e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1

Analysis

max time kernel
147s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
Size

184KB
MD5

d02a57f390c7e753c4e8e634607d73fd
SHA1

1f278746407eb9712e232dad7b896ba7127bf56b
SHA256

e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1
SHA512

beea1fde0d6ce98c70c57ca500248b2c8017b11182653f574101a4f8d6bac06b58bb7a8633d9a6a1b7c8932c23cc55d4eedae47f87c1ccc0fb6938212dc66dd6
SSDEEP

3072:OOj7fZoHRJVed+nxZ768ZCM6lvnqDni+9:OOho9a+nC8gM6lPqDni+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
2020	Unicorn-9182.exe
2492	Unicorn-31582.exe
2584	Unicorn-11716.exe
2600	Unicorn-240.exe
2800	Unicorn-52072.exe
2652	Unicorn-45912.exe
2400	Unicorn-46466.exe
2972	Unicorn-59843.exe
1984	Unicorn-26577.exe
2912	Unicorn-5043.exe
1596	Unicorn-7368.exe
2128	Unicorn-3756.exe
1900	Unicorn-23357.exe
2100	Unicorn-29521.exe
1676	Unicorn-52551.exe
2244	Unicorn-53859.exe
2088	Unicorn-41145.exe

Loads dropped DLL 44 IoCs

pid	Process
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
2020	Unicorn-9182.exe
2020	Unicorn-9182.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
2492	Unicorn-31582.exe
2584	Unicorn-11716.exe
2584	Unicorn-11716.exe
2492	Unicorn-31582.exe
2020	Unicorn-9182.exe
2020	Unicorn-9182.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
2020	Unicorn-9182.exe
2652	Unicorn-45912.exe
2652	Unicorn-45912.exe
2020	Unicorn-9182.exe
2400	Unicorn-46466.exe
2400	Unicorn-46466.exe
2600	Unicorn-240.exe
2600	Unicorn-240.exe
2584	Unicorn-11716.exe
2584	Unicorn-11716.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
2880	WerFault.exe
1188	WerFault.exe
2972	Unicorn-59843.exe
2972	Unicorn-59843.exe
2652	Unicorn-45912.exe
2652	Unicorn-45912.exe
1984	Unicorn-26577.exe
1984	Unicorn-26577.exe
2020	Unicorn-9182.exe
2020	Unicorn-9182.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2880	2800	WerFault.exe	31
1188	2492	WerFault.exe	29
900	2244	WerFault.exe	45
1732	1900	WerFault.exe	42
2164	2912	WerFault.exe	38
1564	2600	WerFault.exe	32
2592	2100	WerFault.exe	43
2132	1596	WerFault.exe	39

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
2020	Unicorn-9182.exe
2492	Unicorn-31582.exe
2584	Unicorn-11716.exe
2652	Unicorn-45912.exe
2600	Unicorn-240.exe
2800	Unicorn-52072.exe
2400	Unicorn-46466.exe
2972	Unicorn-59843.exe
1984	Unicorn-26577.exe
1596	Unicorn-7368.exe
2912	Unicorn-5043.exe
2128	Unicorn-3756.exe
1900	Unicorn-23357.exe
2100	Unicorn-29521.exe
2088	Unicorn-41145.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 2020	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	28
PID 112 wrote to memory of 2020	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	28
PID 112 wrote to memory of 2020	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	28
PID 112 wrote to memory of 2020	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	28
PID 2020 wrote to memory of 2492	2020	Unicorn-9182.exe	29
PID 2020 wrote to memory of 2492	2020	Unicorn-9182.exe	29
PID 2020 wrote to memory of 2492	2020	Unicorn-9182.exe	29
PID 2020 wrote to memory of 2492	2020	Unicorn-9182.exe	29
PID 112 wrote to memory of 2584	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	30
PID 112 wrote to memory of 2584	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	30
PID 112 wrote to memory of 2584	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	30
PID 112 wrote to memory of 2584	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	30
PID 2584 wrote to memory of 2600	2584	Unicorn-11716.exe	32
PID 2584 wrote to memory of 2600	2584	Unicorn-11716.exe	32
PID 2584 wrote to memory of 2600	2584	Unicorn-11716.exe	32
PID 2584 wrote to memory of 2600	2584	Unicorn-11716.exe	32
PID 2492 wrote to memory of 2800	2492	Unicorn-31582.exe	31
PID 2492 wrote to memory of 2800	2492	Unicorn-31582.exe	31
PID 2492 wrote to memory of 2800	2492	Unicorn-31582.exe	31
PID 2492 wrote to memory of 2800	2492	Unicorn-31582.exe	31
PID 2020 wrote to memory of 2652	2020	Unicorn-9182.exe	33
PID 2020 wrote to memory of 2652	2020	Unicorn-9182.exe	33
PID 2020 wrote to memory of 2652	2020	Unicorn-9182.exe	33
PID 2020 wrote to memory of 2652	2020	Unicorn-9182.exe	33
PID 112 wrote to memory of 2400	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	34
PID 112 wrote to memory of 2400	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	34
PID 112 wrote to memory of 2400	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	34
PID 112 wrote to memory of 2400	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	34
PID 2652 wrote to memory of 2972	2652	Unicorn-45912.exe	36
PID 2652 wrote to memory of 2972	2652	Unicorn-45912.exe	36
PID 2652 wrote to memory of 2972	2652	Unicorn-45912.exe	36
PID 2652 wrote to memory of 2972	2652	Unicorn-45912.exe	36
PID 2020 wrote to memory of 1984	2020	Unicorn-9182.exe	35
PID 2020 wrote to memory of 1984	2020	Unicorn-9182.exe	35
PID 2020 wrote to memory of 1984	2020	Unicorn-9182.exe	35
PID 2020 wrote to memory of 1984	2020	Unicorn-9182.exe	35
PID 2400 wrote to memory of 2912	2400	Unicorn-46466.exe	38
PID 2400 wrote to memory of 2912	2400	Unicorn-46466.exe	38
PID 2400 wrote to memory of 2912	2400	Unicorn-46466.exe	38
PID 2400 wrote to memory of 2912	2400	Unicorn-46466.exe	38
PID 2600 wrote to memory of 1596	2600	Unicorn-240.exe	39
PID 2600 wrote to memory of 1596	2600	Unicorn-240.exe	39
PID 2600 wrote to memory of 1596	2600	Unicorn-240.exe	39
PID 2600 wrote to memory of 1596	2600	Unicorn-240.exe	39
PID 2584 wrote to memory of 2128	2584	Unicorn-11716.exe	40
PID 2584 wrote to memory of 2128	2584	Unicorn-11716.exe	40
PID 2584 wrote to memory of 2128	2584	Unicorn-11716.exe	40
PID 2584 wrote to memory of 2128	2584	Unicorn-11716.exe	40
PID 112 wrote to memory of 1900	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	42
PID 112 wrote to memory of 1900	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	42
PID 112 wrote to memory of 1900	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	42
PID 112 wrote to memory of 1900	112	e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe	42
PID 2800 wrote to memory of 2880	2800	Unicorn-52072.exe	37
PID 2800 wrote to memory of 2880	2800	Unicorn-52072.exe	37
PID 2800 wrote to memory of 2880	2800	Unicorn-52072.exe	37
PID 2800 wrote to memory of 2880	2800	Unicorn-52072.exe	37
PID 2492 wrote to memory of 1188	2492	Unicorn-31582.exe	41
PID 2492 wrote to memory of 1188	2492	Unicorn-31582.exe	41
PID 2492 wrote to memory of 1188	2492	Unicorn-31582.exe	41
PID 2492 wrote to memory of 1188	2492	Unicorn-31582.exe	41
PID 2972 wrote to memory of 2100	2972	Unicorn-59843.exe	43
PID 2972 wrote to memory of 2100	2972	Unicorn-59843.exe	43
PID 2972 wrote to memory of 2100	2972	Unicorn-59843.exe	43
PID 2972 wrote to memory of 2100	2972	Unicorn-59843.exe	43

C:\Users\Admin\AppData\Local\Temp\e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe
"C:\Users\Admin\AppData\Local\Temp\e845124617502a2ba329003fd88876a27925f8f88d5bee32a0581362e919cbf1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2880
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 248
      4⤵
      Loads dropped DLL
      Program crash
      PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        6⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        6⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        6⤵
        Program crash
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        5⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        5⤵
        
        PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
      4⤵
      Executes dropped EXE
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
      4⤵
      PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
      4⤵
      PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
      4⤵
      Executes dropped EXE
      PID:2244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Program crash
        
        PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
      4⤵
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      4⤵
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13386.exe
      4⤵
      PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
      4⤵
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
      4⤵
      PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27723.exe
      4⤵
      PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      4⤵
      PID:332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
    3⤵
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
    3⤵
    PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
    3⤵
    PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
    3⤵
    PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
    3⤵
    PID:2892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        5⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        6⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21166.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        6⤵
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        6⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        5⤵
        Program crash
        
        PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
      4⤵
      PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
      4⤵
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
      4⤵
      PID:2968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 220
      4⤵
      Program crash
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      4⤵
      PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
    3⤵
    PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
    3⤵
    PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
    3⤵
    PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
    3⤵
    PID:3016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        5⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        5⤵
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        5⤵
        
        PID:2780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
      4⤵
      Program crash
      PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
    3⤵
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
    3⤵
    PID:1904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
    3⤵
    PID:500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
    3⤵
    - Program crash
    PID:1732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
  2⤵
  PID:2824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
  2⤵
  PID:2360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
  2⤵
  PID:2280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
  2⤵
  PID:2228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6784.exe
  2⤵
  PID:1068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
  2⤵
  PID:884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
  2⤵
  PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
  2⤵
  PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
  2⤵
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe

Filesize
184KB

MD5
bf5c2018212e2f5714452e579a208185

SHA1
c9d98a2073baa0ad01c08841d4d62fcd28cb9ab8

SHA256
b88dce37743942e25560caabd875b6e71dc54cb15fc74b336e863f0ec1434e20

SHA512
05d3ff4f85e03cd3f450188ffc62f445355a878134496fafd8384d560ee732c3d166967de4d513b965497847940ca3e313776bdeb56c96cab287f9aa93b52d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29035.exe

Filesize
64KB

MD5
9d8d2d853b4dc4a955a4247d025118a2

SHA1
be5a2c8d360451b46acc85824cd009b00469affb

SHA256
522c48d6241b963120d9c24ec6e6e42e0c0f7b48dd44315302cefebd19b4cd4c

SHA512
9c61fd5c82431fcedb666cb8aef454c4b31d9fad21c22a6b1ffb55f127963bd6afb3f970c74d70934f98e1d33b9f2952b444ebe034bee4fc86caf81fec0acb6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe

Filesize
184KB

MD5
90de236a3c5241aa1e3fda69345b490b

SHA1
71d03cf44116a19afcd64565edc8af5a89a867c3

SHA256
eb973e138d9f9fdc96436fb46a1a4687f00e332ad7af09c95e98fc7e06312b8b

SHA512
ce7052c042320ebb0c7e02604ab321860e9d29138c42b91c282bbd54fdef0760c4d90b1703cb927d1735970613da362fba1ac1801b4e19b9cb4cfc9007391e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe

Filesize
184KB

MD5
51f42a82944eae32e46eaa5ae5a6e30d

SHA1
bd0474b1b744fbfe950bd0da1da555ea8a53cf8c

SHA256
fc4db82b0cbbae3e05b4f73383ae8e68754710de45b4430312b575bbf08cf012

SHA512
a47584b50b2eddeb870443225d458c4cb7a3465c40c93261aaf38ead3814dbe07a9d57bbd7627c0b01b42a92698a05800a6f9872a070ea67297ddb5ba12ed3ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe

Filesize
184KB

MD5
2909a1aa52b42c975c0aab4e323e2c3d

SHA1
1bcadd788675a8663a804eec923c21fcdb94a046

SHA256
8590c826b22171fb71250ab3111072ff04db4370d4cfdc66172cb42d774a6db2

SHA512
7fb8b2b49d79c8c6263a302e97ce953aaf56c6ed7f76fae24e6add24833b3e4d184aa93ea089121587035a60e0e7e65bcde70fbb36edf7fe3edf5d2e747f98d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe

Filesize
184KB

MD5
aac44549a456144e8c066b6aa9a230e8

SHA1
fdebe27fb5e5f0566ef80710437b05b237e19e96

SHA256
5d3dee539eda9075170346dd4df46b642c25b9ef459a1e4e992d0a0e6ddd98d3

SHA512
c25979a04578203ffa8cbf1fa21bfc6e31a94051c98159fee9df28f1f4dbb60e86762093bbcda5d2848fcfc294baa646746936db2accdb5f63a8306e7224af0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe

Filesize
128KB

MD5
b2d3ff885479e0de9801b371591dd2d3

SHA1
939f4db6168c496c7764f2f1d1a91d8d1bae5851

SHA256
b980f60da63bb4e2270b1bf78e51ab2bd80e22c526e8bd11ad5636b051e65dae

SHA512
d49c1e6cbe91fe86d5b8ef084d664a2c6721198f9dc7bf52af49b94d933256c31d4a0a816063c06cfbd768a80166205d9609d3a5085e473402dc9a15b478b37c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe

Filesize
184KB

MD5
de2837c4876087841f43c220577db1d3

SHA1
e649a762c6c0e00849a8d68f12de4d1f8c690120

SHA256
3593890b4700b377473b8cd67eefc4b4877ad378cc17e4ffd02ed2f9004d017f

SHA512
06e1ddc4357d03eecd811fa4acd4e57bfd99731fd9816bbec71f7b57a23dd25f91f0e86d423c5fa684ce6bf88b6fcf0b9cdc49ba2e36a31c127b2094280320d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-240.exe

Filesize
184KB

MD5
6c21afa24e6dd9e1e2de956c0bd45ab5

SHA1
4a75f7b348cff890a3fca10de2411870c4a1ab5f

SHA256
4d4db0fe434e3cb5981e35fe79d837a7e4f982b167953d7eb79b488b1d69a604

SHA512
a17862d2b3ffdc77f1e409cdcc15356184b6bf97d2f72fb03bed93140fe0a69c79db3028ecbc9222440dfaf9525d5589ab4d74bd8ad489a6aba9f69ed3361ba5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe

Filesize
184KB

MD5
c94aa90c1f5f5b4c1eeb1d0da19ce739

SHA1
07297a6a2acb042c714240049b98c0238ddb46b7

SHA256
986c4e83f74167c0950f8e6ca96892d4e74fcba67cb80a016823bc7f16aee87a

SHA512
af5d8b496aaf23ccf2a3da29514bb5c0e1d3c2f43e0f2d08b1f2a3dc5c25fa97c3f3a21b9089fe75c9f8ae0fd560150c0d7b623fe4cc1343e71a79345722a16a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe

Filesize
184KB

MD5
09c7f3bcb70439d6ddb2372514727820

SHA1
753ed24bf210c63bc213bb849e42d6143e578d5e

SHA256
fc91acb2df9e4d575ffed08f73f4692eb292d3e2248986d5e5d4b22eef8359b7

SHA512
cf0347c7e3fdd39288d134b22f714276801d6c226705027cfa8b904ca17866fbc70915ad47d44b764f09c130c242afee43dcda9229563cedf2078ad22498fda5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe

Filesize
184KB

MD5
4a109125e40bf637a4c7f00432033d0c

SHA1
b39e5ed481c8a87d3d665379a2390ef244d48ada

SHA256
2cdc55c113fb483f4fa3ff007b7d5d035d421147078c69a4a21a789e1fe03ba7

SHA512
8edd99a0ce3b7c391338639bd189b9f970df89cd32b671ebfa159b0542db2cca65ff78a6c821855ab8ecca0b20e337ae5b46f97951e263f7a0518160027880d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe

Filesize
184KB

MD5
2592321f27e8286c4bda8504382b98cf

SHA1
200e4299ef183b153243a89b2b1ce9679f558db5

SHA256
331f213deece470f6d3c91a728c998f337146d0c41ed799468b2d23720f653dc

SHA512
3c669180be3b8265c01ede4e0ce513f2e6979eb1d4972b27611d9658b587eb45954f01d18717ea47181c3f9cc9f061d1b5c794d7ae2806ae056cf8c347d7f359

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe

Filesize
64KB

MD5
6d30a73df918685ab788baa9bf694c4f

SHA1
ad1ce585905a0fc254558b062da89c7db588454a

SHA256
e51e11703ba07338ccdf0c1d411de285be89531634bb3bfb03f11fd4f39085be

SHA512
76ccbbec3ab2a66352329c47f3dbdfb6bccb595edf23359378be1e2af797b361c31ce1f8d4dba6fe38b8cb6a5216cefbeb098f07a3cb96eb1a053d3a8599ecaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe

Filesize
184KB

MD5
59e030a80a8ca9e20326557d76e6434f

SHA1
236629abbb59735bc3fdbc04fc8624914758bf0b

SHA256
f6351dbae2166ba7eedcc21b0f48c893d27d58e7789369eb82b991705803385a

SHA512
c320a3661ec0d8e485e38083d3e23c3b3d1d6c20c4dc8dea6a6f8674b66acf45cc16f570d0d54a90cf53eda9f490ceb00c59f5e9df4db90dd71c33de582f9f7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe

Filesize
184KB

MD5
7f5a7564a214e4838f005d0d1d0e501f

SHA1
c7125269681c7aeb274c169bd0d5ddf80b188e04

SHA256
2d9f252c312bde6f0caea2a02f3c0ef54729b71283ddcd5325bc6b651be6b2ba

SHA512
34f1bc4be15a302239975b86d36f28104b8881b0adbc58bb44b0116b7c5f838f40514a4e7e798a4107c6c809586a6d40732ac1ce4b6aa14c2d1544fe3ccaef84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe

Filesize
184KB

MD5
6684f1d9e907e699bb6846ebce7be6af

SHA1
c940e986ab505a163ddfe9d22191349feee07aca

SHA256
d416b9e4553fbc3e6b17fe915ac1432965c80de6b0507f77154e120b06a82d5b

SHA512
e6de4977a7e4a7480f181c2a3eec3277da0ed4b494aed21b7fc6969dc921bb1787d84d105a6ad874839ef815484ffe53e195b7b8af62a9764c024498aa5b32a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe

Filesize
184KB

MD5
a1e66c4d077ca7afc4a109fbb9751788

SHA1
b6f72310e7f95a29c09f1ea078b41abe743e708c

SHA256
87a0ce3ef637e0b631e9d23c6a8bd15483de6c3ad5ec92937db60027360d6629

SHA512
42d5c594c443c63efb5a8c7fcc1fda4b0fc7cf9d08ac240b48f524e9736e46b12a013118d3fd4ff79929a1f4370e9e309f86c2962f53185c988994a7d48113a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe

Filesize
184KB

MD5
755fef47a06645ca174790a051f2730b

SHA1
47c5f8e43e4c6f1c5a38479fbbf05f52324b2c4f

SHA256
dfc7c1c0b431dd18ed4cb29e48783e08532dbc5013b97d69428f3de0d0265931

SHA512
ac1d46d5988561b5f93840f30e396f1c74dac0517a5e19ad29f157e4f8fc6605ab87df6ffdf9613fd1eee11f3447bb71aa8bfefc6590ff941cefdae08615499b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads