory of 2800	2724	Unicorn-56959.exe	35
PID 1988 wrote to memory of 2804	1988	Unicorn-41888.exe	36
PID 1988 wrote to memory of 2804	1988	Unicorn-41888.exe	36
PID 1988 wrote to memory of 2804	1988	Unicorn-41888.exe	36
PID 1988 wrote to memory of 2804	1988	Unicorn-41888.exe	36
PID 2968 wrote to memory of 2036	2968	Unicorn-47888.exe	37
PID 2968 wrote to memory of 2036	2968	Unicorn-47888.exe	37
PID 2968 wrote to memory of 2036	2968	Unicorn-47888.exe	37
PID 2968 wrote to memory of 2036	2968	Unicorn-47888.exe	37
PID 2476 wrote to memory of 672	2476	Unicorn-41177.exe	38
PID 2476 wrote to memory of 672	2476	Unicorn-41177.exe	38
PID 2476 wrote to memory of 672	2476	Unicorn-41177.exe	38
PID 2476 wrote to memory of 672	2476	Unicorn-41177.exe	38
PID 2800 wrote to memory of 1452	2800	Unicorn-48765.exe	39
PID 2800 wrote to memory of 1452	2800	Unicorn-48765.exe	39
PID 2800 wrote to memory of 1452	2800	Unicorn-48765.exe	39
PID 2800 wrote to memory of 1452	2800	Unicorn-48765.exe	39
PID 2724 wrote to memory of 1580	2724	Unicorn-56959.exe	40
PID 2724 wrote to memory of 1580	2724	Unicorn-56959.exe	40
PID 2724 wrote to memory of 1580	2724	Unicorn-56959.exe	40
PID 2724 wrote to memory of 1580	2724	Unicorn-56959.exe	40
PID 2804 wrote to memory of 2932	2804	Unicorn-20731.exe	41
PID 2804 wrote to memory of 2932	2804	Unicorn-20731.exe	41
PID 2804 wrote to memory of 2932	2804	Unicorn-20731.exe	41
PID 2804 wrote to memory of 2932	2804	Unicorn-20731.exe	41
PID 2036 wrote to memory of 2304	2036	Unicorn-60270.exe	42
PID 2036 wrote to memory of 2304	2036	Unicorn-60270.exe	42
PID 2036 wrote to memory of 2304	2036	Unicorn-60270.exe	42
PID 2036 wrote to memory of 2304	2036	Unicorn-60270.exe	42
PID 2968 wrote to memory of 1932	2968	Unicorn-47888.exe	43
PID 2968 wrote to memory of 1932	2968	Unicorn-47888.exe	43
PID 2968 wrote to memory of 1932	2968	Unicorn-47888.exe	43
PID 2968 wrote to memory of 1932	2968	Unicorn-47888.exe	43

C:\Users\Admin\AppData\Local\Temp\c5bee411d5baecd331e27502bbe1d9c5.exe
"C:\Users\Admin\AppData\Local\Temp\c5bee411d5baecd331e27502bbe1d9c5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        8⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        8⤵
        Program crash
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        7⤵
        Program crash
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        7⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        10⤵
        Executes dropped EXE
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        10⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        9⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        8⤵
        Executes dropped EXE
        
        PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        7⤵
        
        PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        9⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        8⤵
        Executes dropped EXE
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 200
        8⤵
        Program crash
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe

Filesize
184KB

MD5
15aa84b5444fa86f1a86ef141b438311

SHA1
c9c2b0e5e40eb55f5d2081991b902b2aca5d63ee

SHA256
d0aa13ab37abd910b8a799af92c30f707f98de687ff7fe0765d8026d6e1fae3f

SHA512
0d1d01fc0cbf802a58c1dffd9e5de2a58dce4fdc286963277fd05416f8f0acc44a730fe083d79f54f08f4edd148375f60b1392d8cccf4c60f6971e13d76b1f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe

Filesize
184KB

MD5
e5a38f10d7c8ea2f3c6325f8f64febaf

SHA1
4c7124ecb8143125e8d84284574e468697214336

SHA256
c6c32bf0c460ba16b215db44011185c744c3a6bf45027f9d87ba3066880d6116

SHA512
55f7fd24bfbfaf4d450aa9721b5f933373d803a71b8035aefec3ad22f198862322175007bdce6ebb6288955e564330459e07fa959bc366059c280e9f59ac05cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe

Filesize
184KB

MD5
c9f03f96ce3119fdb396f208381ba454

SHA1
5ddd8470a699e7731b50060ba0162c9c8709e3b0

SHA256
366d235ccdbd9f349fde57b5458fe262daf6a05a2886c91478526c6174984001

SHA512
249fa25861eaf4a980fec9ffb678737be9a58e1e3379993646d9fd4a16e8f571f4d219e04adef97b31f0f1829c08565708ef2888943169953c533680090e3dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe

Filesize
184KB

MD5
5fb9a2b542d9ac2105df57d47c1eb485

SHA1
caf1d78acbe6ffadf051db2ad5f37a0b1579f7d9

SHA256
b219cd496021a7a5bdb7c293e32c994f896d9ac6a51f61be8a5c62d704c439a2

SHA512
e49775fd9341596fbf00088067b3df0f3b48c0797880cfd66da295e349cb05f0d5d72ed39f212f20bc3dada731f1e5bb02bf18f8bda190ed10745dc71ad72d90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe

Filesize
184KB

MD5
91780b06e678e53dbdedf0a9ad565dcd

SHA1
323838ef5ab556cb375bcef92ee20d0bd7c2034c

SHA256
fdf9ca219147076bc33dd5986eabc4eabca6f5163dab986576d8dafa5fdca0be

SHA512
c99dd5722a9840ca0b192c3012297d4def9dd742fa87118ea2a7a1675c9ee647dd2c109e7e1cd4b9e506229b57001e5a26aa96a51360d6fe909f9103129d8fdc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe

Filesize
184KB

MD5
2fd639e929adbd98fd14d94a7693cddf

SHA1
aa787bcb5e7ed868f8ddf6bc5caa5c8724434006

SHA256
0fece703a5a45195facbd4c4dd112f772c9120a7fe6a33a3e95e813c599b176e

SHA512
a281d507954d24c5a3a5ccce0306f11dc50d9c5de01e9c565838c3059316ad76f478b071f2b22be664e3485cb9387dcba8c6ec73f5043ce2ff0408640d0a85f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe

Filesize
184KB

MD5
03fe75dbddb8c724b7edad4579814edd

SHA1
f91ef84d72c1b7de3c5be7f2be11ae91c50f65c5

SHA256
840d4fdd6c61a9662f94a7be4b6963953bad068baa6bffe92d55f2b7d5687bc6

SHA512
6e4732509f76a25073387426b4c1ca87ba876af159e2224091538546d32a71d6f0e49e49aee414c4b386fc97b47dd730e705e0f0d3bd907973e0288d0d54f8b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe

Filesize
184KB

MD5
71ab6f2d566c19b269b6f2b89f80e8b7

SHA1
3bb387078002365c2e693fb8a6446f2daf56f64f

SHA256
8aa0dfd8477260f9eafa0b4db8384af31b71e1b03ae4c5159d559a0e8a7c7600

SHA512
0ae6123988953de4a7b88407644dcc1b3530a7c972514ad4fc577679792b5f23b09cbc7d4f51df4aa20149eab1a8a68f01c02850e22d57e7f0a680ef7cd615f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe

Filesize
184KB

MD5
baa0fd98463493dd4e81a50314c506c4

SHA1
a0ef151dee5bf18bb2cd1bcdd73d61b7123a5221

SHA256
81e5e65699b94d8391673b52fbadddb55f5cb4690b99e8d7740ec90dabacb960

SHA512
5aeb96849fc55fad6130dd17e3438cad49e1a8ea5ebeb2c32898773e36bb6e67d230ba75adaa5924222d00da87b887fd7aee0ef104da02b6f845ec41d51101f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-301.exe

Filesize
128KB

MD5
77558535aa8e842b56324fba6224f2d9

SHA1
2545ab601f239c2001d5166abb2dda1f4b012667

SHA256
e59fbd7df8db54ca2822ffaf70f00acae74e97c0a2741f8a40f6b9c555e55eb3

SHA512
b441064d9d46ee04074c22f930e488e4f4a3d960fc1a18ade6879c016c6a8c0802adc69320e604116d874f0607ce39d6d6c0f90346d23710b12bef358967eb5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-301.exe

Filesize
137KB

MD5
869b61cbfdc21cdaf6df9b016be843c2

SHA1
23297ad7f18ddfcd2848038fe293591fffaeddef

SHA256
f6986b2c06309e4ae4642d759336efc8838620b4197317ae56b0eddf810db591

SHA512
252c4ea803b3f69d43edd6a143c6e471ded48392b85304f9516d226df654afbe911884aee2cb533045e0e0c21a2d75d18b545113c112707d2842f67a9c9f3b04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-301.exe

Filesize
184KB

MD5
4e07660c5764371eb24086bd6cc8f885

SHA1
df9f5aba7c1607f7ac0941f8fff67e9164bc3ad8

SHA256
b3ab13c5f70553b4986e19abc9b6c2994824592680dbf1e7e1b13d447eb7f4ff

SHA512
fdce68463410fb9e82f99ff2303894bce2e69ecca5872f785a70b2717d5a68172dd205e4081cb38adad1b718ea6f0b600c984f26935cdbb0663c1066c5e2872d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe

Filesize
184KB

MD5
cf1008769951eb95f75e14a3b5b8f6b4

SHA1
7271a1f83157ad7a074dc42d483e29d2a55c3f6f

SHA256
253687ecc8a73136950423f88ed261b003bc5dda79660ffc09bd81545cacedd6

SHA512
9cace3f765b8903b8546c48beb60662dc7890719a509a9b27f64b64174a4eefc64d315f4b45914659654f5b098ffe5e339f52c6782270d74c46c4a7b818fc338

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe

Filesize
184KB

MD5
9f54ebe51731f0f062467425acb7048c

SHA1
a0c73f225ed1960ccbecc0a7be6f4c814d1d00ed

SHA256
10923b717f2e4a09cdb3e35b4d8d9c06f8c64ee368a243cd8cdd60189d62c12b

SHA512
bf2d74e16a3077e2d4a206547a872e33f7d2d54c21cd59e9ad99b438c4928a860d551ce1a9add3cbf6fdcc225b0eb79add4d40b00b6c3f11cfc3405f816e3418

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe

Filesize
184KB

MD5
48141aebf40eb0dd34998bfed82c5fe8

SHA1
f1d225f1fb35237b089b98365254a5451e5673ba

SHA256
2762436a777916f6a2a33f443aba082adccc56ec291ae4376918fed8fce13d62

SHA512
2d2e5640cb9c64f7d722d223ac0a094e96d220d5797876a8e175a7c695e74f50ed32d3a9fc259c05f963d113fbbd96d2d7429c604e8596b0da549e309c0d3e09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe

Filesize
184KB

MD5
b73cf0bdba73c85ab2cb4189eab45bed

SHA1
dee86f86626a07ec9fd4468a2be8a204d802e153

SHA256
e53a70a83fef19fa4808b66e7d284cdad82f1a22403ee302a2e0ff573d03bd6c

SHA512
48b1a4211ab554216d61c4c8a01e6dcdcee1a10e4c045a23e6e7e76afcac79f86d9a861b005e6412e83422015aeecf61ee78890572a121f9427cbc671af456c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe

Filesize
184KB

MD5
cfda015fb4c72eb372b0894c5a2bbf6d

SHA1
7299db782692f859988235a784cd083248d7e84d

SHA256
b1f54c4bd811ef136539cc548868f06089c37c7792fd99c4e6d7a437225bc5c0

SHA512
9d226f594bc7f82c48543bfa1d44a1fe503d68fbf6b7d41fcb1c17e05b85bdfb29fcf79141601b4235c57ca0a74bbb7cf6591a029fde5983978cc83df9c3e7a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe

Filesize
184KB

MD5
8aeb17db202f52998e3a13e86810ce23

SHA1
ca1b02bc5ccdf2b1c1c68e6b0eacc470ac46cde9

SHA256
b79796d4baa407f92e72319322fd0c08aed6f0992237ba44e2566ec8a768c11c

SHA512
9f557a719c839013136db7175f3578f43f0c528e7623d3b33c94628df7fa97defbc1d30887c86249bd4a1c9ff8dabb206ab04dbfc93afbb5191d97e017a96957

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe

Filesize
184KB

MD5
9e158139e36f0aa89d542aeb7c7fa90a

SHA1
82e44a3ea8ba286ce2d17a1e76e0c4555f6975df

SHA256
4190ee34801ff4972711a6312668e164cf3f2610e3d71cc38e250df608bd08fb

SHA512
d784e15e434892e52324a6a6c6caa45dd0d434535e78307d8af555cf96d7163f455ae56ef6198e6a1cbf60b336171873dab934ff3bc1c56f0b8156b4d328515a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads